CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-broker

Description

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt

http://seclists.org/oss-sec/2015/q1/427

http://www.securityfocus.com/bid/72510

https://exchange.xforce.ibmcloud.com/vulnerabilities/100722

https://issues.apache.org/jira/browse/AMQ-5333

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common

CVE-2022-25872 Vulnerability in npm package fast-string-search

CVE-2023-32313 Vulnerability in maven package org.webjars.npm:vm2

CVE-2023-1108 Vulnerability in maven package io.undertow:undertow-core

CVE-2021-33609 Vulnerability in maven package com.vaadin:vaadin-server

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H