CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-core

Description

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt

http://seclists.org/oss-sec/2015/q1/427

http://www.securityfocus.com/bid/72510

https://exchange.xforce.ibmcloud.com/vulnerabilities/100722

https://issues.apache.org/jira/browse/AMQ-5333

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2022-23302 Vulnerability in maven package log4j:log4j

CVE-2022-2079 Vulnerability in npm package nocodb

CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote

CVE-2019-0225 Vulnerability in maven package org.apache.jspwiki:jspwiki-builder

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H