CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-core

Description

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt

http://seclists.org/oss-sec/2015/q1/427

http://www.securityfocus.com/bid/72510

https://exchange.xforce.ibmcloud.com/vulnerabilities/100722

https://issues.apache.org/jira/browse/AMQ-5333

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2022-24785 Vulnerability in maven package org.webjars.npm:moment

CVE-2022-24847 Vulnerability in maven package org.geoserver:gs-main

CVE-2017-12620 Vulnerability in maven package org.apache.opennlp:opennlp-tools

CVE-2022-34213 Vulnerability in maven package org.jenkins-ci.plugins:squashtm-publisher

CVE-2019-1003045 Vulnerability in maven package de.eacg:ecs-publisher

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H