Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://seclists.org/oss-sec/2015/q1/427
http://www.securityfocus.com/bid/72510
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
https://issues.apache.org/jira/browse/AMQ-5333
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2014-0075 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2022-43441 Vulnerability in npm package sqlite3
CVE-2022-31147 Vulnerability in maven package org.webjars:jquery-validation
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-embed
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core