Improper Restriction of XML External Entity Reference in Apache ActiveMQ

GHSA-4vhf-2hv7-8mrx · CVE-2014-3600

Published May 14, 2022 · Modified Feb 21, 2024

Description

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3600
WEB https://github.com/apache/activemq/commit/3e5ac6326db59f524a0e71f6b717428607d7b67d
WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
WEB https://github.com/apache/activemq
WEB https://issues.apache.org/jira/browse/AMQ-5333
WEB https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
WEB http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
WEB http://seclists.org/oss-sec/2015/q1/427

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes