XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt - Vendor Advisory | |
References | () http://seclists.org/oss-sec/2015/q1/428 - Mailing List, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/72508 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/100721 - Issue Tracking, Third Party Advisory, VDB Entry | |
References | () https://issues.apache.org/jira/browse/APLO-366 - Issue Tracking, Third Party Advisory | |
References | () https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E - |
Information
Published : 2017-10-27 19:29
Updated : 2024-11-21 02:08
NVD link : CVE-2014-3579
Mitre link : CVE-2014-3579
CVE.ORG link : CVE-2014-3579
JSON object : View
Products Affected
apache
- activemq_apollo
CWE
CWE-611
Improper Restriction of XML External Entity Reference