CVE-2014-3579

9.8CRITICAL

Key Information:

Vendor: Apache
Status: ActiveMQ Apollo
Vendor: CVE Published:; 27 October 2017

Summary

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

References

http://www.securityfocus.com/bid/72508

vdb-entryx_refsource_BID

http://seclists.org/oss-sec/2015/q1/428

mailing-listx_refsource_MLIST

https://exchange.xforce.ibmcloud.com/vulnerabilities/100721

vdb-entryx_refsource_XF

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2017
Vulnerability Reserved
May 14, 2014