XML External Entity Vulnerability in Apache ActiveMQ Apollo from Apache
CVE-2014-3579

9.8CRITICAL

Key Information:

Vendor
Apache
Status
ActiveMQ Apollo
Vendor
CVE Published:
27 October 2017

Summary

The XML External Entity (XXE) vulnerability in Apache ActiveMQ Apollo versions prior to 1.7.1 allows remote consumers to manipulate XML messages through an XPath-based selector. This vulnerability can lead to unintended consequences due to improper handling of XML input, potentially compromising system integrity and confidentiality.

References

http://www.securityfocus.com/bid/72508
vdb-entryx_refsource_BID
http://seclists.org/oss-sec/2015/q1/428
mailing-listx_refsource_MLIST
https://exchange.xforce.ibmcloud.com/vulnerabilities/100721
vdb-entryx_refsource_XF

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.