XML External Entity Vulnerability in Apache ActiveMQ by Apache
CVE-2014-3600

9.8CRITICAL

Key Information:

Vendor

Apache
Status
ActiveMQ
Vendor
CVE Published:
27 October 2017

What is CVE-2014-3600?

An XML external entity vulnerability in Apache ActiveMQ versions prior to 5.10.1 allows remote consumers to exploit this weakness through XPath-based selectors during the dequeuing of XML messages. This could lead to unspecified impacts, compromising the integrity and confidentiality of the system by allowing unauthorized access to sensitive information within the XML messages.

References

http://seclists.org/oss-sec/2015/q1/427
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/72510
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
vdb-entryx_refsource_XF

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.