XML External Entity Vulnerability in Apache Qpid by The Apache Software Foundation
CVE-2014-3629

Currently unrated

Key Information:

Vendor: Apache
Status: Qpid
Vendor: CVE Published:; 17 November 2014

Summary

An XML external entity (XXE) vulnerability exists in the XML Exchange module of Apache Qpid 0.30. This flaw allows remote attackers to exploit crafted XML messages to induce the application to initiate outgoing HTTP requests. Successful exploitation could lead to exposure of sensitive information or other adverse effects on system integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98575

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/533943/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/71004

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 17, 2014
Vulnerability Reserved
May 14, 2014