XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
References
Link | Resource |
---|---|
http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt | Vendor Advisory |
http://seclists.org/oss-sec/2015/q1/428 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/72508 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/100721 | Issue Tracking Third Party Advisory VDB Entry |
https://issues.apache.org/jira/browse/APLO-366 | Issue Tracking Third Party Advisory |
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-10-27T19:00:00
Updated: 2019-03-27T19:06:05
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3579
JSON object: View
NVD Information
Status : Modified
Published: 2017-10-27T19:29:00.190
Modified: 2023-11-07T02:20:14.100
Link: CVE-2014-3579
JSON object: View
Redhat Information
No data.
CWE