Vulnerability Description
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Activemq Apollo | 1.0 |
Related Weaknesses (CWE)
References
- http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.tVendor Advisory
- http://seclists.org/oss-sec/2015/q1/428Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/72508Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100721Issue TrackingThird Party AdvisoryVDB Entry
- https://issues.apache.org/jira/browse/APLO-366Issue TrackingThird Party Advisory
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65
- http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.tVendor Advisory
- http://seclists.org/oss-sec/2015/q1/428Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/72508Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100721Issue TrackingThird Party AdvisoryVDB Entry
- https://issues.apache.org/jira/browse/APLO-366Issue TrackingThird Party Advisory
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65
FAQ
What is CVE-2014-3579?
CVE-2014-3579 is a vulnerability with a CVSS score of 9.8 (CRITICAL). XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML m...
How severe is CVE-2014-3579?
CVE-2014-3579 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-3579?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Activemq Apollo.