CVE-2014-3600

CWE-611 — XML External Entity (XXE)10 documents8 sources

Severity

9.8CRITICAL

EPSS

0.5%

top 33.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq

Timeline

PublishedOct 27

Latest updateMay 14

Description

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶Mavenorg.apache.activemq:activemq-broker5.0.0 — 5.10.1

▶Mavenorg.apache.activemq:activemq-client5.0.0 — 5.10.1

▶NVDapache/activemq18 versions+17

▶Debianactivemq< 5.6.0+dfsg1-4+2

🔴Vulnerability Details

OSV

Improper Restriction of XML External Entity Reference in Apache ActiveMQ↗2022-05-14

▶

GHSA

Improper Restriction of XML External Entity Reference in Apache ActiveMQ↗2022-05-14

▶

OSV

CVE-2014-3600: XML external entity (XXE) vulnerability in Apache ActiveMQ 5↗2017-10-27

▶

CVEList

CVE-2014-3600: XML external entity (XXE) vulnerability in Apache ActiveMQ 5↗2017-10-27

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - Memory Corruption (PoC) (MS14-029)↗2014-08-28

▶

📋Vendor Advisories

Red Hat

ActiveMQ: XXE via XPath expression evaluation↗2015-02-05

▶

Debian

CVE-2014-3600: activemq - XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 all...↗2014

▶

💬Community

Bugzilla

CVE-2014-3600 Apache ActiveMQ: XXE via XPath expression evaluation↗2014-08-25

▶