CVE-2014-3629XML External Entity (XXE) Injection in Apache Qpid

CWE-196 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.7%
top 17.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Qpid
Timeline
PublishedNov 17
Latest updateMay 14

Description

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/qpid0.30

🔴Vulnerability Details

3
GHSA
GHSA-mm2c-whrj-39qm: XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 02022-05-14
OSV
CVE-2014-3629: XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 02014-11-17
CVEList
CVE-2014-3629: XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 02014-11-17

📋Vendor Advisories

1
Red Hat
qpid-cpp: XXE vulnerability causes outgoing HTTP connections2014-11-07

💬Community

1
Bugzilla
CVE-2014-3629 qpid-cpp: XXE vulnerability causes outgoing HTTP connections2014-11-17
CVE-2014-3629 — XML External Entity (XXE) Injection | cvebase