Lucene search
GitHub Advisory DatabaseGHSA-4VHF-2HV7-8MRXHistoryMay 14, 2022 - 1:14 a.m.
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
2022-05-1401:14:52
CWE-611
GitHub Advisory Database
github.com
7
0.008 Low
EPSS
Percentile
81.4%
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.activemq:activemq-broker | lt | 5.10.1 | |
| org.apache.activemq:activemq-client | lt | 5.10.1 |
References
activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
seclists.org/oss-sec/2015/q1/427
exchange.xforce.ibmcloud.com/vulnerabilities/100722
github.com/advisories/GHSA-4vhf-2hv7-8mrx
github.com/apache/activemq/commit/3e5ac6326db59f524a0e71f6b717428607d7b67d
issues.apache.org/jira/browse/AMQ-5333
lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2014-3600
Related
ibm
ibm
Security Bulletin: A security vulnerability has been identified in Jazz for Service Management shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2014-3600)
2018-06-17 15:48:33
cvelist
cvelist
CVE-2014-3600
2017-10-27 19:00:00
ubuntucve
ubuntucve
CVE-2014-3600
2017-10-27 00:00:00
debiancve
debiancve
CVE-2014-3600
2017-10-27 19:29:00
cve
cve
CVE-2014-3600
2017-10-27 19:29:00
prion
prion
Xxe
2017-10-27 19:29:00
osv
osv
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
2022-05-14 01:14:52
activemq - security update
2015-08-07 00:00:00
redhat
redhat
debian
debian
[SECURITY] [DSA 3330-1] activemq security update
2015-08-07 21:08:55
securityvulns
securityvulns
[SECURITY] [DSA 3330-1] activemq security update
2015-08-24 00:00:00
openvas
openvas
Debian Security Advisory DSA 3330-1 (activemq - security update)
2015-08-07 00:00:00
Debian: Security Advisory (DSA-3330-1)
2015-08-06 00:00:00
Apache ActiveMQ < 5.10.1 Multiple Security Vulnerabilities - Linux
2017-11-07 00:00:00
nessus
nessus
Debian DSA-3330-1 : activemq - security update
2015-08-13 00:00:00
Apache ActiveMQ 5.x < 5.10.1 / 5.11.0 Multiple Vulnerabilities
2015-02-16 00:00:00
Apache ActiveMQ 5.x < 5.10.1 Multiple Vulnerabilities
2015-10-22 00:00:00