XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt
exchange.xforce.ibmcloud.com/vulnerabilities/100721
github.com/apache/activemq-apollo
github.com/apache/activemq-apollo/commit/e5647554e6801a522c508a8eb457979a9af8c398
issues.apache.org/jira/browse/APLO-366
lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2014-3579
web.archive.org/web/20150213000202/seclists.org/oss-sec/2015/q1/428
web.archive.org/web/20200228080433/www.securityfocus.com/bid/72508