22 matches found
ActiveMQ: XXE via XPath expression evaluation
It was discovered that Apache ActiveMQ performed XML External Entity XXE expansion when evaluating XPath expressions. A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ broker could use this flaw to read files accessible ...
ActiveMQ: XXE via XPath expression evaluation
It was discovered that Apache ActiveMQ performed XML External Entity XXE expansion when evaluating XPath expressions. A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ broker could use this flaw to read files accessible ...