CVE-2014-3600
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Known Affected Software
18 configuration(s) from 1 vendor(s)
activemq
Version:
5.4.2
CPE:
cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
activemq
Version:
5.3.0
CPE:
cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
activemq
Version:
5.4.3
CPE:
cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
activemq
Version:
5.0.0
CPE:
cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
activemq
Version:
5.3.2
CPE:
cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
activemq
Version:
5.9.0
CPE:
cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
activemq
Version:
5.8.0
CPE:
cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
activemq
Version:
5.10.0
CPE:
cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
activemq
Version:
5.4.1
CPE:
cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
activemq
Version:
5.2.0
CPE:
cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
activemq
Version:
5.3.1
CPE:
cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
activemq
Version:
5.7.0
CPE:
cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
activemq
Version:
5.9.1
CPE:
cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
activemq
Version:
5.1.0
CPE:
cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
activemq
Version:
5.5.1
CPE:
cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
activemq
Version:
5.5.0
CPE:
cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
activemq
Version:
5.4.0
CPE:
cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
activemq
Version:
5.6.0
CPE:
cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
This vulnerability affects 18 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txtsecalert@redhat.com Vendor Advisory
-
http://seclists.org/oss-sec/2015/q1/427secalert@redhat.com Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/72510secalert@redhat.com Third Party Advisory VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722secalert@redhat.com Third Party Advisory VDB Entry
-
https://issues.apache.org/jira/browse/AMQ-5333secalert@redhat.com Issue Tracking Third Party Advisory
-
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Esecalert@redhat.com
-
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txtaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://seclists.org/oss-sec/2015/q1/427af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/72510af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://issues.apache.org/jira/browse/AMQ-5333af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory
-
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-611
Improper Restriction of XML External Entity Reference
- Description
- The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- October 27, 2017
