CVE-2014-3579: XEE
First published: Fri Oct 27 2017(Updated: )
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.activemq:apollo-project | >=1.0.0<1.7.1 | 1.7.1 |
| Apache ActiveMQ Apollo | =1.0 | |
| Apache ActiveMQ Apollo | =1.1 | |
| Apache ActiveMQ Apollo | =1.2 | |
| Apache ActiveMQ Apollo | =1.3 | |
| Apache ActiveMQ Apollo | =1.4 | |
| Apache ActiveMQ Apollo | =1.5 | |
| Apache ActiveMQ Apollo | =1.6 | |
| Apache ActiveMQ Apollo | =1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2014-3579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100721
- https://issues.apache.org/jira/browse/APLO-366
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt
- https://web.archive.org/web/20150213000202/http://seclists.org/oss-sec/2015/q1/428
- https://web.archive.org/web/20200228080433/http://www.securityfocus.com/bid/72508
- https://github.com/advisories/GHSA-wmhw-hpwh-44pg (Advisory)
- http://seclists.org/oss-sec/2015/q1/428
- http://www.securityfocus.com/bid/72508
- https://github.com/apache/activemq-apollo/commit/e5647554e6801a522c508a8eb457979a9af8c398
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/references
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wmhw-hpwh-44pg
- alias/CVE-2014-3579
- agent/last-modified-date
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache activemq apollo
- version/apache activemq apollo/1.0
- version/apache activemq apollo/1.1
- version/apache activemq apollo/1.2
- version/apache activemq apollo/1.3
- version/apache activemq apollo/1.4
- version/apache activemq apollo/1.5
- version/apache activemq apollo/1.6
- version/apache activemq apollo/1.7
- package-manager/maven