1. Home
  2. Vulnerabilities
  3. CVE-2014-3579

CVE-2014-3579

CVSS v3.0 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 0.56 % (78th)
0.56% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Weaknesses
CWE-611
Improper Restriction of XML External Entity Reference
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2017-10-27 19:29:00
(6 years ago)
Updated Date
2023-11-07 02:20:14
(10 months ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Activemq Apollo 1.0 cpe:2.3:a:apache:activemq_apollo:1.0
  Apache Activemq Apollo 1.1 cpe:2.3:a:apache:activemq_apollo:1.1
  Apache Activemq Apollo 1.2 cpe:2.3:a:apache:activemq_apollo:1.2
  Apache Activemq Apollo 1.3 cpe:2.3:a:apache:activemq_apollo:1.3
  Apache Activemq Apollo 1.4 cpe:2.3:a:apache:activemq_apollo:1.4
  Apache Activemq Apollo 1.5 cpe:2.3:a:apache:activemq_apollo:1.5
  Apache Activemq Apollo 1.6 cpe:2.3:a:apache:activemq_apollo:1.6
  Apache Activemq Apollo 1.7 cpe:2.3:a:apache:activemq_apollo:1.7