Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-3600

Published: 27/10/2017 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x prior to 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Vulnerable Product Search on Vulmon Subscribe to Product

apache activemq 5.3.0

apache activemq 5.8.0

apache activemq 5.4.3

apache activemq 5.4.0

apache activemq 5.5.1

apache activemq 5.4.1

apache activemq 5.9.0

apache activemq 5.3.1

apache activemq 5.2.0

apache activemq 5.7.0

apache activemq 5.0.0

apache activemq 5.10.0

apache activemq 5.1.0

apache activemq 5.5.0

apache activemq 5.3.2

apache activemq 5.9.1

apache activemq 5.6.0

apache activemq 5.4.2

Vendor Advisories

Red Hat: Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 security update
Synopsis Important: Fuse ESB Enterprise/Fuse MQ Enterprise 710 security update Type/Severity Security Advisory: Important Topic Fuse ESB Enterprise/MQ Enterprise 710 R1 P8 (Patch 8 on Rollup Patch 1),which fixes two security issues, is now available from the Red Hat CustomerPortalRed Hat Product Securi ...
Debian CVElist Bug Report Logs: CVE-2014-3576
Debian Bug report logs - #792857 CVE-2014-3576 Package: src:activemq; Maintainer for src:activemq is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 19 Jul 2015 12:48:01 UTC Severity: grave Tags: jessie, security, sid, stretch, wheezy ...
Debian CVElist Bug Report Logs: activemq: CVE-2014-8110 CVE-2014-3612 CVE-2014-3600
Debian Bug report logs - #777196 activemq: CVE-2014-8110 CVE-2014-3612 CVE-2014-3600 Package: activemq; Maintainer for activemq is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for activemq is src:activemq (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fr ...
Red Hat: CVE-2014-3600
It was discovered that Apache ActiveMQ performed XML External Entity (XXE) expansion when evaluating XPath expressions A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ broker could use this flaw to read files accessible to the user running the broker, and potentially per ...

References

CWE-611https://issues.apache.org/jira/browse/AMQ-5333https://exchange.xforce.ibmcloud.com/vulnerabilities/100722http://www.securityfocus.com/bid/72510http://seclists.org/oss-sec/2015/q1/427http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txthttps://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2015:0138https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3600
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook