We found results for “”
CVE-2014-3600
Good to know:
Date: October 27, 2017
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Language: Java
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Improper Restriction of XML External Entity Reference ('XXE')
CWE-611Top Fix
Upgrade Version
Upgrade to version org.apache.activemq:activemq-all:5.10.1;org.apache.activemq:activemq-broker:5.10.1;org.apache.activemq:activemq-client:5.10.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |