CVE-2014-3579

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1600%

EPSS Percentile0.14th

Published2017年10月27日

Last Modified2026年5月13日

Vulnerability Description

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

= 1.7

References & Advisories

🔗 http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt

🔗 http://seclists.org/oss-sec/2015/q1/428

🔗 http://www.securityfocus.com/bid/72508

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/100721

🔗 https://issues.apache.org/jira/browse/APLO-366

🔗 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

🔗 http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt

🔗 http://seclists.org/oss-sec/2015/q1/428

Vulnerability Description

Affected Platforms (CPE)

Activemq Apollo

Activemq Apollo

Activemq Apollo

Activemq Apollo

Activemq Apollo

Activemq Apollo

Activemq Apollo

Activemq Apollo

References & Advisories

相關漏洞威脅