CVE-2014-3579

Sažetak

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Reference

https://issues.apache.org/jira/browse/APLO-366
https://exchange.xforce.ibmcloud.com/vulnerabilities/100721
http://www.securityfocus.com/bid/72508
http://seclists.org/oss-sec/2015/q1/428
http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-11-2023 - 02:20

Objavljeno

27-10-2017 - 19:29