CVE-2014-3579
 
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Vulnerabilidad de XEE (XML External Entity) en Apache ActiveMQ Apollo, en versiones 1.x anteriores a la 1.7.1, permite que consumidores remotos provoquen un impacto sin especificar mediante vectores relacionados con un selector basado en XPath al eliminar de la cola los mensajes XML.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-14 CVE Reserved
- 2017-10-27 CVE Published
- 2023-04-29 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://seclists.org/oss-sec/2015/q1/428 | Mailing List | |
http://www.securityfocus.com/bid/72508 | Third Party Advisory | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/100721 | Issue Tracking | |
https://issues.apache.org/jira/browse/APLO-366 | Issue Tracking | |
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Activemq Apollo Search vendor "Apache" for product "Activemq Apollo" | 1.0 Search vendor "Apache" for product "Activemq Apollo" and version "1.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Activemq Apollo Search vendor "Apache" for product "Activemq Apollo" | 1.1 Search vendor "Apache" for product "Activemq Apollo" and version "1.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Activemq Apollo Search vendor "Apache" for product "Activemq Apollo" | 1.2 Search vendor "Apache" for product "Activemq Apollo" and version "1.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Activemq Apollo Search vendor "Apache" for product "Activemq Apollo" | 1.3 Search vendor "Apache" for product "Activemq Apollo" and version "1.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Activemq Apollo Search vendor "Apache" for product "Activemq Apollo" | 1.4 Search vendor "Apache" for product "Activemq Apollo" and version "1.4" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Activemq Apollo Search vendor "Apache" for product "Activemq Apollo" | 1.5 Search vendor "Apache" for product "Activemq Apollo" and version "1.5" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Activemq Apollo Search vendor "Apache" for product "Activemq Apollo" | 1.6 Search vendor "Apache" for product "Activemq Apollo" and version "1.6" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Activemq Apollo Search vendor "Apache" for product "Activemq Apollo" | 1.7 Search vendor "Apache" for product "Activemq Apollo" and version "1.7" | - |
Affected
|