CVE-2014-3600
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
9.8
CRITICAL
CVSS 3.1
EPSS 0.51%
Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
How to fix CVE-2014-3600
To remediate CVE-2014-3600, upgrade the affected package to a fixed version below.
- Debian/activemq—upgrade to 5.6.0+dfsg1-4 or later
- —upgrade to 5.10.1 or later
- —upgrade to 5.10.1 or later
Is CVE-2014-3600 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 5.6.0+dfsg1-4
- >= 5.0.0, < 5.10.1
- >= 5.0.0, < 5.10.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |