What is CVE-2014-3600?

CVE-2014-3600 is a critical-severity vulnerability in Apache Activemq, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 9.8/10. Published 2017-10-27.

How severe is CVE-2014-3600?

Critical severity. CVSS v3 base score is 9.8 out of 10.

XXE in Apache Activemq

CVE-2014-3600

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Vulnerability class: XXE (XML External Entity)

EPSS: 0.005 (66.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Apache Activemq — versions 5.0.0, 5.1.0, 5.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

secalert@redhat.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
secalert@redhat.com (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-3600?: CVE-2014-3600 is a critical-severity vulnerability in Apache Activemq, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 9.8/10. Published 2017-10-27.
How severe is CVE-2014-3600?: Critical severity. CVSS v3 base score is 9.8 out of 10.