Vulnerability in Apache Qpid

CVE-2014-3629

XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.

EPSS: 0.017 (82.9th percentile) — read the EPSS interpretation.

Affected products

Apache Qpid — versions 0.30
N/a — versions n/a

Weakness classification (CWE)

CWE-19

References

apache-qpid-cve20143629-info-disc(98575) (vdb-entry, x_refsource_XF)
20141107 CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests (mailing-list, x_refsource_BUGTRAQ)
71004 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_MISC)
62235 (x_refsource_SECUNIA, third-party-advisory)