Описание
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Ссылки
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:activemq_apollo:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq_apollo:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq_apollo:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq_apollo:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq_apollo:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq_apollo:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq_apollo:1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq_apollo:1.7:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.0348
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-611
Связанные уязвимости
redhat
около 11 лет назад
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
EPSS
Процентиль: 87%
0.0348
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-611