CVE-2014-3579
Apache ActiveMQ Apollo XXE Vulnerability
9.8
CRITICAL
CVSS 3.1
EPSS 3.5%
Description
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
How to fix CVE-2014-3579
To remediate CVE-2014-3579, upgrade the affected package to a fixed version below.
- Maven/org.apache.activemq:apollo-project—upgrade to 1.7.1 or later
Is CVE-2014-3579 being exploited?
Low — EPSS is 3.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.0.0, < 1.7.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |