PT-2014-5428 · Apache · Apache Qpid

Published

2014-11-17

Updated

2018-10-09

CVE-2014-3629

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Qpid version 0.30

Description The issue is related to an XML external entity (XXE) vulnerability in the XML Exchange module. This allows remote attackers to cause outgoing HTTP connections via a crafted message.

Recommendations For Apache Qpid version 0.30, update to a version that includes a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2014-3629

Affected Products

Apache Qpid

PT-2014-5428 · Apache · Apache Qpid

CVE-2014-3629

Weakness Enumeration

Related Identifiers

Affected Products

References · 9