CVE-2014-3600

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions 5.x through 5.10.0

Description The issue is related to an XML external entity (XXE) vulnerability. It allows remote consumers to have an unspecified impact via vectors involving an XPath-based selector when dequeuing XML messages. The vulnerability can be exploited by a remote attacker to disclose protected information, cause a denial of service, or have other impacts using specially crafted XPath queries.

Recommendations For Apache ActiveMQ versions 5.x through 5.10.0, update to version 5.10.1 or later to resolve the issue.