1135872 – (CVE-2014-3579) CVE-2014-3579 Apache ActiveMQ Apollo: XXE via XPath expression evaluation

Bug 1135872 (CVE-2014-3579) - CVE-2014-3579 Apache ActiveMQ Apollo: XXE via XPath expression evaluation

Summary: CVE-2014-3579 Apache ActiveMQ Apollo: XXE via XPath expression evaluation

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2014-3579
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1130476
TreeView+	depends on / blocked

Reported:	2014-09-01 05:09 UTC by Arun Babu Neelicattu
Modified:	2023-05-12 16:11 UTC (History)
CC List:	4 users (show)
Fixed In Version:	activemq-apollo 1.8
Doc Type:	Bug Fix
Doc Text:	It was discovered that Apache ActiveMQ Apollo performed XML External Entity (XXE) expansion when evaluating XPath expressions. A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ Apollo broker could use this flaw to read files accessible to the user running the broker, and potentially perform other more advanced XXE attacks.
Clone Of:
Environment:
Last Closed:	2015-02-05 22:55:58 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1133649	0	medium	CLOSED	CVE-2014-3600 Apache ActiveMQ: XXE via XPath expression evaluation	2023-05-12 16:10:04 UTC

Internal Links: 1133649

Description Arun Babu Neelicattu 2014-09-01 05:09:09 UTC

IssueDescription:

It was discovered that Apache ActiveMQ Apollo performed XML External Entity (XXE) expansion when evaluating XPath expressions. A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ Apollo broker could use this flaw to read files accessible to the user running the broker, and potentially perform other more advanced XXE attacks.

Comment 1 Arun Babu Neelicattu 2014-09-01 05:10:46 UTC

Upstream Issue:

https://issues.apache.org/jira/browse/APLO-366

Upstream Commit:

http://git-wip-us.apache.org/repos/asf/activemq-apollo/commit/e5647554

Comment 2 Arun Babu Neelicattu 2014-09-01 05:11:01 UTC

Acknowledgements:

Red Hat would like to thank Georgi Geshev of MWR Labs for reporting this issue.

Comment 3 Arun Babu Neelicattu 2014-09-01 05:23:58 UTC

Statement:

Not vulnerable. Apache ActiveMQ Apollo is not shipped with any supported Red Hat product.

Note You need to log in before you can comment on or make changes to this bug.