Critical severity9.8NVD Advisory· Published Oct 27, 2017· Updated Jun 17, 2026
CVE-2014-3600
CVE-2014-3600
Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:activemq-clientMaven | >= 5.0.0, < 5.10.1 | 5.10.1 |
org.apache.activemq:activemq-brokerMaven | >= 5.0.0, < 5.10.1 | 5.10.1 |
Affected products
20cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 5.0.0, < 5.10.1+ 1 more
- (no CPE)range: >= 5.0.0, < 5.10.1
- (no CPE)range: >= 5.0.0, < 5.10.1
Patches
Vulnerability mechanics
References
10- activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txtnvdVendor AdvisoryWEB
- seclists.org/oss-sec/2015/q1/427nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/72510nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/100722nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-4vhf-2hv7-8mrxghsaADVISORY
- issues.apache.org/jira/browse/AMQ-5333nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2014-3600ghsaADVISORY
- github.com/apache/activemq/commit/3e5ac6326db59f524a0e71f6b717428607d7b67dghsaWEB
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Envd
News mentions
0No linked articles in our index yet.