CVE-2015-3208

critical

Description

XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown vectors.

References

http://www.openwall.com/lists/oss-security/2015/07/24/2

http://www.securityfocus.com/bid/76025

https://access.redhat.com/errata/RHSA-2018:2927

https://bugzilla.redhat.com/show_bug.cgi?id=1225252

https://github.com/apache/activemq-artemis/commit/48d9951d879e0c8cbb59d4b64ab59d53ef88310d

Details

Source: MITRE

Published: 2017-07-25

Updated: 2018-10-17

Type: CWE-611

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL