XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qpid | Apache | 0.30 (including) | 0.30 (including) |
| Qpid-cpp | Ubuntu | artful | * |
| Qpid-cpp | Ubuntu | esm-apps/xenial | * |
| Qpid-cpp | Ubuntu | precise | * |
| Qpid-cpp | Ubuntu | trusty | * |
| Qpid-cpp | Ubuntu | utopic | * |
| Qpid-cpp | Ubuntu | vivid | * |
| Qpid-cpp | Ubuntu | wily | * |
| Qpid-cpp | Ubuntu | xenial | * |
| Qpid-cpp | Ubuntu | yakkety | * |
| Qpid-cpp | Ubuntu | zesty | * |
References
- http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html
- http://secunia.com/advisories/62235
- http://www.securityfocus.com/archive/1/533943/100/0/threaded
- http://www.securityfocus.com/bid/71004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98575
- http://packetstormsecurity.com/files/129034/Apache-Qpid-0.30-Induced-HTTP-Requests.html
- http://secunia.com/advisories/62235
- http://www.securityfocus.com/archive/1/533943/100/0/threaded
- http://www.securityfocus.com/bid/71004
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98575