CVE-2015-3208
The MITRE CVE dictionary describes this issue as:
XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown vectors.
Find out more about CVE-2015-3208 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Satellite 6.4 for RHEL 7 | RHSA-2018:2927 | 2018-10-16 |
| Red Hat Satellite 6.4 for RHEL 7 | RHSA-2018:2927 | 2018-10-16 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Subscription Asset Manager 1 | hornetq | Will not fix |
| Red Hat Satellite 6 | hornetq | Will not fix |
| Red Hat JBoss EAP 6 | hornetq | Not affected |
| Red Hat JBoss EAP 5 | hornetq | Not affected |
| Red Hat JBoss A-MQ 7 | artemis | Not affected |
Acknowledgements
Red Hat would like to thank David Jorm of IIX Product Security for reporting this issue.CVE description copyright © 2017, The MITRE Corporation