Published: 04/09/2014 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Apache POI prior to 3.10.1 and 3.11.x prior to 3.11-beta2 allows remote malicious users to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache poi 0.1
apache poi 0.10.0
apache poi 0.4
apache poi 0.5
apache poi 1.2.0
apache poi 1.5
apache poi 2.0
apache poi 3.0
apache poi 3.0.1
apache poi 3.5
apache poi 3.7
apache poi 3.8
apache poi 0.11.0
apache poi 0.12.0
apache poi 0.6
apache poi 0.7
apache poi 1.5.1
apache poi 1.7
apache poi 2.5
apache poi 3.0.2
apache poi 3.9
apache poi 3.10
apache poi 0.13.0
apache poi 0.14.0
apache poi 1.0.0
apache poi 1.0.1
apache poi 1.8
apache poi 2.5.1
apache poi 3.1
apache poi
apache poi 3.11
apache poi 0.2
apache poi 0.3
apache poi 1.0.2
apache poi 1.1.0
apache poi 1.10
apache poi 3.2
apache poi 3.6

NVD-CWE-Other http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt http://secunia.com/advisories/60419 https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations http://poi.apache.org/changes.html http://rhn.redhat.com/errata/RHSA-2014-1398.html http://rhn.redhat.com/errata/RHSA-2014-1399.html http://rhn.redhat.com/errata/RHSA-2014-1400.html http://rhn.redhat.com/errata/RHSA-2014-1370.html http://secunia.com/advisories/59943 http://secunia.com/advisories/61766 http://www.securityfocus.com/bid/69648 http://www-01.ibm.com/support/docview.wss?uid=swg21996759 https://exchange.xforce.ibmcloud.com/vulnerabilities/95768 https://nvd.nist.gov

CVE-2014-3574

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect