Published: 24/03/2017 Updated: 20/10/2020

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Apache POI in versions prior to release 3.15 allows remote malicious users to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache poi

Debian Bug report logs - #888651 libapache-poi-java: CVE-2017-12626: Denial of Service Vulnerabilities Package: src:libapache-poi-java; Maintainer for src:libapache-poi-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 28 Ja ...

Debian Bug report logs - #858301 libapache-poi-java: CVE-2017-5644 Package: src:libapache-poi-java; Maintainer for src:libapache-poi-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Mar 2017 20:36:01 UTC Severity: impor ...

CWE-776 http://poi.apache.org/#20+March+2017+-+CVE-2017-5644+-+Possible+DOS+%28Denial+of+Service%29+in+Apache+POI+versions+prior+to+3.15 http://www.securityfocus.com/bid/96983 https://www.oracle.com/security-alerts/cpuoct2020.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888651

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5644

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect