PT-2014-5401 · Apache · Apache Poi
Publicado
2014-09-04
·
Atualizado
2022-05-17
·
CVE-2014-3574
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Apache POI versions prior to 3.10.1
Apache POI versions 3.11.x prior to 3.11-beta2
Description
The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and crash, via a crafted OOXML file. This is achieved through an XML Entity Expansion (XEE) attack.
Recommendations
For Apache POI versions prior to 3.10.1, update to version 3.10.1 or later.
For Apache POI versions 3.11.x prior to 3.11-beta2, update to version 3.11-beta2 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Poi