PT-2014-5401 · Apache · Apache Poi

Published

2014-09-04

Updated

2022-05-17

CVE-2014-3574

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache POI versions prior to 3.10.1 Apache POI versions 3.11.x prior to 3.11-beta2

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and crash, via a crafted OOXML file. This is achieved through an XML Entity Expansion (XEE) attack.

Recommendations For Apache POI versions prior to 3.10.1, update to version 3.10.1 or later. For Apache POI versions 3.11.x prior to 3.11-beta2, update to version 3.11-beta2 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-3574

GHSA-5WFP-8643-C58X

MGASA-2014-0550

Affected Products

Apache Poi

PT-2014-5401 · Apache · Apache Poi

CVE-2014-3574

Weakness Enumeration

Related Identifiers

Affected Products

References · 27