CVE-2014-3574
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/09/2014
Last modified:
12/04/2025
Description
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:* | 3.10 (including) | |
| cpe:2.3:a:apache:poi:0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.12.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.13.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:0.14.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:1.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:poi:1.0.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://poi.apache.org/changes.html
- http://rhn.redhat.com/errata/RHSA-2014-1370.html
- http://rhn.redhat.com/errata/RHSA-2014-1398.html
- http://rhn.redhat.com/errata/RHSA-2014-1399.html
- http://rhn.redhat.com/errata/RHSA-2014-1400.html
- http://secunia.com/advisories/59943
- http://secunia.com/advisories/60419
- http://secunia.com/advisories/61766
- http://www-01.ibm.com/support/docview.wss?uid=swg21996759
- http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
- http://www.securityfocus.com/bid/69648
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95768
- https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations
- http://poi.apache.org/changes.html
- http://rhn.redhat.com/errata/RHSA-2014-1370.html
- http://rhn.redhat.com/errata/RHSA-2014-1398.html
- http://rhn.redhat.com/errata/RHSA-2014-1399.html
- http://rhn.redhat.com/errata/RHSA-2014-1400.html
- http://secunia.com/advisories/59943
- http://secunia.com/advisories/60419
- http://secunia.com/advisories/61766
- http://www-01.ibm.com/support/docview.wss?uid=swg21996759
- http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
- http://www.securityfocus.com/bid/69648
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95768
- https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations