Lucene search

PRIOn knowledge basePRION:CVE-2014-3574

HistorySep 04, 2014 - 5:55 p.m.

Design/Logic Flaw

2014-09-0417:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CPENameOperatorVersion
poieq2.5
poieq0.2
poieq3.7 beta3
poieq3.0.2 beta2
poieq3.0.1
poieq3.5
poieq1.10 dev
poieq3.10 beta1
poieq1.0.2
poieq2.0 pre3

Name	Operator	Version
poi	eq	2.5
poi	eq	0.2
poi	eq	3.7 beta3
poi	eq	3.0.2 beta2
poi	eq	3.0.1
poi	eq	3.5
poi	eq	1.10 dev
poi	eq	3.10 beta1
poi	eq	1.0.2
poi	eq	2.0 pre3

Rows per page:

1-10 of 651

References

poi.apache.org/changes.html

rhn.redhat.com/errata/RHSA-2014-1370.html

rhn.redhat.com/errata/RHSA-2014-1398.html

rhn.redhat.com/errata/RHSA-2014-1399.html

rhn.redhat.com/errata/RHSA-2014-1400.html

secunia.com/advisories/59943

secunia.com/advisories/60419

secunia.com/advisories/61766

www-01.ibm.com/support/docview.wss?uid=swg21996759

www.apache.org/dist/poi/release/RELEASE-NOTES.txt

www.securityfocus.com/bid/69648

exchange.xforce.ibmcloud.com/vulnerabilities/95768

lucene.apache.org/solr/solrnews.html