CVE-2014-3574

EPSS 11.11%
Published 04.09.2014 17:55:05
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Poi Version <= 3.10

Apache ≫ Poi Version0.1

Apache ≫ Poi Version0.2

Apache ≫ Poi Version0.3

Apache ≫ Poi Version0.4

Apache ≫ Poi Version0.5

Apache ≫ Poi Version0.6

Apache ≫ Poi Version0.7

Apache ≫ Poi Version0.10.0

Apache ≫ Poi Version0.11.0

Apache ≫ Poi Version0.12.0

Apache ≫ Poi Version0.13.0

Apache ≫ Poi Version0.14.0

Apache ≫ Poi Version1.0.0

Apache ≫ Poi Version1.0.1

Apache ≫ Poi Version1.0.2

Apache ≫ Poi Version1.1.0

Apache ≫ Poi Version1.2.0

Apache ≫ Poi Version1.5

Apache ≫ Poi Version1.5.1

Apache ≫ Poi Version1.7 Updatedev

Apache ≫ Poi Version1.8 Updatedev

Apache ≫ Poi Version1.10 Updatedev

Apache ≫ Poi Version2.0

Apache ≫ Poi Version2.0 Updatepre1

Apache ≫ Poi Version2.0 Updatepre2

Apache ≫ Poi Version2.0 Updatepre3

Apache ≫ Poi Version2.0 Updaterc1

Apache ≫ Poi Version2.0 Updaterc2

Apache ≫ Poi Version2.5

Apache ≫ Poi Version2.5.1

Apache ≫ Poi Version3.0

Apache ≫ Poi Version3.0 Updatealpha1

Apache ≫ Poi Version3.0 Updatealpha2

Apache ≫ Poi Version3.0 Updatealpha3

Apache ≫ Poi Version3.0.1

Apache ≫ Poi Version3.0.2

Apache ≫ Poi Version3.0.2 Updatebeta1

Apache ≫ Poi Version3.0.2 Updatebeta2

Apache ≫ Poi Version3.1

Apache ≫ Poi Version3.1 Updatebeta1

Apache ≫ Poi Version3.1 Updatebeta2

Apache ≫ Poi Version3.2

Apache ≫ Poi Version3.5

Apache ≫ Poi Version3.5 Updatebeta1

Apache ≫ Poi Version3.5 Updatebeta2

Apache ≫ Poi Version3.5 Updatebeta3

Apache ≫ Poi Version3.5 Updatebeta4

Apache ≫ Poi Version3.5 Updatebeta5

Apache ≫ Poi Version3.5 Updatebeta6

Apache ≫ Poi Version3.6

Apache ≫ Poi Version3.7

Apache ≫ Poi Version3.7 Updatebeta1

Apache ≫ Poi Version3.7 Updatebeta2

Apache ≫ Poi Version3.7 Updatebeta3

Apache ≫ Poi Version3.8

Apache ≫ Poi Version3.8 Updatebeta1

Apache ≫ Poi Version3.8 Updatebeta2

Apache ≫ Poi Version3.8 Updatebeta3

Apache ≫ Poi Version3.8 Updatebeta4

Apache ≫ Poi Version3.8 Updatebeta5

Apache ≫ Poi Version3.9

Apache ≫ Poi Version3.10 Updatebeta1

Apache ≫ Poi Version3.10 Updatebeta2

Apache ≫ Poi Version3.11 Updatebeta1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	11.11%	0.929

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

http://www-01.ibm.com/support/docview.wss?uid=swg21996759

http://poi.apache.org/changes.html

http://rhn.redhat.com/errata/RHSA-2014-1370.html

http://rhn.redhat.com/errata/RHSA-2014-1398.html

http://rhn.redhat.com/errata/RHSA-2014-1399.html

http://rhn.redhat.com/errata/RHSA-2014-1400.html

http://secunia.com/advisories/59943

http://secunia.com/advisories/60419

http://secunia.com/advisories/61766

http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt

Vendor Advisory

https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations

Patch

Vendor Advisory

http://www.securityfocus.com/bid/69648

https://exchange.xforce.ibmcloud.com/vulnerabilities/95768

https://nvd.nist.gov/vuln/detail/CVE-2014-3574

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3574

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3574

EUVD