Vulnerability CVE-2014-3574


Published: 2014-09-04

Description:
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

See advisories in our WLB2 database:
Topic
Author
Date
High
Apache POI 3.10.1-20140818 security issues with OOXML
Multiple
05.09.2014

Vendor: Apache
Product: POI 
Version:
3.9
3.8
3.7
3.6
3.5
3.2
3.11
3.10
3.0.2
3.0.1
3.0
2.5.1
2.5
2.0
1.8
1.7
1.5.1
1.5
1.2.0
1.10
1.1.0
1.0.2
1.0.1
1.0.0
0.7
0.6
0.5
0.4
0.3
0.2
0.14.0
0.13.0
0.12.0
0.11.0
0.10.0
0.1

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://poi.apache.org/changes.html
http://rhn.redhat.com/errata/RHSA-2014-1370.html
http://rhn.redhat.com/errata/RHSA-2014-1398.html
http://rhn.redhat.com/errata/RHSA-2014-1399.html
http://rhn.redhat.com/errata/RHSA-2014-1400.html
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
http://www.securityfocus.com/bid/69648
http://xforce.iss.net/xforce/xfdb/95768
https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations

Related CVE
CVE-2019-12397
Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.
CVE-2019-10099
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in S...
CVE-2019-10094
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
CVE-2019-10093
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.
CVE-2019-10088
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
CVE-2019-0193
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH adm...
CVE-2015-7559
It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
CVE-2018-11774
Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requ...

Copyright 2019, cxsecurity.com

 

Back to Top