Vulnerability Database
289,689
Total vulnerabilities in the database
CVE-2014-3574
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
| Software | From | Fixed in |
|---|---|---|
| apache / poi | 2.5 | 2.5.x |
| apache / poi | 0.2 | 0.2.x |
| apache / poi | 3.7-beta3 | 3.7-beta3.x |
| apache / poi | 3.0.2-beta2 | 3.0.2-beta2.x |
| apache / poi | 3.0.1 | 3.0.1.x |
| apache / poi | 3.5 | 3.5.x |
| apache / poi | 1.10-dev | 1.10-dev.x |
| apache / poi | 3.10-beta1 | 3.10-beta1.x |
| apache / poi | 1.0.2 | 1.0.2.x |
| apache / poi | 2.0-pre3 | 2.0-pre3.x |
| apache / poi | 3.5-beta6 | 3.5-beta6.x |
| apache / poi | 3.7 | 3.7.x |
| apache / poi | 3.0.2-beta1 | 3.0.2-beta1.x |
| apache / poi | 3.5-beta1 | 3.5-beta1.x |
| apache / poi | 1.7-dev | 1.7-dev.x |
| apache / poi | 0.14.0 | 0.14.0.x |
| apache / poi | 0.3 | 0.3.x |
| apache / poi | 1.5.1 | 1.5.1.x |
| apache / poi | 1.2.0 | 1.2.0.x |
| apache / poi | 3.0-alpha1 | 3.0-alpha1.x |
| apache / poi | 3.8-beta3 | 3.8-beta3.x |
| apache / poi | 2.5.1 | 2.5.1.x |
| apache / poi | 3.0 | 3.0.x |
| apache / poi | 0.13.0 | 0.13.0.x |
| apache / poi | 3.5-beta2 | 3.5-beta2.x |
| apache / poi | 2.0-rc2 | 2.0-rc2.x |
| apache / poi | 0.7 | 0.7.x |
| apache / poi | 0.5 | 0.5.x |
| apache / poi | 1.0.1 | 1.0.1.x |
| apache / poi | 3.7-beta1 | 3.7-beta1.x |
| apache / poi | 3.8-beta5 | 3.8-beta5.x |
| apache / poi | 2.0 | 2.0.x |
| apache / poi | 3.7-beta2 | 3.7-beta2.x |
| apache / poi | 2.0-pre1 | 2.0-pre1.x |
| apache / poi | 3.8-beta4 | 3.8-beta4.x |
| apache / poi | 3.5-beta5 | 3.5-beta5.x |
| apache / poi | 0.11.0 | 0.11.0.x |
| apache / poi | 3.0-alpha2 | 3.0-alpha2.x |
| apache / poi | - | 3.10.x |
| apache / poi | 3.8-beta1 | 3.8-beta1.x |
| apache / poi | 0.1 | 0.1.x |
| apache / poi | 3.1-beta2 | 3.1-beta2.x |
| apache / poi | 3.8-beta2 | 3.8-beta2.x |
| apache / poi | 3.2 | 3.2.x |
| apache / poi | 3.5-beta4 | 3.5-beta4.x |
| apache / poi | 3.6 | 3.6.x |
| apache / poi | 1.8-dev | 1.8-dev.x |
| apache / poi | 3.0.2 | 3.0.2.x |
| apache / poi | 2.0-rc1 | 2.0-rc1.x |
| apache / poi | 0.4 | 0.4.x |
| apache / poi | 2.0-pre2 | 2.0-pre2.x |
| apache / poi | 0.12.0 | 0.12.0.x |
| apache / poi | 3.1 | 3.1.x |
| apache / poi | 0.6 | 0.6.x |
| apache / poi | 3.5-beta3 | 3.5-beta3.x |
| apache / poi | 0.10.0 | 0.10.0.x |
| apache / poi | 3.8 | 3.8.x |
| apache / poi | 3.0-alpha3 | 3.0-alpha3.x |
| apache / poi | 3.1-beta1 | 3.1-beta1.x |
| apache / poi | 1.5 | 1.5.x |
| apache / poi | 1.1.0 | 1.1.0.x |
| apache / poi | 3.11-beta1 | 3.11-beta1.x |
| apache / poi | 3.10-beta2 | 3.10-beta2.x |
| apache / poi | 3.9 | 3.9.x |
| apache / poi | 1.0.0 | 1.0.0.x |
org.apache.poi / poi
|
- | 3.10.1 |
|
org.apache.poi / poi
|
3.11-beta1 | 3.11-beta1.x |
|
org.apache.poi / poi
|
3.11-beta1 | 3.11-beta2 |
- http://poi.apache.org/changes.html
- http://rhn.redhat.com/errata/RHSA-2014-1370.html
- http://rhn.redhat.com/errata/RHSA-2014-1398.html
- http://rhn.redhat.com/errata/RHSA-2014-1399.html
- http://rhn.redhat.com/errata/RHSA-2014-1400.html
- http://secunia.com/advisories/59943
- http://secunia.com/advisories/60419
- http://secunia.com/advisories/61766
- http://www-01.ibm.com/support/docview.wss?uid=swg21996759
- http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
- http://www.securityfocus.com/bid/69648
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95768
- https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations