Vulnerability Description
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Poi | <= 3.10 |
References
- http://poi.apache.org/changes.html
- http://rhn.redhat.com/errata/RHSA-2014-1370.html
- http://rhn.redhat.com/errata/RHSA-2014-1398.html
- http://rhn.redhat.com/errata/RHSA-2014-1399.html
- http://rhn.redhat.com/errata/RHSA-2014-1400.html
- http://secunia.com/advisories/59943
- http://secunia.com/advisories/60419
- http://secunia.com/advisories/61766
- http://www-01.ibm.com/support/docview.wss?uid=swg21996759
- http://www.apache.org/dist/poi/release/RELEASE-NOTES.txtVendor Advisory
- http://www.securityfocus.com/bid/69648
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95768
- https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-upPatchVendor Advisory
- http://poi.apache.org/changes.html
- http://rhn.redhat.com/errata/RHSA-2014-1370.html
FAQ
What is CVE-2014-3574?
CVE-2014-3574 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attac...
How severe is CVE-2014-3574?
CVE-2014-3574 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3574?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Poi.