CVE-2014-3529 Vulnerability in maven package org.apache.poi:poi-ooxml

Description

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Remediation

References

http://poi.apache.org/changes.html

https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations

http://secunia.com/advisories/60419

http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt

http://www.securityfocus.com/bid/69647

http://rhn.redhat.com/errata/RHSA-2014-1398.html

http://rhn.redhat.com/errata/RHSA-2014-1399.html

http://rhn.redhat.com/errata/RHSA-2014-1400.html

http://rhn.redhat.com/errata/RHSA-2014-1370.html

http://secunia.com/advisories/59943

http://secunia.com/advisories/61766

http://www.securityfocus.com/bid/78018

http://www-01.ibm.com/support/docview.wss?uid=swg21996759

https://exchange.xforce.ibmcloud.com/vulnerabilities/95770

Related Vulnerabilities

CVE-2014-0035 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security

CVE-2013-6374 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

CVE-2014-3501 Vulnerability in npm package cordova-android

CVE-2019-1003050 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2013-4940 Vulnerability in npm package yui

Severity

Critical

Description

Remediation

References

Related Vulnerabilities

Severity

Tags

Take action and discover your vulnerabilities