CVE-2014-3529

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
References
Link Resource
http://poi.apache.org/changes.html
http://rhn.redhat.com/errata/RHSA-2014-1370.html
http://rhn.redhat.com/errata/RHSA-2014-1398.html
http://rhn.redhat.com/errata/RHSA-2014-1399.html
http://rhn.redhat.com/errata/RHSA-2014-1400.html
http://secunia.com/advisories/59943
http://secunia.com/advisories/60419
http://secunia.com/advisories/61766
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
http://www.securityfocus.com/bid/69647
http://www.securityfocus.com/bid/78018
https://exchange.xforce.ibmcloud.com/vulnerabilities/95770
https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations Vendor Advisory
http://poi.apache.org/changes.html
http://rhn.redhat.com/errata/RHSA-2014-1370.html
http://rhn.redhat.com/errata/RHSA-2014-1398.html
http://rhn.redhat.com/errata/RHSA-2014-1399.html
http://rhn.redhat.com/errata/RHSA-2014-1400.html
http://secunia.com/advisories/59943
http://secunia.com/advisories/60419
http://secunia.com/advisories/61766
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
http://www.securityfocus.com/bid/69647
http://www.securityfocus.com/bid/78018
https://exchange.xforce.ibmcloud.com/vulnerabilities/95770
https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.7:dev:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.8:dev:*:*:*:*:*:*
cpe:2.3:a:apache:poi:1.10:dev:*:*:*:*:*:*
cpe:2.3:a:apache:poi:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:2.0:pre1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:2.0:pre2:*:*:*:*:*:*
cpe:2.3:a:apache:poi:2.0:pre3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:poi:2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.0.2:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.0.2:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.1:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.1:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:beta4:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:beta5:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:beta6:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.7:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.7:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.7:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.8:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.8:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.8:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.8:beta4:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.8:beta5:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.10:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.10:beta2:*:*:*:*:*:*

History

21 Nov 2024, 02:08

Type Values Removed Values Added
References () http://poi.apache.org/changes.html - () http://poi.apache.org/changes.html -
References () http://rhn.redhat.com/errata/RHSA-2014-1370.html - () http://rhn.redhat.com/errata/RHSA-2014-1370.html -
References () http://rhn.redhat.com/errata/RHSA-2014-1398.html - () http://rhn.redhat.com/errata/RHSA-2014-1398.html -
References () http://rhn.redhat.com/errata/RHSA-2014-1399.html - () http://rhn.redhat.com/errata/RHSA-2014-1399.html -
References () http://rhn.redhat.com/errata/RHSA-2014-1400.html - () http://rhn.redhat.com/errata/RHSA-2014-1400.html -
References () http://secunia.com/advisories/59943 - () http://secunia.com/advisories/59943 -
References () http://secunia.com/advisories/60419 - () http://secunia.com/advisories/60419 -
References () http://secunia.com/advisories/61766 - () http://secunia.com/advisories/61766 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21996759 - () http://www-01.ibm.com/support/docview.wss?uid=swg21996759 -
References () http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt - () http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt -
References () http://www.securityfocus.com/bid/69647 - () http://www.securityfocus.com/bid/69647 -
References () http://www.securityfocus.com/bid/78018 - () http://www.securityfocus.com/bid/78018 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/95770 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/95770 -
References () https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations - Vendor Advisory () https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations - Vendor Advisory

Information

Published : 2014-09-04 17:55

Updated : 2024-11-21 02:08


NVD link : CVE-2014-3529

Mitre link : CVE-2014-3529

CVE.ORG link : CVE-2014-3529


JSON object : View

Products Affected

apache

  • poi