Описание
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libapache-poi-java | fixed | 3.17-1 | package | |
| libapache-poi-java | no-dsa | stretch | package | |
| libapache-poi-java | no-dsa | jessie | package | |
| libapache-poi-java | no-dsa | wheezy | package |
Примечания
https://www.openwall.com/lists/oss-security/2017/03/20/9
EPSS
Процентиль: 74%
0.00792
Низкий
Связанные уязвимости
CVSS3: 5.5
ubuntu
почти 9 лет назад
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
CVSS3: 5.5
nvd
почти 9 лет назад
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
CVSS3: 5.5
github
больше 3 лет назад
Improper Restriction of Recursive Entity References in DTDs in Apache POI
EPSS
Процентиль: 74%
0.00792
Низкий