Описание
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.14 (включая)
cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.0066
Низкий
5.5 Medium
CVSS3
7.1 High
CVSS2
Дефекты
CWE-776
Связанные уязвимости
CVSS3: 5.5
ubuntu
почти 9 лет назад
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
CVSS3: 5.5
debian
почти 9 лет назад
Apache POI in versions prior to release 3.15 allows remote attackers t ...
CVSS3: 5.5
github
больше 3 лет назад
Improper Restriction of Recursive Entity References in DTDs in Apache POI
EPSS
Процентиль: 71%
0.0066
Низкий
5.5 Medium
CVSS3
7.1 High
CVSS2
Дефекты
CWE-776