Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-09-04T17:00:00

Updated: 2024-08-06T10:50:17.790Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3574

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-09-04T17:55:05.670

Modified: 2017-08-29T01:34:47.813

Link: CVE-2014-3574

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-08-18T00:00:00Z

Links: CVE-2014-3574 - Bugzilla