CVE-2014-3529 Information

Feb 14, 2021 cve

Description

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference related to an XML External Entity (XXE) issue.

Reference

http://poi.apache.org/changes.html http://rhn.redhat.com/errata/RHSA-2014-1370.html http://rhn.redhat.com/errata/RHSA-2014-1398.html http://rhn.redhat.com/errata/RHSA-2014-1399.html http://rhn.redhat.com/errata/RHSA-2014-1400.html http://secunia.com/advisories/59943 http://secunia.com/advisories/60419 http://secunia.com/advisories/61766 http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt http://www.securityfocus.com/bid/69647 http://www.securityfocus.com/bid/78018 http://www-01.ibm.com/support/docview.wss?uid=swg21996759 https://exchange.xforce.ibmcloud.com/vulnerabilities/95770 https://lucene.apache.org/solr/solrnews.html18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations

Share on: