CVE-2014-3574
apache-poi: entity expansion (billion laughs) flaw
Severity Score
4.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Apache POI anterior a 3.10.1 y 3.11.x anterior a 3.11-beta2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU y caída) a través de un fichero OOXML manipulado, también conocido como un ataque de expansión de entidad XML (XEE).
It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-05-14 CVE Reserved
- 2014-09-04 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://poi.apache.org/changes.html | X_refsource_confirm | |
| http://secunia.com/advisories/59943 | Third Party Advisory | |
| http://secunia.com/advisories/60419 | Third Party Advisory | |
| http://secunia.com/advisories/61766 | Third Party Advisory | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21996759 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/69648 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95768 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations | 2017-08-29 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-1370.html | 2017-08-29 | |
| http://rhn.redhat.com/errata/RHSA-2014-1398.html | 2017-08-29 | |
| http://rhn.redhat.com/errata/RHSA-2014-1399.html | 2017-08-29 | |
| http://rhn.redhat.com/errata/RHSA-2014-1400.html | 2017-08-29 | |
| http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt | 2017-08-29 | |
| https://access.redhat.com/security/cve/CVE-2014-3574 | 2015-05-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1138140 | 2015-05-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | <= 3.10 Search vendor "Apache" for product "Poi" and version " <= 3.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.1 Search vendor "Apache" for product "Poi" and version "0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.2 Search vendor "Apache" for product "Poi" and version "0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.3 Search vendor "Apache" for product "Poi" and version "0.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.4 Search vendor "Apache" for product "Poi" and version "0.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.5 Search vendor "Apache" for product "Poi" and version "0.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.6 Search vendor "Apache" for product "Poi" and version "0.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.7 Search vendor "Apache" for product "Poi" and version "0.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.10.0 Search vendor "Apache" for product "Poi" and version "0.10.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.11.0 Search vendor "Apache" for product "Poi" and version "0.11.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.12.0 Search vendor "Apache" for product "Poi" and version "0.12.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.13.0 Search vendor "Apache" for product "Poi" and version "0.13.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 0.14.0 Search vendor "Apache" for product "Poi" and version "0.14.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.0.0 Search vendor "Apache" for product "Poi" and version "1.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.0.1 Search vendor "Apache" for product "Poi" and version "1.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.0.2 Search vendor "Apache" for product "Poi" and version "1.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.1.0 Search vendor "Apache" for product "Poi" and version "1.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.2.0 Search vendor "Apache" for product "Poi" and version "1.2.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.5 Search vendor "Apache" for product "Poi" and version "1.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.5.1 Search vendor "Apache" for product "Poi" and version "1.5.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.7 Search vendor "Apache" for product "Poi" and version "1.7" | dev |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.8 Search vendor "Apache" for product "Poi" and version "1.8" | dev |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 1.10 Search vendor "Apache" for product "Poi" and version "1.10" | dev |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 2.0 Search vendor "Apache" for product "Poi" and version "2.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 2.0 Search vendor "Apache" for product "Poi" and version "2.0" | pre1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 2.0 Search vendor "Apache" for product "Poi" and version "2.0" | pre2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 2.0 Search vendor "Apache" for product "Poi" and version "2.0" | pre3 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 2.0 Search vendor "Apache" for product "Poi" and version "2.0" | rc1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 2.0 Search vendor "Apache" for product "Poi" and version "2.0" | rc2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 2.5 Search vendor "Apache" for product "Poi" and version "2.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 2.5.1 Search vendor "Apache" for product "Poi" and version "2.5.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.0 Search vendor "Apache" for product "Poi" and version "3.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.0 Search vendor "Apache" for product "Poi" and version "3.0" | alpha1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.0 Search vendor "Apache" for product "Poi" and version "3.0" | alpha2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.0 Search vendor "Apache" for product "Poi" and version "3.0" | alpha3 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.0.1 Search vendor "Apache" for product "Poi" and version "3.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.0.2 Search vendor "Apache" for product "Poi" and version "3.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.0.2 Search vendor "Apache" for product "Poi" and version "3.0.2" | beta1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.0.2 Search vendor "Apache" for product "Poi" and version "3.0.2" | beta2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.1 Search vendor "Apache" for product "Poi" and version "3.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.1 Search vendor "Apache" for product "Poi" and version "3.1" | beta1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.1 Search vendor "Apache" for product "Poi" and version "3.1" | beta2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.2 Search vendor "Apache" for product "Poi" and version "3.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.5 Search vendor "Apache" for product "Poi" and version "3.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.5 Search vendor "Apache" for product "Poi" and version "3.5" | beta1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.5 Search vendor "Apache" for product "Poi" and version "3.5" | beta2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.5 Search vendor "Apache" for product "Poi" and version "3.5" | beta3 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.5 Search vendor "Apache" for product "Poi" and version "3.5" | beta4 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.5 Search vendor "Apache" for product "Poi" and version "3.5" | beta5 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.5 Search vendor "Apache" for product "Poi" and version "3.5" | beta6 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.6 Search vendor "Apache" for product "Poi" and version "3.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.7 Search vendor "Apache" for product "Poi" and version "3.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.7 Search vendor "Apache" for product "Poi" and version "3.7" | beta1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.7 Search vendor "Apache" for product "Poi" and version "3.7" | beta2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.7 Search vendor "Apache" for product "Poi" and version "3.7" | beta3 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.8 Search vendor "Apache" for product "Poi" and version "3.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.8 Search vendor "Apache" for product "Poi" and version "3.8" | beta1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.8 Search vendor "Apache" for product "Poi" and version "3.8" | beta2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.8 Search vendor "Apache" for product "Poi" and version "3.8" | beta3 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.8 Search vendor "Apache" for product "Poi" and version "3.8" | beta4 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.8 Search vendor "Apache" for product "Poi" and version "3.8" | beta5 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.9 Search vendor "Apache" for product "Poi" and version "3.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.10 Search vendor "Apache" for product "Poi" and version "3.10" | beta1 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.10 Search vendor "Apache" for product "Poi" and version "3.10" | beta2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Poi Search vendor "Apache" for product "Poi" | 3.11 Search vendor "Apache" for product "Poi" and version "3.11" | beta1 |
Affected
| ||||||