Home > Vulnerability Database > CVE-2014-3529

Mend.io Vulnerability Database

CVE-2014-3529

Good to know:

Date: September 4, 2014

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Language: Java

Severity Score

3.7

Related Resources (22)

Url: http://secunia.com/advisories/61766

Url: http://rhn.redhat.com/errata/RHSA-2014-1398.html

Url: http://www-01.ibm.com/support/docview.wss?uid=swg21996759

Url: http://poi.apache.org/changes.html

Url: http://secunia.com/advisories/60419

Url: http://www.securityfocus.com/bid/69647

Url: https://github.com/apache/poi/commit/103b45073c7b504236588b3acc146530205af53c

Url: http://www.securityfocus.com/bid/78018

Url: https://github.com/apache/poi/commit/eabb6a924be24abb879372d0bc967e0d316b2cf8

Url: https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations

Url: http://rhn.redhat.com/errata/RHSA-2014-1400.html

Url: http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt

Url: https://github.com/apache/poi/commit/236c3c52a9b90688b2e57ec503559409e29f33ed

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/95770

Url: https://github.com/apache/poi/commit/d72bd78c19dfb7b57395a66ae8d9269d59a87bd2

Url: http://secunia.com/advisories/59943

Url: https://github.com/apache/poi/commit/6050a68d5adfb4ffef1edb778add09bcee32d1c3

Url: http://rhn.redhat.com/errata/RHSA-2014-1399.html

Url: http://rhn.redhat.com/errata/RHSA-2014-1370.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-3529

Url: https://github.com/apache/poi

Url: https://www.mend.io/vulnerability-database/CVE-2014-3529

Severity Score

3.7

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version 3.10.1

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-3529

Good to know:

Date: September 4, 2014

Language: Java

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?