CVE-2014-3529
Published: 4 September 2014
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Priority
Status
Package | Release | Status |
---|---|---|
libapache-poi-java Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(3.10.1-1)
|
|
cosmic |
Not vulnerable
(3.10.1-1)
|
|
disco |
Not vulnerable
(3.10.1-1)
|
|
lucid |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(3.10.1-1)
|
|
utopic |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(3.10.1-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3529
- https://issues.apache.org/bugzilla/show_bug.cgi?id=56164
- https://lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations
- http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt
- http://secunia.com/advisories/60419
- http://poi.apache.org/changes.html
- NVD
- Launchpad
- Debian