CVE-2016-5000

CWE-611 — XML External Entity (XXE)CWE-200 — Information Exposure CWE-399 CWE-119 — Buffer Overflow CWE-26420 documents9 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 44.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache POI

Timeline

PublishedAug 5

Latest updateMay 13

Description

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Mavenorg.apache.poi:poi-examples< 3.14

▶NVDapache/poi3.13

🔴Vulnerability Details

GHSA

Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability↗2022-05-13

▶

OSV

Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability↗2022-05-13

▶

OSV

CVE-2016-5000: The XLSX2CSV example in Apache POI before 3↗2016-08-05

▶

CVEList

CVE-2016-5000: The XLSX2CSV example in Apache POI before 3↗2016-08-05

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office PowerPoint 2010 - Invalid Pointer Reference↗2016-09-21

▶

📋Vendor Advisories

Cisco

Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability↗2017-01-18

▶

Cisco

Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability↗2016-12-07

▶

Cisco

Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability↗2016-12-07

▶

Cisco

Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability↗2016-11-16

▶

Red Hat

poi: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example↗2016-07-22

▶

💬Community

Bugzilla

CVE-2016-5000 apache-poi: poi: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example [fedora-all]↗2016-07-25

▶

Bugzilla

CVE-2016-5000 poi: XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example↗2016-07-25

▶