CVE-2017-5644
published 2017-03-24CVE-2017-5644: Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an…
medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | poi | <= 3.14 | — |
| apache_software_foundation | apache_poi | — | — |
| debian | libapache-poi-java | < libapache-poi-java 3.17-1 (bookworm) | libapache-poi-java 3.17-1 (bookworm) |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM