CVE-2017-5644

Medium

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted…

apache·CWE-776·Published 2017-03-24

CVSS

5.5

EPSS

0.05

KEV

Exploits

cve.orgen

193 chars

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

NVDen

193 chars

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

OSV.deven

193 chars

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

GHSAen

193 chars

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

NVDes

268 chars

Apache POI en versiones anteriores al lanzamiento 3.15 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un archivo OOXML especialmente manipulado, vulnerabilidad también conocida como un ataque de XML Entity Expansion (XEE).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C
3.0	Primary	NVD	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H