CVE-2016-5000 in Retail Order Brokerinfo

Summary

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

05/24/2016

Disclosure

08/05/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
95674	Oracle Retail Order Broker Order Broker Foundation xml external entity reference	611	Not defined	Official fix	CVE-2016-5000
90610	Apache POI XLSX2CSV Example xml external entity reference	611	Not defined	Official fix	CVE-2016-5000

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!