7.5

CVSS Score

Basic Information

CVE ID

CVE-2017-12626

GHSA ID

GHSA-523c-xh4g-mh5m

EPSS Score

CWE

CWE-835

Published

1/14/2021

Updated

1/28/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-12626

CVE-2017-12626:
Denial of Service in Apache POI

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks:

Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294)
Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)

(GitHub Advisory)

7.5

CVSS Score

Basic Information

CVE ID

CVE-2017-12626

GHSA ID

GHSA-523c-xh4g-mh5m

EPSS Score

CWE

CWE-835

Published

1/14/2021

Updated

1/28/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.poi:poi	maven	< 3.17	3.17

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*p**** POI in v*rsions prior to r*l**s* *.** *r* vuln*r**l* to **ni*l o* S*rvi** *tt**ks: - In*init* Loops w*il* p*rsin* *r**t** WM*, *M*, MS* *n* m**ros (POI *u*s ***** *n* *****) - Out o* M*mory *x**ptions w*il* p*rsin* *r**t** *O*, PPT *n* XLS

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2017-12626: Denial of Service in Apache POI

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2017-12626:
Denial of Service in Apache POI

Vulnerability Intelligence
Miggo AI