Executive Summary
| Summary | |
|---|---|
| Title | libjakarta-poi-java security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2468 | First vendor Publication | 2012-05-09 |
| Vendor | Debian | Last vendor Modification | 2012-05-09 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine. For the stable distribution (squeeze), this problem has been fixed in version 3.6+dfsg-1+squeeze1. We recommend that you upgrade your libjakarta-poi-java packages. |
Original Source
| Url : http://www.debian.org/security/2012/dsa-2468 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20169 | |||
| Oval ID: | oval:org.mitre.oval:def:20169 | ||
| Title: | DSA-2468-1 libjakarta-poi-java - unbounded memory allocation | ||
| Description: | It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2468-1 CVE-2012-0213 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libjakarta-poi-java |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-08-30 | Name : Fedora Update for apache-poi FEDORA-2012-10835 File : nvt/gb_fedora_2012_10835_apache-poi_fc17.nasl |
| 2012-05-31 | Name : Debian Security Advisory DSA 2468-1 (libjakarta-poi-java) File : nvt/deb_2468_1.nasl |
| 2012-05-22 | Name : Fedora Update for apache-poi FEDORA-2012-7683 File : nvt/gb_fedora_2012_7683_apache-poi_fc16.nasl |
| 2012-05-22 | Name : Fedora Update for apache-poi FEDORA-2012-7686 File : nvt/gb_fedora_2012_7686_apache-poi_fc15.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-292.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-094.nasl - Type : ACT_GATHER_INFO |
| 2012-08-06 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10835.nasl - Type : ACT_GATHER_INFO |
| 2012-05-21 | Name : The remote Fedora host is missing a security update. File : fedora_2012-7683.nasl - Type : ACT_GATHER_INFO |
| 2012-05-21 | Name : The remote Fedora host is missing a security update. File : fedora_2012-7686.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2468.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:31:03 |
|
