In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
References
Link | Resource |
---|---|
http://juddi.apache.org/security.html | Vendor Advisory |
https://issues.apache.org/jira/browse/JUDDI-987 | Issue Tracking Patch Vendor Advisory |
http://juddi.apache.org/security.html | Vendor Advisory |
https://issues.apache.org/jira/browse/JUDDI-987 | Issue Tracking Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://juddi.apache.org/security.html - Vendor Advisory | |
References | () https://issues.apache.org/jira/browse/JUDDI-987 - Issue Tracking, Patch, Vendor Advisory |
Information
Published : 2018-02-09 19:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1307
Mitre link : CVE-2018-1307
CVE.ORG link : CVE-2018-1307
JSON object : View
Products Affected
apache
- juddi
CWE
CWE-611
Improper Restriction of XML External Entity Reference