Uploaded image for project: 'jUDDI (Retired)'
  1. jUDDI (Retired)
  2. JUDDI-987

CVE-2018-1307 XML Entity Expansion

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.2, 3.2.1, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4
    • 3.3.5
    • core
    • None

    Description

      CVEID  CVE-2018-1307 
       
      VERSION:  3.2 through 3.3.4
       
      PROBLEMTYPE: XML Entity Expansion
       
      REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
       
      DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. This was fixed with https://issues.apache.org/jira/browse/JUDDI-987
       
      Severity: Moderate
       
      Mitigation:
       
      Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use of the effected classes.

      Attachments

        Activity

          People

            spyhunter99 Alex O'Ree
            spyhunter99 Alex O'Ree
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: