Uploaded image for project: 'jUDDI'
  1. jUDDI
  2. JUDDI-987

CVE-2018-1307 XML Entity Expansion

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2, 3.2.1, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4
    • Fix Version/s: 3.3.5
    • Component/s: core
    • Labels:
      None

      Description

      CVEID  CVE-2018-1307 
       
      VERSION:  3.2 through 3.3.4
       
      PROBLEMTYPE: XML Entity Expansion
       
      REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
       
      DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. This was fixed with https://issues.apache.org/jira/browse/JUDDI-987
       
      Severity: Moderate
       
      Mitigation:
       
      Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use of the effected classes.

        Attachments

          Activity

            People

            • Assignee:
              spyhunter99 Alex O'Ree
              Reporter:
              spyhunter99 Alex O'Ree
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: