You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@juddi.apache.org by "Alex O'Ree (JIRA)" <ju...@ws.apache.org> on 2018/02/09 16:01:00 UTC

[jira] [Closed] (JUDDI-987) CVE-2018-1307 XML Entity Expansion

     [ https://issues.apache.org/jira/browse/JUDDI-987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alex O'Ree closed JUDDI-987.
----------------------------

> CVE-2018-1307 XML Entity Expansion
> ----------------------------------
>
>                 Key: JUDDI-987
>                 URL: https://issues.apache.org/jira/browse/JUDDI-987
>             Project: jUDDI
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 3.2, 3.2.1, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4
>            Reporter: Alex O'Ree
>            Assignee: Alex O'Ree
>            Priority: Major
>             Fix For: 3.3.5
>
>
> CVEID  CVE-2018-1307 
>  
> VERSION:  3.2 through 3.3.4
>  
> PROBLEMTYPE: XML Entity Expansion
>  
> REFERENCES: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267]
>  
> DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. This was fixed with https://issues.apache.org/jira/browse/JUDDI-987
>  
> Severity: Moderate
>  
> Mitigation:
>  
> Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use of the effected classes.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)