You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by bu...@apache.org on 2018/02/09 14:00:47 UTC
svn commit: r1025119 - in /websites/staging/juddi/trunk/content: ./ security.html

Author: buildbot
Date: Fri Feb  9 14:00:47 2018
New Revision: 1025119

Log:
Staging update by buildbot for juddi

Modified:
    websites/staging/juddi/trunk/content/   (props changed)
    websites/staging/juddi/trunk/content/security.html

Propchange: websites/staging/juddi/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Feb  9 14:00:47 2018
@@ -1 +1 @@
-1816384
+1823656

Modified: websites/staging/juddi/trunk/content/security.html
==============================================================================
--- websites/staging/juddi/trunk/content/security.html (original)
+++ websites/staging/juddi/trunk/content/security.html Fri Feb  9 14:00:47 2018
@@ -172,7 +172,17 @@
 }
 h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
 <h2 id="security-advisories-for-apache-juddi">Security Advisories for Apache jUDDI<a class="headerlink" href="#security-advisories-for-apache-juddi" title="Permanent link">&para;</a></h2>
-<h3 id="cveidcve-2015-5241">CVEID:CVE-2015-5241<a class="headerlink" href="#cveidcve-2015-5241" title="Permanent link">&para;</a></h3>
+<h3 id="cveid-cve-2009-4267">CVEID : <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267">CVE-2009-4267</a><a class="headerlink" href="#cveid-cve-2009-4267" title="Permanent link">&para;</a></h3>
+<p>VERSION:  3.0.0</p>
+<p>PROBLEMTYPE: Information Disclosure</p>
+<p>REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267</p>
+<p>DISCRIPTION: The jUDDI console doesn't escape line feeds that were passed in the numRows parameter. This affects log integrity, as this allows authenticated users to forge log records.</p>
+<p>Severity: Moderate</p>
+<p>Mitigation:</p>
+<p>3.0.0 users should upgrade to jUDDI 3.0.1 or newer</p>
+<p>Credit:</p>
+<p>This issue was discovered by ï»¿Marc Schoenefeld of Red Hat Software.</p>
+<h3 id="cveid-cve-2015-5241">CVEID: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5241">CVE-2015-5241</a><a class="headerlink" href="#cveid-cve-2015-5241" title="Permanent link">&para;</a></h3>
 <p>VERSION: 3.1.2, 3.1.3, 3.1.4, and 3.1.5 that utilize the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'</p>
 <p>PROBLEMTYPE: Open Redirect</p>
 <p>REFERENCES: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5241</p>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org