You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@juddi.apache.org by al...@apache.org on 2018/02/09 16:21:34 UTC

svn commit: r1823674 - /juddi/cms-site/trunk/content/security.mdtext

Author: alexoree
Date: Fri Feb  9 16:21:33 2018
New Revision: 1823674

URL: http://svn.apache.org/viewvc?rev=1823674&view=rev
Log:
adding security advisory

Modified:
    juddi/cms-site/trunk/content/security.mdtext

Modified: juddi/cms-site/trunk/content/security.mdtext
URL: http://svn.apache.org/viewvc/juddi/cms-site/trunk/content/security.mdtext?rev=1823674&r1=1823673&r2=1823674&view=diff
==============================================================================
--- juddi/cms-site/trunk/content/security.mdtext (original)
+++ juddi/cms-site/trunk/content/security.mdtext Fri Feb  9 16:21:33 2018
@@ -2,6 +2,22 @@ Title: Security Advisories
 
 ## Security Advisories for Apache jUDDI
 
+### CVEID  CVE-2018-1307 
+
+VERSION:  3.2 through 3.3.4
+
+PROBLEMTYPE: XML Entity Expansion
+
+REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
+
+DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. This was fixed with https://issues.apache.org/jira/browse/JUDDI-987
+
+Severity: Moderate
+
+Mitigation:
+
+Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use of the effected classes.
+
 ### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)
 
 VERSION:  3.0.0



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org