You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2018/02/09 16:21:34 UTC
svn commit: r1823674 - /juddi/cms-site/trunk/content/security.mdtext
Author: alexoree
Date: Fri Feb 9 16:21:33 2018
New Revision: 1823674
URL: http://svn.apache.org/viewvc?rev=1823674&view=rev
Log:
adding security advisory
Modified:
juddi/cms-site/trunk/content/security.mdtext
Modified: juddi/cms-site/trunk/content/security.mdtext
URL: http://svn.apache.org/viewvc/juddi/cms-site/trunk/content/security.mdtext?rev=1823674&r1=1823673&r2=1823674&view=diff
==============================================================================
--- juddi/cms-site/trunk/content/security.mdtext (original)
+++ juddi/cms-site/trunk/content/security.mdtext Fri Feb 9 16:21:33 2018
@@ -2,6 +2,22 @@ Title: Security Advisories
## Security Advisories for Apache jUDDI
+### CVEID CVE-2018-1307
+
+VERSION: 3.2 through 3.3.4
+
+PROBLEMTYPE: XML Entity Expansion
+
+REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
+
+DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. This was fixed with https://issues.apache.org/jira/browse/JUDDI-987
+
+Severity: Moderate
+
+Mitigation:
+
+Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use of the effected classes.
+
### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)
VERSION: 3.0.0
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org