You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@juddi.apache.org by al...@apache.org on 2018/02/09 14:00:15 UTC
svn commit: r1823656 - /juddi/cms-site/trunk/content/security.mdtext
Author: alexoree
Date: Fri Feb 9 14:00:15 2018
New Revision: 1823656
URL: http://svn.apache.org/viewvc?rev=1823656&view=rev
Log:
adding security update
Modified:
juddi/cms-site/trunk/content/security.mdtext
Modified: juddi/cms-site/trunk/content/security.mdtext
URL: http://svn.apache.org/viewvc/juddi/cms-site/trunk/content/security.mdtext?rev=1823656&r1=1823655&r2=1823656&view=diff
==============================================================================
--- juddi/cms-site/trunk/content/security.mdtext (original)
+++ juddi/cms-site/trunk/content/security.mdtext Fri Feb 9 14:00:15 2018
@@ -2,7 +2,28 @@ Title: Security Advisories
## Security Advisories for Apache jUDDI
-### CVEID:CVE-2015-5241
+### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)
+
+VERSION: 3.0.0
+
+PROBLEMTYPE: Information Disclosure
+
+REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
+
+DISCRIPTION: The jUDDI console doesn't escape line feeds that were passed in the numRows parameter. This affects log integrity, as this allows authenticated users to forge log records.
+
+Severity: Moderate
+
+Mitigation:
+
+3.0.0 users should upgrade to jUDDI 3.0.1 or newer
+
+Credit:
+
+This issue was discovered by Marc Schoenefeld of Red Hat Software.
+
+
+### CVEID: [CVE-2015-5241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5241)
VERSION: 3.1.2, 3.1.3, 3.1.4, and 3.1.5 that utilize the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@juddi.apache.org
For additional commands, e-mail: commits-help@juddi.apache.org