Alex Oree

**Name of the Vulnerable Software and Affected Versions** Apache jUDDI versions 3.2 through 3.3.4 **Description** The issue concerns a lack of protection against entity expansion and DTD type of attacks when using the WADL2Java or WSDL2Java classes to parse local or remote XML documents. These classes mediate the data structures into UDDI data structures. **Recommendations** For Apache jUDDI versions 3.2 through 3.3.4, update to version 3.3.5 to resolve the issue.