PT-2018-11570 · Apache · Apache Juddi

Alex Oree

Published

2018-02-09

Updated

2018-10-19

CVE-2018-1307

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache jUDDI versions 3.2 through 3.3.4

Description The issue concerns a lack of protection against entity expansion and DTD type of attacks when using the WADL2Java or WSDL2Java classes to parse local or remote XML documents. These classes mediate the data structures into UDDI data structures.

Recommendations For Apache jUDDI versions 3.2 through 3.3.4, update to version 3.3.5 to resolve the issue.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-1307

GHSA-P99P-726H-C8V5

Affected Products

Apache Juddi

PT-2018-11570 · Apache · Apache Juddi

CVE-2018-1307

Weakness Enumeration

Related Identifiers

Affected Products

References · 6