CVE-2009-4267

Name of the Vulnerable Software and Affected Versions Apache jUDDI version 3.0.0

Description The issue concerns the console in Apache jUDDI, which fails to properly escape line feeds. This allows remote authenticated users to spoof log entries by manipulating the numRows parameter.

Recommendations For Apache jUDDI version 3.0.0, consider restricting access to the console until a proper fix is available, and avoid using the numRows parameter in a way that could facilitate log entry spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.