Author: alexoree
Date: Fri Feb 9 16:21:33 2018
New Revision: 1823674
URL: http://svn.apache.org/viewvc?rev=1823674&view=rev
Log:
adding security advisory
Modified:
juddi/cms-site/trunk/content/security.mdtext
Modified: juddi/cms-site/trunk/content/security.mdtext
URL:
http://svn.apache.org/viewvc/juddi/cms-site/trunk/content/security.mdtext?rev=1823674&r1=1823673&r2=1823674&view=diff
==============================================================================
--- juddi/cms-site/trunk/content/security.mdtext (original)
+++ juddi/cms-site/trunk/content/security.mdtext Fri Feb 9 16:21:33 2018
@@ -2,6 +2,22 @@ Title: Security Advisories
## Security Advisories for Apache jUDDI
+### CVEID CVE-2018-1307
+
+VERSION: 3.2 through 3.3.4
+
+PROBLEMTYPE: XML Entity Expansion
+
+REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
+
+DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local
or remote XML document and then mediates the data structures into UDDI data
structures, there are little protections present against entity expansion and
DTD type of attacks. This was fixed with
https://issues.apache.org/jira/browse/JUDDI-987
+
+Severity: Moderate
+
+Mitigation:
+
+Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use
of the effected classes.
+
### CVEID :
[CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)
VERSION: 3.0.0
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
