Repository: juddi Updated Branches: refs/heads/master b5ded210e -> 442fb5572
JUDDI-987 adding security advisory Project: http://git-wip-us.apache.org/repos/asf/juddi/repo Commit: http://git-wip-us.apache.org/repos/asf/juddi/commit/442fb557 Tree: http://git-wip-us.apache.org/repos/asf/juddi/tree/442fb557 Diff: http://git-wip-us.apache.org/repos/asf/juddi/diff/442fb557 Branch: refs/heads/master Commit: 442fb55723cf1af1490395b2b005e787026801b3 Parents: b5ded21 Author: Alex O'Ree <[email protected]> Authored: Fri Feb 9 11:25:12 2018 -0500 Committer: Alex O'Ree <[email protected]> Committed: Fri Feb 9 11:25:12 2018 -0500 ---------------------------------------------------------------------- src/site/markdown/security.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/juddi/blob/442fb557/src/site/markdown/security.md ---------------------------------------------------------------------- diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md index 54f4c50..59d5a37 100644 --- a/src/site/markdown/security.md +++ b/src/site/markdown/security.md @@ -2,6 +2,22 @@ Title: Security Advisories ## Security Advisories for Apache jUDDI +### CVEID [CVE-2018-1307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1307) + +VERSION: 3.2 through 3.3.4 + +PROBLEMTYPE: XML Entity Expansion + +REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267 + +DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. This was fixed with https://issues.apache.org/jira/browse/JUDDI-987 + +Severity: Moderate + +Mitigation: + +Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use of the effected classes. + ### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267) VERSION: 3.0.0 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
