Repository: juddi
Updated Branches:
  refs/heads/master b5ded210e -> 442fb5572


JUDDI-987 adding security advisory


Project: http://git-wip-us.apache.org/repos/asf/juddi/repo
Commit: http://git-wip-us.apache.org/repos/asf/juddi/commit/442fb557
Tree: http://git-wip-us.apache.org/repos/asf/juddi/tree/442fb557
Diff: http://git-wip-us.apache.org/repos/asf/juddi/diff/442fb557

Branch: refs/heads/master
Commit: 442fb55723cf1af1490395b2b005e787026801b3
Parents: b5ded21
Author: Alex O'Ree <alexo...@apache.org>
Authored: Fri Feb 9 11:25:12 2018 -0500
Committer: Alex O'Ree <alexo...@apache.org>
Committed: Fri Feb 9 11:25:12 2018 -0500

----------------------------------------------------------------------
 src/site/markdown/security.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/juddi/blob/442fb557/src/site/markdown/security.md
----------------------------------------------------------------------
diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
index 54f4c50..59d5a37 100644
--- a/src/site/markdown/security.md
+++ b/src/site/markdown/security.md
@@ -2,6 +2,22 @@ Title: Security Advisories
 
 ## Security Advisories for Apache jUDDI
 
+### CVEID  
[CVE-2018-1307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1307)
+
+VERSION:  3.2 through 3.3.4
+
+PROBLEMTYPE: XML Entity Expansion
+
+REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267
+
+DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local 
or remote XML document and then mediates the data structures into UDDI data 
structures, there are little protections present against entity expansion and 
DTD type of attacks. This was fixed with 
https://issues.apache.org/jira/browse/JUDDI-987
+
+Severity: Moderate
+
+Mitigation:
+
+Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use 
of the effected classes.
+
 ### CVEID : 
[CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)
 
 VERSION:  3.0.0


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@juddi.apache.org
For additional commands, e-mail: commits-h...@juddi.apache.org

Reply via email to