[ 
https://issues.apache.org/jira/browse/JUDDI-987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alex O'Ree updated JUDDI-987:
-----------------------------
    Description: 
CVEID  CVE-2018-1307 
 
VERSION:  3.2 through 3.3.4
 
PROBLEMTYPE: XML Entity Expansion
 
REFERENCES: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267]
 
DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local 
or remote XML document and then mediates the data structures into UDDI data 
structures, there are little protections present against entity expansion and 
DTD type of attacks. This was fixed with 
https://issues.apache.org/jira/browse/JUDDI-987
 
Severity: Moderate
 
Mitigation:
 
Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use 
of the effected classes.

> XML Entity Expansion
> --------------------
>
>                 Key: JUDDI-987
>                 URL: https://issues.apache.org/jira/browse/JUDDI-987
>             Project: jUDDI
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 3.2, 3.2.1, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4
>            Reporter: Alex O'Ree
>            Assignee: Alex O'Ree
>            Priority: Major
>             Fix For: 3.3.5
>
>
> CVEID  CVE-2018-1307 
>  
> VERSION:  3.2 through 3.3.4
>  
> PROBLEMTYPE: XML Entity Expansion
>  
> REFERENCES: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267]
>  
> DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local 
> or remote XML document and then mediates the data structures into UDDI data 
> structures, there are little protections present against entity expansion and 
> DTD type of attacks. This was fixed with 
> https://issues.apache.org/jira/browse/JUDDI-987
>  
> Severity: Moderate
>  
> Mitigation:
>  
> Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue 
> use of the effected classes.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to