[ 
https://issues.apache.org/jira/browse/JUDDI-987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alex O'Ree updated JUDDI-987:
-----------------------------
    Summary: CVE-2018-1307 XML Entity Expansion  (was: XML Entity Expansion)

> CVE-2018-1307 XML Entity Expansion
> ----------------------------------
>
>                 Key: JUDDI-987
>                 URL: https://issues.apache.org/jira/browse/JUDDI-987
>             Project: jUDDI
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 3.2, 3.2.1, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4
>            Reporter: Alex O'Ree
>            Assignee: Alex O'Ree
>            Priority: Major
>             Fix For: 3.3.5
>
>
> CVEID  CVE-2018-1307 
>  
> VERSION:  3.2 through 3.3.4
>  
> PROBLEMTYPE: XML Entity Expansion
>  
> REFERENCES: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267]
>  
> DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local 
> or remote XML document and then mediates the data structures into UDDI data 
> structures, there are little protections present against entity expansion and 
> DTD type of attacks. This was fixed with 
> https://issues.apache.org/jira/browse/JUDDI-987
>  
> Severity: Moderate
>  
> Mitigation:
>  
> Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue 
> use of the effected classes.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to