Author: buildbot Date: Fri Feb 9 16:22:31 2018 New Revision: 1025129 Log: Staging update by buildbot for juddi
Modified: websites/staging/juddi/trunk/content/ (props changed) websites/staging/juddi/trunk/content/security.html Propchange: websites/staging/juddi/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Fri Feb 9 16:22:31 2018 @@ -1 +1 @@ -1823656 +1823674 Modified: websites/staging/juddi/trunk/content/security.html ============================================================================== --- websites/staging/juddi/trunk/content/security.html (original) +++ websites/staging/juddi/trunk/content/security.html Fri Feb 9 16:22:31 2018 @@ -172,6 +172,14 @@ } h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style> <h2 id="security-advisories-for-apache-juddi">Security Advisories for Apache jUDDI<a class="headerlink" href="#security-advisories-for-apache-juddi" title="Permanent link">¶</a></h2> +<h3 id="cveid-cve-2018-1307">CVEID CVE-2018-1307<a class="headerlink" href="#cveid-cve-2018-1307" title="Permanent link">¶</a></h3> +<p>VERSION: 3.2 through 3.3.4</p> +<p>PROBLEMTYPE: XML Entity Expansion</p> +<p>REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267</p> +<p>DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. This was fixed with https://issues.apache.org/jira/browse/JUDDI-987</p> +<p>Severity: Moderate</p> +<p>Mitigation:</p> +<p>Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use of the effected classes.</p> <h3 id="cveid-cve-2009-4267">CVEID : <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267">CVE-2009-4267</a><a class="headerlink" href="#cveid-cve-2009-4267" title="Permanent link">¶</a></h3> <p>VERSION: 3.0.0</p> <p>PROBLEMTYPE: Information Disclosure</p> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@juddi.apache.org For additional commands, e-mail: commits-h...@juddi.apache.org