security.html

buildbot Fri, 09 Feb 2018 08:22:44 -0800

Author: buildbot
Date: Fri Feb  9 16:22:31 2018
New Revision: 1025129

Log:
Staging update by buildbot for juddi


Modified:
    websites/staging/juddi/trunk/content/   (props changed)
    websites/staging/juddi/trunk/content/security.html

Propchange: websites/staging/juddi/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Feb  9 16:22:31 2018
@@ -1 +1 @@
-1823656
+1823674

Modified: websites/staging/juddi/trunk/content/security.html
==============================================================================
--- websites/staging/juddi/trunk/content/security.html (original)
+++ websites/staging/juddi/trunk/content/security.html Fri Feb  9 16:22:31 2018
@@ -172,6 +172,14 @@
 }
 h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, 
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, 
dt:hover > .elementid-permalink { visibility: visible }</style>
 <h2 id="security-advisories-for-apache-juddi">Security Advisories for Apache 
jUDDI<a class="headerlink" href="#security-advisories-for-apache-juddi" 
title="Permanent link">&para;</a></h2>
+<h3 id="cveid-cve-2018-1307">CVEID  CVE-2018-1307<a class="headerlink" 
href="#cveid-cve-2018-1307" title="Permanent link">&para;</a></h3>
+<p>VERSION:  3.2 through 3.3.4</p>
+<p>PROBLEMTYPE: XML Entity Expansion</p>
+<p>REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267</p>
+<p>DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a 
local or remote XML document and then mediates the data structures into UDDI 
data structures, there are little protections present against entity expansion 
and DTD type of attacks. This was fixed with 
https://issues.apache.org/jira/browse/JUDDI-987</p>
+<p>Severity: Moderate</p>
+<p>Mitigation:</p>
+<p>Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue 
use of the effected classes.</p>
 <h3 id="cveid-cve-2009-4267">CVEID : <a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267";>CVE-2009-4267</a><a
 class="headerlink" href="#cveid-cve-2009-4267" title="Permanent 
link">&para;</a></h3>
 <p>VERSION:  3.0.0</p>
 <p>PROBLEMTYPE: Information Disclosure</p>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@juddi.apache.org
For additional commands, e-mail: commits-h...@juddi.apache.org

svn commit: r1025129 - in /websites/staging/juddi/trunk/content: ./ security.html

Reply via email to