Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1307

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.

Published

2018-02-09T19:29:00.227

Last Modified

2024-11-21T03:59:35.573

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	juddi	≤ 3.3.4	Yes

References

http://juddi.apache.org/security.html Vendor Advisory ([email protected])
https://issues.apache.org/jira/browse/JUDDI-987 Issue Tracking, Patch, Vendor Advisory ([email protected])
http://juddi.apache.org/security.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://issues.apache.org/jira/browse/JUDDI-987 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)