[
https://issues.apache.org/jira/browse/JUDDI-987?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex O'Ree updated JUDDI-987:
-----------------------------
Description:
CVEID CVE-2018-1307
VERSION: 3.2 through 3.3.4
PROBLEMTYPE: XML Entity Expansion
REFERENCES: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267]
DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local
or remote XML document and then mediates the data structures into UDDI data
structures, there are little protections present against entity expansion and
DTD type of attacks. This was fixed with
https://issues.apache.org/jira/browse/JUDDI-987
Severity: Moderate
Mitigation:
Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue use
of the effected classes.
> XML Entity Expansion
> --------------------
>
> Key: JUDDI-987
> URL: https://issues.apache.org/jira/browse/JUDDI-987
> Project: jUDDI
> Issue Type: Bug
> Components: core
> Affects Versions: 3.2, 3.2.1, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.3.4
> Reporter: Alex O'Ree
> Assignee: Alex O'Ree
> Priority: Major
> Fix For: 3.3.5
>
>
> CVEID CVE-2018-1307
>
> VERSION: 3.2 through 3.3.4
>
> PROBLEMTYPE: XML Entity Expansion
>
> REFERENCES: [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267]
>
> DISCRIPTION: If using the WADL2Java or WSDL2Java classes, which parse a local
> or remote XML document and then mediates the data structures into UDDI data
> structures, there are little protections present against entity expansion and
> DTD type of attacks. This was fixed with
> https://issues.apache.org/jira/browse/JUDDI-987
>
> Severity: Moderate
>
> Mitigation:
>
> Update your juddi-client dependencies to 3.3.5 or newer and/or discontinue
> use of the effected classes.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
