[CVEID] : CVE-2009-4267 [PRODUCT] : Apache jUDDI information disclosure vulnerability [VERSION]: 3.0.0 [PROBLEMTYPE] : Information Disclosure [DISCRIPTION]: The jUDDI console doesn't escape line feeds that were passed in the numRows parameter. This affects log integrity, as this allows authenticated users to forge log records.
Severity: Moderate Vendor: The Apache Software Foundation Mitigation: 3.0.0 users should upgrade to jUDDI 3.0.1 or newer Credit: This issue was discovered by Marc Schoenefeld of Red Hat Software. Thanks, —Kurt Kurt T Stam
