In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
References
Link | Resource |
---|---|
http://juddi.apache.org/security.html | Vendor Advisory |
https://issues.apache.org/jira/browse/JUDDI-987 | Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2017-11-10T00:00:00
Updated: 2018-02-09T18:57:01
Reserved: 2017-12-07T00:00:00
Link: CVE-2018-1307
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-02-09T19:29:00.227
Modified: 2018-03-08T16:36:43.637
Link: CVE-2018-1307
JSON object: View
Redhat Information
No data.
CWE