Описание
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
Ссылки
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.2 (включая) до 3.3.4 (включая)
cpe:2.3:a:apache:juddi:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01116
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 4.3
redhat
около 8 лет назад
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
CVSS3: 8.1
github
больше 7 лет назад
Apache juddi-client vulnerable to XML External Entity (XXE)
EPSS
Процентиль: 78%
0.01116
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-611