CVE-2018-1307: XEE
First published: Fri Feb 09 2018(Updated: )
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache jUDDI | >=3.2<=3.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- vendor/apache
- canonical/apache juddi
- version/apache juddi/3.2
- version/apache juddi/3.3.4