CVE-2018-1307

EUVD-2018-0651
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
apachejuddi
3.2 ≤
𝑥
≤ 3.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://juddi.apache.org/security.html
https://issues.apache.org/jira/browse/JUDDI-987
http://juddi.apache.org/security.html
https://issues.apache.org/jira/browse/JUDDI-987