CVE-2018-1307
The MITRE CVE dictionary describes this issue as:
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
Find out more about CVE-2018-1307 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
No Red Hat products are affected by CVE-2018-1307.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 4.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | Low |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Portal Platform 6 | juddi-client | Not affected |
| Red Hat JBoss Operations Network 3 | juddi-client | Not affected |
| Red Hat JBoss Fuse 6 | juddi-client | Not affected |
| Red Hat JBoss Enterprise SOA Platform 5 | juddi-client | Not affected |
| Red Hat JBoss EAP 6 | juddi-client | Not affected |
CVE description copyright © 2017, The MITRE Corporation