39 matches found
EUVD-2021-1660
Malware in sbrugna...
EUVD-2018-0651
Malware in sbrugna...
EUVD-2009-1196
Malware in sbrugna...
EUVD-2009-4236
Malware in sbrugna...
EUVD-2018-0497
Malware in sbrugna...
EUVD-2009-1197
Malware in sbrugna...
CVE-2021-37578
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
Deserialization of Untrusted Data in Apache jUDDI
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
org.apache.geronimo.plugins:uddi-war-repackage (>=3.0-beta-1 <=3.0.1), org.apache.juddi.client.plugins:juddi-ddl-generator (>=3.2.1 <=3.3.1) +13 more potentially affected by CVE-2021-37578 via org.apache.juddi:juddi-core (>=3.0.0 <=3.3.1)
org.apache.juddi:juddi-core MAVEN version =3.0.0, =3.0-beta-1, =3.2.1, =3.2.1, =3.0.0.alpha, =3.0.3, =3.0.0, =3.0.0, =3.0.0, =3.2.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.1.0 Source cves: CVE-2021-37578 Source advisory: OSV:GHSA-9HX8-2MRV-R674...
GHSA-9HX8-2MRV-R674 Deserialization of Untrusted Data in Apache jUDDI
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
CVE-2021-37578
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
Design/Logic Flaw
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
CVE-2021-37578
Apache jUDDI prior to 3.3.10 exposed a deserialization-based remote code execution vector via RMI. The issue arises from Java serialization in RMI entries, potentially allowing remote code execution if exploited. RMI is disabled by default for jUDDI web services/clients, and starting with 3.3.10 ...
Apache jUDDI 代码问题漏洞
Apache jUDDI is a java implementation of UDDI open source package that serves WebServices. jUDDI versions prior to Apache jUDDI 3.3.10 have a code issue vulnerability that can be exploited by attackers to remotely run arbitrary code...
Log Spoofing
Apache jUDDI is vulnerable to log spoofing. An error with the logging of keys allow an attacker to spoof entries in the log files, such as creating a false entry for a non-existent action...
GHSA-P99P-726H-C8V5 Apache juddi-client vulnerable to XML External Entity (XXE)
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...
Apache juddi-client vulnerable to XML External Entity (XXE)
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...
GHSA-49H4-G8P5-JGQ6 Moderate severity vulnerability that affects org.apache.juddi:juddi-client
After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...
Moderate severity vulnerability that affects org.apache.juddi:juddi-client
After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as...
Code injection
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter...