4 matches found
CVE-2021-37578
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
CVE-2021-37578
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
CVE-2021-37578
Apache jUDDI prior to 3.3.10 exposed a deserialization-based remote code execution vector via RMI. The issue arises from Java serialization in RMI entries, potentially allowing remote code execution if exploited. RMI is disabled by default for jUDDI web services/clients, and starting with 3.3.10 ...
CVE-2021-37578 Remote code execution via RMI
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...