53 matches found
EUVD-2021-1660
Malware in sbrugna...
EUVD-2018-0651
Malware in sbrugna...
EUVD-2009-4236
Malware in sbrugna...
EUVD-2009-1196
Malware in sbrugna...
EUVD-2009-1197
Malware in sbrugna...
EUVD-2018-0497
Malware in sbrugna...
CVE-2021-37578
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
K89010078: Apache vulnerabilities CVE-2018-1307, CVE-2018-1298, CVE-2018-1299, CVE-2018-1287, and CVE-2018-1297
Security Advisory Description CVE-2018-1307 In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and...
Deserialization of Untrusted Data in Apache jUDDI
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
org.apache.geronimo.plugins:uddi-war-repackage (>=3.0-beta-1 <=3.0.1), org.apache.juddi.client.plugins:juddi-ddl-generator (>=3.2.1 <=3.3.1) +13 more potentially affected by CVE-2021-37578 via org.apache.juddi:juddi-core (>=3.0.0 <=3.3.1)
org.apache.juddi:juddi-core MAVEN version =3.0.0, =3.0-beta-1, =3.2.1, =3.2.1, =3.0.0.alpha, =3.0.3, =3.0.0, =3.0.0, =3.0.0, =3.2.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.1.0 Source cves: CVE-2021-37578 Source advisory: OSV:GHSA-9HX8-2MRV-R674...
GHSA-9HX8-2MRV-R674 Deserialization of Untrusted Data in Apache jUDDI
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
Apache jUDDI code issue vulnerability
Apache jUDDI is a java implementation of UDDI open source package that serves WebServices. jUDDI versions prior to Apache jUDDI 3.3.10 have a code issue vulnerability that can be exploited by attackers to remotely run arbitrary code...
CVE-2021-37578
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
CVE-2021-37578
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
Design/Logic Flaw
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
CVE-2021-37578 Remote code execution via RMI
Apache jUDDI uses several classes related to Java's Remote Method Invocation RMI which as an extension to UDDI provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicio...
CVE-2021-37578
Apache jUDDI prior to 3.3.10 exposed a deserialization-based remote code execution vector via RMI. The issue arises from Java serialization in RMI entries, potentially allowing remote code execution if exploited. RMI is disabled by default for jUDDI web services/clients, and starting with 3.3.10 ...
Apache jUDDI 代码问题漏洞
Apache jUDDI is a java implementation of UDDI open source package that serves WebServices. jUDDI versions prior to Apache jUDDI 3.3.10 have a code issue vulnerability that can be exploited by attackers to remotely run arbitrary code...
Log Spoofing
Apache jUDDI is vulnerable to log spoofing. An error with the logging of keys allow an attacker to spoof entries in the log files, such as creating a false entry for a non-existent action...
GHSA-P99P-726H-C8V5 Apache juddi-client vulnerable to XML External Entity (XXE)
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...