CVE-2021-37578

Apache jUDDI prior to 3.3.10 exposed a deserialization-based remote code execution vector via RMI. The issue arises from Java serialization in RMI entries, potentially allowing remote code execution if exploited. RMI is disabled by default for jUDDI web services/clients, and starting with 3.3.10 ...

CVE-2015-5241

Apache jUDDI versions 3.1.2–3.1.5 are affected by an open redirect vulnerability in the logout JSP page, allowing an attacker to redirect users to an arbitrary page after login/logout. The issue stems from the logout flow in the portlets-based UI (Pluto, jUDDI Portal, UDDI Portal, uddi-console). ...

CVE-2018-1307

CVE-2018-1307 affects Apache jUDDI 3.2–3.3.4, where WADL2Java/WSDL2Java parsers expose inadequate protections against XML External Entity expansion and DTD-type attacks. The practical consequence is exposure to XXE-type vulnerabilities when processing local/remote XML into UDDI structures. The mi...

CVE-2009-1198

Summary (CVE-2009-1198) : An XSS vulnerability exists in Apache jUDDI before 2.0. The flaw allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to the happyjuddi.jsp page. Affected software is Apache jUDDI prior to version 2.0. The vulnerability is browser-execu...

CVE-2009-4267

The CVE-2009-4267 entry concerns Apache jUDDI 3.0.0 where the console fails to properly escape line feeds, enabling remote authenticated users to spoof log entries via the numRows parameter. The NVD record notes an environmental risk with CVSS scores: CVSSv2 base 4.0 (Medium) and CVSSv3 base 6.5 ...

CVE-2009-1197

CVE-2009-1197 concerns Apache jUDDI prior to 2.0, where an error in logging keys via uddiget.jsp can allow an attacker to spoof entries in log files. The affected component is the logging path tied to uddiget.jsp; the underlying issue is log spoofing through error logging of keys. The published d...