CVE-2009-4267

CWE-1163 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 57.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation JuddiApache Juddi
Timeline
PublishedFeb 19
Latest updateMay 2

Description

The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/juddi3.0.0
CVEListV5apache_software_foundation/juddi3.0.0 fixed in 3.0.1

🔴Vulnerability Details

2
GHSA
GHSA-9fhh-gqv6-6cp4: The console in Apache jUDDI 32022-05-02
CVEList
CVE-2009-4267: The console in Apache jUDDI 32018-02-19
CVE-2009-4267 (MEDIUM CVSS 6.5) | The console in Apache jUDDI 3.0.0 d | cvebase.io