Apache Juddi vulnerabilities
6 known vulnerabilities affecting apache/juddi.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2021-37578CRITICALCVSS 9.8fixed in 3.3.102021-07-29
CVE-2021-37578 [CRITICAL] CWE-502 CVE-2021-37578: Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an exte
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. T
nvd
CVE-2009-4267MEDIUMCVSS 6.5v3.0.02018-02-19
CVE-2009-4267 [MEDIUM] CWE-116 CVE-2009-4267: The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authentic
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
nvd
CVE-2018-1307HIGHCVSS 8.1≥ 3.2, ≤ 3.3.42018-02-09
CVE-2018-1307 [HIGH] CWE-611 CVE-2018-1307: In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local
In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use 3.3.5.
nvd
CVE-2009-1197MEDIUMCVSS 5.3v0.9v2.02017-10-30
CVE-2009-1197 [MEDIUM] CWE-20 CVE-2009-1197: Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error
Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.
nvd
CVE-2009-1198MEDIUMCVSS 6.1fixed in 2.02017-10-30
CVE-2009-1198 [MEDIUM] CWE-79 CVE-2009-1198: Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to injec
Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.
nvd
CVE-2015-5241MEDIUMCVSS 6.1v3.1.2v3.1.3+2 more2017-05-19
CVE-2015-5241 [MEDIUM] CWE-601 CVE-2015-5241: After logging into the portal, the logout jsp page redirects the browser back to the login page afte
After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console
nvd