Skip to content
Permalink
Browse files
NOJIRA updating site docs, fixing CLI packaging type, previous was a …
…bundle which causes issues build issues
  • Loading branch information
spyhunter99 committed Feb 9, 2018
1 parent 94da72a commit b5ded210ebeafee19608ebb26aba0af0ed363002
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 2 deletions.
@@ -25,7 +25,7 @@
<groupId>org.apache.juddi</groupId>
<artifactId>juddi-client-cli</artifactId>
<version>3.3.6-SNAPSHOT</version>
<packaging>bundle</packaging>
<packaging>jar</packaging>

<name>jUDDI CLI Client</name>
<url>http://maven.apache.org</url>
@@ -2,7 +2,28 @@ Title: Security Advisories

## Security Advisories for Apache jUDDI

### CVEID:CVE-2015-5241
### CVEID : [CVE-2009-4267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267)

VERSION: 3.0.0

PROBLEMTYPE: Information Disclosure

REFERENCES: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4267

DISCRIPTION: The jUDDI console doesn't escape line feeds that were passed in the numRows parameter. This affects log integrity, as this allows authenticated users to forge log records.

Severity: Moderate

Mitigation:

3.0.0 users should upgrade to jUDDI 3.0.1 or newer

Credit:

This issue was discovered by Marc Schoenefeld of Red Hat Software.


### CVEID: [CVE-2015-5241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5241)

VERSION: 3.1.2, 3.1.3, 3.1.4, and 3.1.5 that utilize the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'

0 comments on commit b5ded21

Please sign in to comment.