Input validation error in jUDDI



Published: 2017-10-30 | Updated: 2020-08-08
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2009-1197
CWE-ID CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		jUDDI
Client/Desktop applications / Software for system administration

Vendor Apache Foundation

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Input validation error

EUVDB-ID: #VU38000

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2009-1197

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

Mitigation

Install update from vendor's website.

Vulnerable software versions

jUDDI: 0.9 - 2.0

External links

http://issues.apache.org/jira/browse/JUDDI-220
http://marc.info/?l=juddi-dev&m=125000625404010&w=2
http://www.securityfocus.com/bid/101625


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###