Main Vulnerability Database Vulnerabilities #VU38000

#VU38000 Input validation error in jUDDI - CVE-2009-1197

Published: October 30, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38000

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2009-1197

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
jUDDI

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

Install update from vendor's website.