From user-return-2611-apmail-juddi-user-archive=juddi.apache.org@juddi.apache.org Fri Feb 9 01:51:35 2018 Return-Path: X-Original-To: apmail-juddi-user-archive@www.apache.org Delivered-To: apmail-juddi-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2D51617921 for ; Fri, 9 Feb 2018 01:51:35 +0000 (UTC) Received: (qmail 13871 invoked by uid 500); 9 Feb 2018 01:51:35 -0000 Delivered-To: apmail-juddi-user-archive@juddi.apache.org Received: (qmail 13713 invoked by uid 500); 9 Feb 2018 01:51:34 -0000 Mailing-List: contact user-help@juddi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@juddi.apache.org Delivered-To: mailing list user@juddi.apache.org Received: (qmail 13699 invoked by uid 500); 9 Feb 2018 01:51:33 -0000 Delivered-To: apmail-ws-juddi-user@ws.apache.org Received: (qmail 13696 invoked by uid 99); 9 Feb 2018 01:51:33 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Feb 2018 01:51:33 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id CCC771A03E7 for ; Fri, 9 Feb 2018 01:51:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.879 X-Spam-Level: * X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id j8PUTlHtZ6XX for ; Fri, 9 Feb 2018 01:51:31 +0000 (UTC) Received: from mail-qt0-f175.google.com (mail-qt0-f175.google.com [209.85.216.175]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 110695F2A8 for ; Fri, 9 Feb 2018 01:51:31 +0000 (UTC) Received: by mail-qt0-f175.google.com with SMTP id u6so8336583qtg.13 for ; Thu, 08 Feb 2018 17:51:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:mime-version:subject:message-id:date:to; bh=8KUJlV/YTf8JFC8nNuKb9PLiLvbgjn550MbPGks4tqk=; b=ZNO7pJKYQsCBw/VkTj8xxTOtYuXntt3YFNs+UFUUObt7k2dv8RUGBqx2UQ9tOPnNIQ O+C+cSw3da72Ukx0VQFTp0+zjAyS31LWl5mXvBZHdv2pmaYU0MgkyMA85rOujRHO/XoP TOAAfH6HJU8FR8tMlEJPe3j4FGtxluIfFYmwBeaqJn7hPSuNIHOsfO3qZ7kDHIv2SOvt eg7IW6kCLhGu+cbeWlybjpDrX2w0MHPRRXnj4tlMG8DOu/iVafw2Q1YHrbkeMlZTAgOn FJw22HV2s1XarnV9UR0e0mtkHFYmxwW22BCjVE9az9RlgTK27kCWn9Nbk5obHjUjvAo4 Mgaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=8KUJlV/YTf8JFC8nNuKb9PLiLvbgjn550MbPGks4tqk=; b=TTSkVI+mo7qyJPggf+DLpoxS1ZpbX0D6XCbB07v39iajVtjOFLOAJocId0FSqUUotk S+leh+XoQOHnYmZzCYnKwbftuino+xmFnGAPaE73ghpp+tGgH3hLEsAahFr2GVL74xAg lLx37OJvlQ2Z1txfNneQzwWGdUCJ6VKs2Axh+jVgejgZZ7YkqIbBW2VFxuWAN4fVu0x4 qaGLFav+59sAv6rWpY+2SZ7DYRBq+POtmUruR2CQmz3qmvownyaOJ+Cp96ok0QLgK7L9 xX7Zx2WOTwL5t6Fxdh4rPVk0dyW24rvwUjUzCEk9L1ktyf4PkWwZ/qcDrIY71HDD3/e3 wFWg== X-Gm-Message-State: APf1xPA8sYoCBms4Mh4lo7TDDuKa3ee3lgK0W6OxLI1br6ArFdTraS8+ /0fCzYlf0Q+A5oXdvWjwwjWK3MTR X-Google-Smtp-Source: AH8x2252JuSQtVKwKwCH+I1ZHTSD2Ox9BPev7/3WwzsOKZjyX0abeDXBkSKmgnz7HGAU5tEUlHLqiA== X-Received: by 10.200.43.174 with SMTP id m43mr1937081qtm.6.1518141089862; Thu, 08 Feb 2018 17:51:29 -0800 (PST) Received: from kurts-mbp.fios-router.home (pool-108-20-53-119.bstnma.fios.verizon.net. [108.20.53.119]) by smtp.gmail.com with ESMTPSA id k68sm1034689qkh.89.2018.02.08.17.51.28 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Feb 2018 17:51:29 -0800 (PST) From: Kurt Stam Content-Type: multipart/alternative; boundary="Apple-Mail=_C9A1C6C6-B4F3-4A7A-B47A-D4BD08DF61D5" Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: [Announce] CVE-2009-4267 - vulnerability in jUDDI 3.0.0 console. Message-Id: <0F272EE1-E2B4-4016-8C5D-F76ABDD12D18@gmail.com> Date: Thu, 8 Feb 2018 20:51:26 -0500 To: juddi-user@ws.apache.org X-Mailer: Apple Mail (2.3445.5.20) --Apple-Mail=_C9A1C6C6-B4F3-4A7A-B47A-D4BD08DF61D5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 [CVEID] : CVE-2009-4267 [PRODUCT] : Apache jUDDI information disclosure vulnerability [VERSION]: 3.0.0 [PROBLEMTYPE] : Information Disclosure [DISCRIPTION]: The jUDDI console doesn't escape line feeds that were = passed in the numRows parameter. This affects log integrity, as this = allows authenticated users to forge log records. Severity: Moderate Vendor: The Apache Software Foundation Mitigation: 3.0.0 users should upgrade to jUDDI 3.0.1 or newer Credit: This issue was discovered by =EF=BB=BFMarc Schoenefeld of Red Hat = Software. Thanks, =E2=80=94Kurt Kurt T Stam= --Apple-Mail=_C9A1C6C6-B4F3-4A7A-B47A-D4BD08DF61D5 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 [CVEID] : CVE-2009-4267
[PRODUCT] : Apache jUDDI information disclosure = vulnerability
[VERSION]:  3.0.0
[PROBLEMTYPE] : Information Disclosure
[DISCRIPTION]: The jUDDI console = doesn't escape line feeds that were passed in the numRows parameter. = This affects log integrity, as this allows authenticated users to forge = log records.

Severity: Moderate

Vendor:
The Apache Software Foundation

Mitigation:
3.0.0 users = should upgrade to jUDDI 3.0.1 or newer

Credit:
This= issue was discovered by =EF=BB=BFMarc Schoenefeld of Red Hat = Software.

Thanks,

=E2=80=94Kurt

Kurt T = Stam
= --Apple-Mail=_C9A1C6C6-B4F3-4A7A-B47A-D4BD08DF61D5--