CVE-2009-1197

EPSS 0.4%
Veröffentlicht 30.10.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Juddi Version0.9 Updaterc1

Apache ≫ Juddi Version0.9 Updaterc2

Apache ≫ Juddi Version0.9 Updaterc3

Apache ≫ Juddi Version0.9 Updaterc4

Apache ≫ Juddi Version2.0 Updaterc5

Apache ≫ Juddi Version2.0 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.579

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://issues.apache.org/jira/browse/JUDDI-220

Issue Tracking

http://marc.info/?l=juddi-dev&m=125000625404010&w=2

Mailing List

http://www.securityfocus.com/bid/101625

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2009-1197

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1197

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1197

EUVD