CVE-2009-1197

EPSS 0.4%
Published 30.10.2017 16:29:00
Last modified 20.04.2025 01:37:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Juddi Version0.9 Updaterc1

Apache ≫ Juddi Version0.9 Updaterc2

Apache ≫ Juddi Version0.9 Updaterc3

Apache ≫ Juddi Version0.9 Updaterc4

Apache ≫ Juddi Version2.0 Updaterc5

Apache ≫ Juddi Version2.0 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.4%	0.579

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://issues.apache.org/jira/browse/JUDDI-220

Issue Tracking

http://marc.info/?l=juddi-dev&m=125000625404010&w=2

Mailing List

http://www.securityfocus.com/bid/101625

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2009-1197

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1197

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1197

EUVD