Code injection

2018-02-1916:29:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.

CPENameOperatorVersion
juddieq3.0.0

CPE	Name	Operator	Version
	juddi	eq	3.0.0

References

juddi.apache.org/security.html

mail-archives.apache.org/mod_mbox/juddi-user/201802.mbox/raw/%3C0F272EE1-E2B4-4016-8C5D-F76ABDD12D18%40gmail.com%3E