漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Remote code execution via RMI
Vulnerability Description
Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Apache jUDDI 代码问题漏洞
Vulnerability Description
Apache jUDDI是一个服务于WebServices 的UDDI的java实现开源包。 Apache jUDDI 3.3.10之前的版本存在代码问题漏洞。该漏洞源于Apache jUDDI使用了几个与Java的远程方法调用(RMI)相关的类,RMI(作为UDDI的扩展)提供了访问UDDI服务的替代传输。RMI使用默认的Java序列化机制在RMI调用中传递参数。远程攻击者可利用该漏洞向上述RMI条目发送恶意的序列化对象,对象在不检查传入数据的情况下被反序列化。在最坏的情况下,它可能让攻击者远程运行任意
CVSS Information
N/A
Vulnerability Type
N/A