CVE-2009-0217
Summary
| CVE | CVE-2009-0217 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-07-14 23:30:00 UTC |
| Updated | 2018-10-12 21:49:00 UTC |
| Description | The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Websphere Application Server | 6.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.0.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.11 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.13 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.15 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.17 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.5 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.7 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.9 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2 | All | fp17 | All |
| Application | Ibm | Websphere Application Server | 6.0.2.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.10 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.11 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.12 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.13 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.14 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.15 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.16 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.17 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.18 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.19 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.20 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.21 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.22 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.23 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.24 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.25 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.28 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.29 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.30 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.31 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.32 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.33 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.10 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.11 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.12 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.13 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.14 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.15 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.16 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.17 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.18 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.19 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.20 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.21 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.22 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.23 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.4 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.5 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.6 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.7 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.8 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.9 | All | All | All |
| Application | Ibm | Websphere Application Server | 7.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 7.0.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.0.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.11 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.13 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.15 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.17 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.5 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.7 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.1.9 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2 | All | fp17 | All |
| Application | Ibm | Websphere Application Server | 6.0.2.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.10 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.11 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.12 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.13 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.14 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.15 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.16 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.17 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.18 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.19 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.20 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.21 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.22 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.23 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.24 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.25 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.28 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.29 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.30 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.31 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.32 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.0.2.33 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.1 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.10 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.11 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.12 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.13 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.14 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.15 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.16 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.17 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.18 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.19 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.2 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.20 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.21 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.22 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.23 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.3 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.4 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.5 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.6 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.7 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.8 | All | All | All |
| Application | Ibm | Websphere Application Server | 6.1.0.9 | All | All | All |
| Application | Ibm | Websphere Application Server | 7.0 | All | All | All |
| Application | Ibm | Websphere Application Server | 7.0.0.1 | All | All | All |
| Application | Mono Project | Mono | 1.2.1 | All | All | All |
| Application | Mono Project | Mono | 1.2.2 | All | All | All |
| Application | Mono Project | Mono | 1.2.3 | All | All | All |
| Application | Mono Project | Mono | 1.2.4 | All | All | All |
| Application | Mono Project | Mono | 1.2.5 | All | All | All |
| Application | Mono Project | Mono | 1.2.6 | All | All | All |
| Application | Mono Project | Mono | 1.9 | All | All | All |
| Application | Mono Project | Mono | 2.0 | All | All | All |
| Application | Mono Project | Mono | 1.2.1 | All | All | All |
| Application | Mono Project | Mono | 1.2.2 | All | All | All |
| Application | Mono Project | Mono | 1.2.3 | All | All | All |
| Application | Mono Project | Mono | 1.2.4 | All | All | All |
| Application | Mono Project | Mono | 1.2.5 | All | All | All |
| Application | Mono Project | Mono | 1.2.6 | All | All | All |
| Application | Mono Project | Mono | 1.9 | All | All | All |
| Application | Mono Project | Mono | 2.0 | All | All | All |
| Application | Oracle | Application Server | 10.1.2.3 | All | All | All |
| Application | Oracle | Application Server | 10.1.3.4 | All | All | All |
| Application | Oracle | Application Server | 10.1.4.3im | All | All | All |
| Application | Oracle | Application Server | 10.1.2.3 | All | All | All |
| Application | Oracle | Application Server | 10.1.3.4 | All | All | All |
| Application | Oracle | Application Server | 10.1.4.3im | All | All | All |
| Application | Oracle | Bea Product Suite | 10.0 | mp1 | All | All |
| Application | Oracle | Bea Product Suite | 10.3 | All | All | All |
| Application | Oracle | Bea Product Suite | 8.1 | sp6 | All | All |
| Application | Oracle | Bea Product Suite | 9.0 | All | All | All |
| Application | Oracle | Bea Product Suite | 9.1 | All | All | All |
| Application | Oracle | Bea Product Suite | 9.2 | mp3 | All | All |
| Application | Oracle | Bea Product Suite | 10.0 | mp1 | All | All |
| Application | Oracle | Bea Product Suite | 10.3 | All | All | All |
| Application | Oracle | Bea Product Suite | 8.1 | sp6 | All | All |
| Application | Oracle | Bea Product Suite | 9.0 | All | All | All |
| Application | Oracle | Bea Product Suite | 9.1 | All | All | All |
| Application | Oracle | Bea Product Suite | 9.2 | mp3 | All | All |
| Application | Oracle | Weblogic Server Component | 10.0 | mp1 | All | All |
| Application | Oracle | Weblogic Server Component | 10.3 | All | All | All |
| Application | Oracle | Weblogic Server Component | 8.1 | sp6 | All | All |
| Application | Oracle | Weblogic Server Component | 9.0 | All | All | All |
| Application | Oracle | Weblogic Server Component | 9.1 | All | All | All |
| Application | Oracle | Weblogic Server Component | 9.2 | mp3 | All | All |
| Application | Oracle | Weblogic Server Component | 10.0 | mp1 | All | All |
| Application | Oracle | Weblogic Server Component | 10.3 | All | All | All |
| Application | Oracle | Weblogic Server Component | 8.1 | sp6 | All | All |
| Application | Oracle | Weblogic Server Component | 9.0 | All | All | All |
| Application | Oracle | Weblogic Server Component | 9.1 | All | All | All |
| Application | Oracle | Weblogic Server Component | 9.2 | mp3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 55895 | OSVDB | osvdb.org | |
| [SECURITY] Fedora 11 Update: xmlsec1-1.2.12-1.fc11 | FEDORA | www.redhat.com | |
| 511915 – (CVE-2009-0217) CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass | CONFIRM | bugzilla.redhat.com | |
| Apache XML Security HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Errata for XML Signature 2nd Edition | CONFIRM | www.w3.org | Vendor Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| 47527 – XML signature HMAC truncation authentication bypass | CONFIRM | issues.apache.org | |
| Red Hat update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability | BID | www.securityfocus.com | Patch |
| USN-826-1: Mono vulnerabilities | Ubuntu security notices | UBUNTU | usn.ubuntu.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| [SECURITY] Fedora 10 Update: xmlsec1-1.2.12-1.fc10 | FEDORA | www.redhat.com | |
| XML Security Library | CONFIRM | www.aleksey.com | |
| Security Advisory SA60799 - Gentoo openoffice Multiple Vulnerabilties - Secunia | SECUNIA | secunia.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| OpenOffice.org 3 Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | |
| IBM PK80596: Possible security exposure with XML digital signature - United States | AIXAPAR | www-01.ibm.com | Patch, Vendor Advisory |
| 269208 | SUNALERT | sunsolve.sun.com | |
| Ubuntu update for openoffice.org - Advisories - Community | SECUNIA | secunia.com | |
| Debian -- Security Information -- DSA-1995-1 openoffice.org | DEBIAN | www.debian.org | |
| Fedora update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Sign in · GitLab | CONFIRM | git.gnome.org | |
| XML Security Library XML Signature HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| [SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 | FEDORA | www.redhat.com | |
| Oracle Critical Patch Update Advisory - October 2009 | CONFIRM | www.oracle.com | |
| OpenOffice.org 2 Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| CVE-2009-0217 | CONFIRM | www.openoffice.org | |
| APPLE-SA-2009-09-03-1 Java for Mac OS X 10.5 Update 5 | APPLE | lists.apple.com | |
| Security | CONFIRM | blogs.sun.com | |
| #125136-16: Obsoleted by: 125136-17 JavaSE for business 6: update 15 patch (equivalent to JDK 6u15) | CONFIRM | sunsolve.sun.com | |
| Support | REDHAT | www.redhat.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Advisories | Mandriva | MANDRIVA | www.mandriva.com | |
| 55907 | OSVDB | osvdb.org | |
| Microsoft Security Bulletin MS10-041 - Important | Microsoft Docs | MS | docs.microsoft.com | |
| SecurityTracker.com Archives - Java Runtime Environment (JRE) XML Digital Signature Flaw May Let Remote Users Bypass Authentication | SECTRACK | www.securitytracker.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Sun Java JDK / JRE XML Signature HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| About Secunia Research | Flexera | SECUNIA | secunia.com | |
| Sign in · GitLab | CONFIRM | git.gnome.org | |
| US-CERT Vulnerability Note VU#466161 | CERT-VN | www.kb.cert.org | US Government Resource |
| Oracle Open Office Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | |
| HMAC truncation in XML Signature: When Alice didn't look. - W3C Blog | MISC | www.w3.org | Vendor Advisory |
| [security-announce] SUSE Security Announcement: OpenOffice.org (SUSE-SA: | SUSE | lists.opensuse.org | |
| US-CERT Technical Cyber Security Alert TA10-159B -- Microsoft Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| Ubuntu update for mono - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| SecurityTracker.com Archives - Oracle Application Server Bugs Let Remote Users Modify Data | SECTRACK | www.securitytracker.com | |
| Gentoo Linux Documentation -- OpenOffice, LibreOffice: Multiple vulnerabilities | GENTOO | www.gentoo.org | |
| Red Hat update for java-1.6.0-ibm - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Red Hat update for java-1.6.0-sun - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Oracle Products Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| IBM Possible security exposure with XML digital signature with IBM WebSphere Application Server (PK80596 and PK80627) - United States | CONFIRM | www-01.ibm.com | Patch, Vendor Advisory |
| Sun Microsystems, Inc. Information for VU#466161 | CONFIRM | www.kb.cert.org | |
| RSA Products XML Signature HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| IBM PK80627; Possible security exposure with XML digital signature. - United States | AIXAPAR | www-01.ibm.com | Patch, Vendor Advisory |
| [security-announce] SUSE Security Announcement: IBM Java 6 (SUSE-SA:2009 | SUSE | lists.opensuse.org | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| '[security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege,' - MARC | HP | marc.info | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| [Apache-SVN] Revision 794013 | CONFIRM | svn.apache.org | |
| IBM WebSphere Application Server Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Oracle Critical Patch Update Pre-Release Announcement - October 2010 | CONFIRM | www.oracle.com | |
| SecurityTracker.com Archives - WebLogic Server Bugs Let Remote Users Gain Access and Modify Data and Deny Service | SECTRACK | www.securitytracker.com | |
| RSA Security, Inc. Information for VU#466161 | CONFIRM | www.kb.cert.org | |
| Oracle Critical Patch Update Advisory - July 2009 | CONFIRM | www.oracle.com | |
| 1020710 | SUNALERT | sunsolve.sun.com | |
| SUSE update for OpenOffice_org - Secunia.com | SECUNIA | secunia.com | |
| Bug 47526 – XML signature HMAC truncation authentication bypass | CONFIRM | issues.apache.org | |
| #263429: A Security Vulnerability With Verifying HMAC-based XML Digital Signatures in the XML Digital Signature Implementation Included With the Java Runtime Environment (JRE) may Allow Authentication to be Bypassed | SUNALERT | sunsolve.sun.com | |
| USN-903-1: OpenOffice.org vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 | FEDORA | www.redhat.com | |
| HP-UX update for JRE / JDK - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Mono XML Signature HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Vulnerabilities - Mono | CONFIRM | www.mono-project.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.