{"api_version":"1","generated_at":"2026-04-23T17:14:13+00:00","cve":"CVE-2009-0217","urls":{"html":"https://cve.report/CVE-2009-0217","api":"https://cve.report/api/cve/CVE-2009-0217.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0217","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0217"},"summary":{"title":"CVE-2009-0217","description":"The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.","state":"PUBLISHED","assigner":"certcc","published_at":"2009-07-14 23:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securitytracker.com/id?1022561","name":"http://www.securitytracker.com/id?1022561","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - WebLogic Server Bugs Let Remote Users Gain Access and Modify Data and Deny Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915","name":"https://bugzilla.redhat.com/show_bug.cgi?id=511915","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"511915 – (CVE-2009-0217) CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1201.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1201.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/34461","name":"http://secunia.com/advisories/34461","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM WebSphere Application Server Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526","name":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Bug 47526 – XML signature HMAC truncation authentication bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38568","name":"http://secunia.com/advisories/38568","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"OpenOffice.org 3 Multiple Vulnerabilities - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161","name":"http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/38567","name":"http://secunia.com/advisories/38567","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"OpenOffice.org 2 Multiple Vulnerabilities - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38921","name":"http://secunia.com/advisories/38921","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SUSE update for OpenOffice_org - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mono-project.com/Vulnerabilities","name":"http://www.mono-project.com/Vulnerabilities","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Vulnerabilities - Mono","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/3122","name":"http://www.vupen.com/english/advisories/2009/3122","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35852","name":"http://secunia.com/advisories/35852","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Mono XML Signature HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2010/dsa-1995","name":"http://www.debian.org/security/2010/dsa-1995","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-1995-1 openoffice.org","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527","name":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"47527 – XML signature HMAC truncation authentication bypass","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere","name":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"IBM PK80596: Possible security exposure with XML digital signature - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/WDON-7TY529","name":"http://www.kb.cert.org/vuls/id/WDON-7TY529","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"RSA Security, Inc. Information for VU#466161","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html","name":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update Pre-Release Announcement - October 2010","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html","name":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 11 Update: java-1.6.0-openjdk-1.6.0.0-27.b16.fc11","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1650.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1650.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.aleksey.com/xmlsec/","name":"http://www.aleksey.com/xmlsec/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"XML Security Library","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/1900","name":"http://www.vupen.com/english/advisories/2009/1900","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html","name":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE Security Announcement: IBM Java 6 (SUSE-SA:2009","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1636.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1636.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/38695","name":"http://secunia.com/advisories/38695","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Ubuntu update for openoffice.org - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS10-041 - Important | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37300","name":"http://secunia.com/advisories/37300","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"HP-UX update for JRE / JDK - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere","name":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"IBM PK80627; Possible security exposure with XML digital signature. - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36162","name":"http://secunia.com/advisories/36162","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Fedora update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.kb.cert.org/vuls/id/466161","name":"http://www.kb.cert.org/vuls/id/466161","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#466161","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7","name":"http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sign in · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html","name":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-20.b16.fc10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html","name":"http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2009","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/35855","name":"http://secunia.com/advisories/35855","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Apache XML Security HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2","name":"http://marc.info/?l=bugtraq&m=125787273209737&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'[security bulletin] HPSBUX02476 SSRT090250 rev.1 - HP-UX Running Java, Remote Increase in Privilege,' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/37841","name":"http://secunia.com/advisories/37841","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat update for java-1.6.0-ibm - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"#125136-16: Obsoleted by: 125136-17 JavaSE for business 6: update 15 patch (equivalent to JDK 6u15)","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.openoffice.org/security/cves/CVE-2009-0217.html","name":"http://www.openoffice.org/security/cves/CVE-2009-0217.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CVE-2009-0217","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1649.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1649.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-903-1","name":"http://www.ubuntu.com/usn/USN-903-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-903-1: OpenOffice.org vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html","name":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"APPLE-SA-2009-09-03-1 Java for Mac OS X 10.5 Update 5","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925","name":"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"IBM Possible security exposure with XML digital signature with IBM WebSphere Application Server (PK80596 and PK80627) - United States","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/0366","name":"http://www.vupen.com/english/advisories/2010/0366","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/1911","name":"http://www.vupen.com/english/advisories/2009/1911","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/support/errata/RHSA-2009-1694.html","name":"http://www.redhat.com/support/errata/RHSA-2009-1694.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ","name":"http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Microsystems, Inc. Information for VU#466161","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/55907","name":"http://osvdb.org/55907","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1022661","name":"http://www.securitytracker.com/id?1022661","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Java Runtime Environment (JRE) XML Digital Signature Flaw May Let Remote Users Bypass Authentication","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html","name":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Critical Patch Update Advisory - October 2009","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/36176","name":"http://secunia.com/advisories/36176","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Red Hat update for java-1.6.0-sun - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1428.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/41818","name":"http://secunia.com/advisories/41818","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Open Office Multiple Vulnerabilities - Advisories - Community","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35853","name":"http://secunia.com/advisories/35853","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Sun Java JDK / JRE XML Signature HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/35671","name":"http://www.securityfocus.com/bid/35671","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html","name":"http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"HMAC truncation in XML Signature: When Alice didn't look. - W3C Blog","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisories | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html","name":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA10-159B -- Microsoft Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html","name":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 10 Update: xmlsec1-1.2.12-1.fc10","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35776","name":"http://secunia.com/advisories/35776","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Oracle Products Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/0635","name":"http://www.vupen.com/english/advisories/2010/0635","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail - OVH","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1200.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1200.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/37671","name":"http://secunia.com/advisories/37671","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"About Secunia Research | Flexera","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1022567","name":"http://www.securitytracker.com/id?1022567","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Oracle Application Server Bugs Let Remote Users Modify Data","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  OpenOffice, LibreOffice: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/2543","name":"http://www.vupen.com/english/advisories/2009/2543","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7","name":"http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sign in · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://svn.apache.org/viewvc?revision=794013&view=revision","name":"http://svn.apache.org/viewvc?revision=794013&view=revision","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Apache-SVN] Revision 794013","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.w3.org/2008/06/xmldsigcore-errata.html#e03","name":"http://www.w3.org/2008/06/xmldsigcore-errata.html#e03","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Errata for XML Signature 2nd Edition","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://rhn.redhat.com/errata/RHSA-2009-1637.html","name":"https://rhn.redhat.com/errata/RHSA-2009-1637.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"rhn.redhat.com | Red Hat Support","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/35858","name":"http://secunia.com/advisories/35858","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"RSA Products XML Signature HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/60799","name":"http://secunia.com/advisories/60799","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Advisory SA60799 - Gentoo openoffice Multiple Vulnerabilties - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36180","name":"http://secunia.com/advisories/36180","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Red Hat update for java-1.6.0-openjdk - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/35854","name":"http://secunia.com/advisories/35854","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"XML Security Library XML Signature HMAC Truncation Spoofing - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html","name":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 11 Update: xmlsec1-1.2.12-1.fc11","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/1909","name":"http://www.vupen.com/english/advisories/2009/1909","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/36494","name":"http://secunia.com/advisories/36494","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Ubuntu update for mono - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"#263429: A Security Vulnerability With Verifying HMAC-based XML Digital Signatures in the XML Digital Signature Implementation Included With the Java Runtime Environment (JRE) may Allow Authentication to be Bypassed","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html","name":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[security-announce] SUSE Security Announcement: OpenOffice.org (SUSE-SA:","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html","name":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA09-294A -- Oracle Updates for Multiple Vulnerabilities","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/55895","name":"http://osvdb.org/55895","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2009/1908","name":"http://www.vupen.com/english/advisories/2009/1908","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/826-1/","name":"https://usn.ubuntu.com/826-1/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-826-1: Mono vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0217","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0217","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.1.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2","cpe7":"*","cpe8":"fp17","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.28","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.29","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.0.2.33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"6.1.0.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"websphere_application_server","cpe6":"7.0.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mono_project","cpe5":"mono","cpe6":"1.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mono_project","cpe5":"mono","cpe6":"1.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mono_project","cpe5":"mono","cpe6":"1.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mono_project","cpe5":"mono","cpe6":"1.2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mono_project","cpe5":"mono","cpe6":"1.2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mono_project","cpe5":"mono","cpe6":"1.2.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mono_project","cpe5":"mono","cpe6":"1.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mono_project","cpe5":"mono","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"application_server","cpe6":"10.1.4.3im","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"bea_product_suite","cpe6":"10.0","cpe7":"mp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"bea_product_suite","cpe6":"10.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"bea_product_suite","cpe6":"8.1","cpe7":"sp6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"bea_product_suite","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"bea_product_suite","cpe6":"9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"bea_product_suite","cpe6":"9.2","cpe7":"mp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"weblogic_server_component","cpe6":"10.0","cpe7":"mp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"weblogic_server_component","cpe6":"10.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"weblogic_server_component","cpe6":"8.1","cpe7":"sp6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"weblogic_server_component","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"weblogic_server_component","cpe6":"9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"217","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"weblogic_server_component","cpe6":"9.2","cpe7":"mp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:24:18.400Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"RHSA-2009:1428","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html"},{"name":"ADV-2009-3122","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/3122"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.openoffice.org/security/cves/CVE-2009-0217.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"},{"name":"60799","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/60799"},{"name":"GLSA-201408-19","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"},{"name":"PK80596","tags":["vendor-advisory","x_refsource_AIXAPAR","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"},{"name":"RHSA-2009:1200","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1200.html"},{"name":"35776","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35776"},{"name":"36162","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36162"},{"name":"36494","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36494"},{"name":"ADV-2009-2543","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/2543"},{"name":"35858","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35858"},{"name":"38695","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/38695"},{"name":"269208","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"},{"name":"DSA-1995","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2010/dsa-1995"},{"name":"HPSBUX02476","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"35853","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35853"},{"name":"RHSA-2009:1637","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1637.html"},{"name":"RHSA-2009:1694","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2009-1694.html"},{"name":"35852","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35852"},{"name":"35854","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35854"},{"name":"34461","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34461"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/WDON-7TY529"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.mono-project.com/Vulnerabilities"},{"name":"1020710","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"},{"name":"USN-903-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-903-1"},{"name":"35671","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/35671"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"},{"name":"ADV-2010-0366","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/0366"},{"name":"55907","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/55907"},{"name":"MDVSA-2009:209","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"name":"SUSE-SA:2010:017","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"},{"name":"38567","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/38567"},{"name":"FEDORA-2009-8329","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"name":"263429","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"},{"name":"SSRT090250","tags":["vendor-advisory","x_refsource_HP","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"ADV-2009-1900","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1900"},{"name":"1022561","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022561"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"},{"name":"37671","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37671"},{"name":"VU#466161","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/466161"},{"name":"1022567","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022567"},{"name":"RHSA-2009:1636","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1636.html"},{"name":"PK80627","tags":["vendor-advisory","x_refsource_AIXAPAR","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"},{"name":"RHSA-2009:1649","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1649.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"},{"name":"TA09-294A","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"name":"ADV-2009-1909","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1909"},{"name":"ADV-2010-0635","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/0635"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://svn.apache.org/viewvc?revision=794013&view=revision"},{"name":"38568","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/38568"},{"name":"36180","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36180"},{"name":"FEDORA-2009-8456","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"},{"name":"USN-826-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/826-1/"},{"name":"37841","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37841"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"},{"name":"35855","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35855"},{"name":"FEDORA-2009-8473","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"},{"name":"36176","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36176"},{"name":"oval:org.mitre.oval:def:7158","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"},{"name":"ADV-2009-1908","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1908"},{"name":"FEDORA-2009-8337","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925"},{"name":"41818","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/41818"},{"name":"1022661","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022661"},{"name":"37300","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/37300"},{"name":"ADV-2009-1911","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1911"},{"name":"APPLE-SA-2009-09-03-1","tags":["vendor-advisory","x_refsource_APPLE","x_transferred"],"url":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"name":"SUSE-SA:2009:053","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"name":"oval:org.mitre.oval:def:8717","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"},{"name":"RHSA-2009:1201","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1201.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"},{"name":"TA10-159B","tags":["third-party-advisory","x_refsource_CERT","x_transferred"],"url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html"},{"name":"oval:org.mitre.oval:def:10186","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"},{"name":"55895","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/55895"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.aleksey.com/xmlsec/"},{"name":"MS10-041","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"},{"name":"38921","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/38921"},{"name":"RHSA-2009:1650","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1650.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-07-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"RHSA-2009:1428","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html"},{"name":"ADV-2009-3122","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/3122"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.openoffice.org/security/cves/CVE-2009-0217.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"},{"name":"60799","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/60799"},{"name":"GLSA-201408-19","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"},{"name":"PK80596","tags":["vendor-advisory","x_refsource_AIXAPAR"],"url":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"},{"name":"RHSA-2009:1200","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1200.html"},{"name":"35776","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35776"},{"name":"36162","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36162"},{"name":"36494","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36494"},{"name":"ADV-2009-2543","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/2543"},{"name":"35858","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35858"},{"name":"38695","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/38695"},{"name":"269208","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"},{"name":"DSA-1995","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2010/dsa-1995"},{"name":"HPSBUX02476","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"35853","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35853"},{"name":"RHSA-2009:1637","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1637.html"},{"name":"RHSA-2009:1694","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2009-1694.html"},{"name":"35852","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35852"},{"name":"35854","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35854"},{"name":"34461","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34461"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.kb.cert.org/vuls/id/WDON-7TY529"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.mono-project.com/Vulnerabilities"},{"name":"1020710","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"},{"name":"USN-903-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-903-1"},{"name":"35671","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/35671"},{"tags":["x_refsource_CONFIRM"],"url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"},{"name":"ADV-2010-0366","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/0366"},{"name":"55907","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/55907"},{"name":"MDVSA-2009:209","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"name":"SUSE-SA:2010:017","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"},{"name":"38567","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/38567"},{"name":"FEDORA-2009-8329","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"name":"263429","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"},{"tags":["x_refsource_CONFIRM"],"url":"http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"},{"name":"SSRT090250","tags":["vendor-advisory","x_refsource_HP"],"url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"ADV-2009-1900","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1900"},{"name":"1022561","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022561"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"},{"name":"37671","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37671"},{"name":"VU#466161","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/466161"},{"name":"1022567","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022567"},{"name":"RHSA-2009:1636","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1636.html"},{"name":"PK80627","tags":["vendor-advisory","x_refsource_AIXAPAR"],"url":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"},{"name":"RHSA-2009:1649","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1649.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"},{"name":"TA09-294A","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"name":"ADV-2009-1909","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1909"},{"name":"ADV-2010-0635","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/0635"},{"tags":["x_refsource_CONFIRM"],"url":"http://svn.apache.org/viewvc?revision=794013&view=revision"},{"name":"38568","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/38568"},{"name":"36180","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36180"},{"name":"FEDORA-2009-8456","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"},{"name":"USN-826-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/826-1/"},{"name":"37841","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37841"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"},{"name":"35855","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35855"},{"name":"FEDORA-2009-8473","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"},{"name":"36176","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36176"},{"name":"oval:org.mitre.oval:def:7158","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"},{"tags":["x_refsource_MISC"],"url":"http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"},{"name":"ADV-2009-1908","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1908"},{"name":"FEDORA-2009-8337","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"},{"tags":["x_refsource_CONFIRM"],"url":"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925"},{"name":"41818","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/41818"},{"name":"1022661","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022661"},{"name":"37300","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/37300"},{"name":"ADV-2009-1911","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1911"},{"name":"APPLE-SA-2009-09-03-1","tags":["vendor-advisory","x_refsource_APPLE"],"url":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"name":"SUSE-SA:2009:053","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"name":"oval:org.mitre.oval:def:8717","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"},{"name":"RHSA-2009:1201","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1201.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"},{"name":"TA10-159B","tags":["third-party-advisory","x_refsource_CERT"],"url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html"},{"name":"oval:org.mitre.oval:def:10186","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"},{"name":"55895","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/55895"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.aleksey.com/xmlsec/"},{"name":"MS10-041","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"},{"name":"38921","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/38921"},{"name":"RHSA-2009:1650","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://rhn.redhat.com/errata/RHSA-2009-1650.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2009-0217","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"RHSA-2009:1428","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1428.html"},{"name":"ADV-2009-3122","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/3122"},{"name":"http://www.openoffice.org/security/cves/CVE-2009-0217.html","refsource":"CONFIRM","url":"http://www.openoffice.org/security/cves/CVE-2009-0217.html"},{"name":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526","refsource":"CONFIRM","url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"},{"name":"60799","refsource":"SECUNIA","url":"http://secunia.com/advisories/60799"},{"name":"GLSA-201408-19","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"},{"name":"PK80596","refsource":"AIXAPAR","url":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"},{"name":"RHSA-2009:1200","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1200.html"},{"name":"35776","refsource":"SECUNIA","url":"http://secunia.com/advisories/35776"},{"name":"36162","refsource":"SECUNIA","url":"http://secunia.com/advisories/36162"},{"name":"36494","refsource":"SECUNIA","url":"http://secunia.com/advisories/36494"},{"name":"ADV-2009-2543","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/2543"},{"name":"35858","refsource":"SECUNIA","url":"http://secunia.com/advisories/35858"},{"name":"38695","refsource":"SECUNIA","url":"http://secunia.com/advisories/38695"},{"name":"269208","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"},{"name":"DSA-1995","refsource":"DEBIAN","url":"http://www.debian.org/security/2010/dsa-1995"},{"name":"HPSBUX02476","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"35853","refsource":"SECUNIA","url":"http://secunia.com/advisories/35853"},{"name":"RHSA-2009:1637","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1637.html"},{"name":"RHSA-2009:1694","refsource":"REDHAT","url":"http://www.redhat.com/support/errata/RHSA-2009-1694.html"},{"name":"35852","refsource":"SECUNIA","url":"http://secunia.com/advisories/35852"},{"name":"35854","refsource":"SECUNIA","url":"http://secunia.com/advisories/35854"},{"name":"34461","refsource":"SECUNIA","url":"http://secunia.com/advisories/34461"},{"name":"http://www.kb.cert.org/vuls/id/WDON-7TY529","refsource":"CONFIRM","url":"http://www.kb.cert.org/vuls/id/WDON-7TY529"},{"name":"http://www.mono-project.com/Vulnerabilities","refsource":"CONFIRM","url":"http://www.mono-project.com/Vulnerabilities"},{"name":"1020710","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"},{"name":"USN-903-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-903-1"},{"name":"35671","refsource":"BID","url":"http://www.securityfocus.com/bid/35671"},{"name":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527","refsource":"CONFIRM","url":"https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"},{"name":"ADV-2010-0366","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2010/0366"},{"name":"55907","refsource":"OSVDB","url":"http://osvdb.org/55907"},{"name":"MDVSA-2009:209","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"},{"name":"SUSE-SA:2010:017","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"},{"name":"38567","refsource":"SECUNIA","url":"http://secunia.com/advisories/38567"},{"name":"FEDORA-2009-8329","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"},{"name":"263429","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"},{"name":"http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161","refsource":"CONFIRM","url":"http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"},{"name":"SSRT090250","refsource":"HP","url":"http://marc.info/?l=bugtraq&m=125787273209737&w=2"},{"name":"ADV-2009-1900","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/1900"},{"name":"1022561","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022561"},{"name":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"},{"name":"37671","refsource":"SECUNIA","url":"http://secunia.com/advisories/37671"},{"name":"VU#466161","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/466161"},{"name":"1022567","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022567"},{"name":"RHSA-2009:1636","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1636.html"},{"name":"PK80627","refsource":"AIXAPAR","url":"http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"},{"name":"RHSA-2009:1649","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1649.html"},{"name":"http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"},{"name":"TA09-294A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA09-294A.html"},{"name":"ADV-2009-1909","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/1909"},{"name":"ADV-2010-0635","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2010/0635"},{"name":"http://svn.apache.org/viewvc?revision=794013&view=revision","refsource":"CONFIRM","url":"http://svn.apache.org/viewvc?revision=794013&view=revision"},{"name":"38568","refsource":"SECUNIA","url":"http://secunia.com/advisories/38568"},{"name":"36180","refsource":"SECUNIA","url":"http://secunia.com/advisories/36180"},{"name":"FEDORA-2009-8456","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"},{"name":"http://www.w3.org/2008/06/xmldsigcore-errata.html#e03","refsource":"CONFIRM","url":"http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"},{"name":"USN-826-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/826-1/"},{"name":"37841","refsource":"SECUNIA","url":"http://secunia.com/advisories/37841"},{"name":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"},{"name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1","refsource":"CONFIRM","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"},{"name":"35855","refsource":"SECUNIA","url":"http://secunia.com/advisories/35855"},{"name":"FEDORA-2009-8473","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"},{"name":"36176","refsource":"SECUNIA","url":"http://secunia.com/advisories/36176"},{"name":"oval:org.mitre.oval:def:7158","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"},{"name":"http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html","refsource":"MISC","url":"http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"},{"name":"ADV-2009-1908","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/1908"},{"name":"FEDORA-2009-8337","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"},{"name":"http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7","refsource":"CONFIRM","url":"http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"},{"name":"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925"},{"name":"41818","refsource":"SECUNIA","url":"http://secunia.com/advisories/41818"},{"name":"1022661","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1022661"},{"name":"37300","refsource":"SECUNIA","url":"http://secunia.com/advisories/37300"},{"name":"ADV-2009-1911","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/1911"},{"name":"APPLE-SA-2009-09-03-1","refsource":"APPLE","url":"http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"},{"name":"SUSE-SA:2009:053","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"},{"name":"oval:org.mitre.oval:def:8717","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"},{"name":"RHSA-2009:1201","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1201.html"},{"name":"http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7","refsource":"CONFIRM","url":"http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"},{"name":"http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ","refsource":"CONFIRM","url":"http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"},{"name":"TA10-159B","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA10-159B.html"},{"name":"oval:org.mitre.oval:def:10186","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"},{"name":"55895","refsource":"OSVDB","url":"http://osvdb.org/55895"},{"name":"http://www.aleksey.com/xmlsec/","refsource":"CONFIRM","url":"http://www.aleksey.com/xmlsec/"},{"name":"MS10-041","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"},{"name":"38921","refsource":"SECUNIA","url":"http://secunia.com/advisories/38921"},{"name":"RHSA-2009:1650","refsource":"REDHAT","url":"https://rhn.redhat.com/errata/RHSA-2009-1650.html"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=511915","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=511915"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2009-0217","datePublished":"2009-07-14T23:00:00.000Z","dateReserved":"2009-01-20T00:00:00.000Z","dateUpdated":"2024-08-07T04:24:18.400Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-07-14 23:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"01F45BA3-6504-47AF-B757-7B6D3526FBF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E3E6D6AF-0D69-4605-B871-6DAE01CF08EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"F5EE7744-4584-4AE4-9F27-11EFAA002E77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0DE0C501-4062-49D0-8983-5E92765C7181"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"CE27E903-6D65-4D29-9583-43FB4CB473B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"4A754DD5-585B-4E89-9C01-2B47D2F5F6F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"D40DEF90-CE7F-46BB-A6FF-50C1797866B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"A5AAA544-D3F8-4AE2-BB2D-A64CB86EC988"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7C7D4ECD-8787-4F9B-B81C-C0DFD8DD20EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"C43D3515-D9F5-4DC8-A030-9F97593495F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*","matchCriteriaId":"A1968803-FF03-477C-81FE-87528FC6DF6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*","matchCriteriaId":"62C1CA3B-E575-4531-A336-8BFC9F5DEC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*","matchCriteriaId":"6C130982-8C6E-413E-8296-C9C277FCBE6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*","matchCriteriaId":"5E1790E4-073A-4666-80CB-4D967928A0BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*","matchCriteriaId":"6239EEAE-5852-4DF7-8627-87139BBB03B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"714C405D-1E8F-45C1-8A09-5103F0080C76"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:fp17:*:*:*:*:*","matchCriteriaId":"D592217D-3489-40AE-8338-BF5AA5BBA251"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*","matchCriteriaId":"C7F31FD3-8681-4F07-9644-5CC87D512520"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C2604E01-E43E-4882-8896-5E646E850286"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*","matchCriteriaId":"458BAD79-958E-4665-B1F8-0D46E0C57045"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:*:*:*:*:*:*:*","matchCriteriaId":"A98E5593-1534-48E2-8CD5-B2D1CACDDAB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*","matchCriteriaId":"DB4AB6BD-4439-4100-A3CE-4600AED10B65"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:*:*:*:*:*:*:*","matchCriteriaId":"FD71D5EA-9AF5-422C-810A-D136A5F132F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*","matchCriteriaId":"375DF4AF-3C7C-47C3-BBB8-AF2B3827AC13"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:*:*:*:*:*:*:*","matchCriteriaId":"2C9D6BDA-39E1-4D15-9D86-E212809998FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*","matchCriteriaId":"91CC2DA7-BAA6-4061-8D0C-81F002DEF06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:*:*:*:*:*:*:*","matchCriteriaId":"4F2A78FE-8FA6-4532-9E9E-CF6F860EFAE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*","matchCriteriaId":"59BEDD70-B6DB-448F-A998-3E8774B0DB8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:*:*:*:*:*:*:*","matchCriteriaId":"63099EF9-0512-44CD-946A-9B25144E50D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*","matchCriteriaId":"F200042C-D45E-4CAD-BF6E-E3DADF4D1D21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:*:*:*:*:*:*:*","matchCriteriaId":"D9132BB1-5E2E-4CA6-9B63-027CF2A7229D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:*:*:*:*:*:*:*","matchCriteriaId":"D839EDB9-A44F-4F7F-94EF-1A77371D705C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*","matchCriteriaId":"4421929D-C4B9-43C5-BE61-E68484D3B198"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*","matchCriteriaId":"EB622117-C91F-47D2-9832-B7DB340796E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*","matchCriteriaId":"0D65E0CC-FA8C-41FD-B256-47DB0C9757FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*","matchCriteriaId":"6D87691D-0719-4447-B258-5FA2BD10F11A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*","matchCriteriaId":"4D0B1A00-191D-49B2-8841-FB6C48A5D0C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*","matchCriteriaId":"BF771E28-65AC-4A94-8A51-4EA77BC3D0B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:*:*:*:*:*:*:*","matchCriteriaId":"E5594891-E790-44E7-BC9E-0A413B385E1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*","matchCriteriaId":"C286007A-361F-47BB-A099-E041D5CF6E48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:*:*:*:*:*:*:*","matchCriteriaId":"CD464F13-942D-40EC-8144-6D23A0AEAA81"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.0.2.33:*:*:*:*:*:*:*","matchCriteriaId":"05BC8C52-DA95-4BF2-AD47-9922741CAAF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*","matchCriteriaId":"7B9CDD56-921C-4FAF-87E2-14B91EC1A93D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"95255265-6D69-46D3-9FFA-8EDB1734375C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2E4191D3-64AB-482C-9DEF-DD04C4C942CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5FC6EB31-9707-408B-8BF5-66BD23441A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9B73E052-AF4F-4543-AA03-F5B1FA976EA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"23171B81-C991-467A-95A4-EDDAC59C37BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"CBD75308-7F21-4DDF-AD66-C155CF4B721B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"2586C584-3258-414B-AB28-1EBA0DBD0B83"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"431C250D-8279-4071-871C-1C7C4DE09B5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*","matchCriteriaId":"BCA175EA-EDC6-4228-8E28-E9BBC981E60A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:*:*:*:*:*:*:*","matchCriteriaId":"FC300B03-7A8F-4E96-B55D-18CC258BBFCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*","matchCriteriaId":"C6A4EC9D-98C2-40B0-BA40-4838FE8D1FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.10:*:*:*:*:*:*:*","matchCriteriaId":"D3A3ADFB-93E0-42E5-B31B-59F22EA4E3EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*","matchCriteriaId":"7AF5BB33-4E78-4123-8093-EBEE2F2B5598"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*","matchCriteriaId":"E3F4B8EA-9299-42C1-AAFB-831701ED2FA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A45B6F32-5DFF-4833-9F0F-89576724CF97"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.14:*:*:*:*:*:*:*","matchCriteriaId":"13C8054A-8581-4936-AF94-291AE56EB4DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*","matchCriteriaId":"13CA9A59-DFE4-4566-8719-E6FA4720F06A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.16:*:*:*:*:*:*:*","matchCriteriaId":"026EBFCD-0BC1-404B-BC14-292F35BE667A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*","matchCriteriaId":"A89DD1BF-4AB0-480D-9856-B1BEA73A4AAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.18:*:*:*:*:*:*:*","matchCriteriaId":"B13D74F8-4321-48B3-A33E-FCCFA93013CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*","matchCriteriaId":"49E119EF-B6A5-4B6C-B199-C64F62CA7CB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.20:*:*:*:*:*:*:*","matchCriteriaId":"2043B836-3950-46A1-89E4-08985DEA0D33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*","matchCriteriaId":"C9C8FA3D-9162-4D9B-8250-FAC93ED77A2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.22:*:*:*:*:*:*:*","matchCriteriaId":"5EE93B7F-3EB5-4BE4-BFAA-4AA30D15A76D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*","matchCriteriaId":"E06DE5D4-D3A5-4783-ACE0-A80808DB09C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"B0905C80-A1BA-49CD-90CA-9270ECC3940C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"B108457A-50DC-4432-9E30-98ADBEBF2389"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"403E554C-FD1B-42CE-82C2-43CC191905DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"78278FE6-26EA-4E89-9423-EABA6C4D8877"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:*","matchCriteriaId":"15E1695E-FD6E-4602-9BD9-9CFFF20574CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:*","matchCriteriaId":"691B3AF1-7F3F-4A7D-9F16-FE6044E33482"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:*","matchCriteriaId":"E2DE3739-A2ED-47D7-9AE9-442A95ACFC3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DDAB5331-AD2E-483C-93C3-8095BBBA0572"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:*","matchCriteriaId":"E3CC03DC-14A6-4C45-9511-7CE8E7F727BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:mono_project:mono:2.0:*:*:*:*:*:*:*","matchCriteriaId":"C71A1398-8AA5-4AB3-89C8-E2E2B36FA5AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.2.3:*:*:*:*:*:*:*","matchCriteriaId":"96C617ED-3D8C-4B64-A56A-30BDE6E9B8D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.3.4:*:*:*:*:*:*:*","matchCriteriaId":"D41A0A9E-6B5B-4FA9-996B-E589B96C24D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_server:10.1.4.3im:*:*:*:*:*:*:*","matchCriteriaId":"25672ED0-9830-48B3-899A-405B97E2229A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*","matchCriteriaId":"0B8AB045-051A-477E-B2F7-4057826C43F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5D9ABA-10EE-4EE2-9814-BDFBBE9A6014"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*","matchCriteriaId":"09215858-8A4F-4595-98DD-39027EC6CC1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*","matchCriteriaId":"A7390B6A-7944-4509-B499-5B51DB9BF42E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*","matchCriteriaId":"193516AD-8096-4A6E-9C4B-4B9717DD7021"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*","matchCriteriaId":"2B1C64BD-7C8C-4B28-9EA8-5198B6C71AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_component:8.1:sp6:*:*:*:*:*:*","matchCriteriaId":"B3B986B9-A82B-4087-808E-854EC443AC3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_component:9.0:*:*:*:*:*:*:*","matchCriteriaId":"6AF95249-8970-406B-B874-4B9925471C27"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_component:9.1:*:*:*:*:*:*:*","matchCriteriaId":"DD536DD6-AF76-4075-8B28-322FB65793AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_component:9.2:mp3:*:*:*:*:*:*","matchCriteriaId":"9BDA1940-A3F4-4CEC-BDD0-B098B2E27CE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_component:10.0:mp1:*:*:*:*:*:*","matchCriteriaId":"3BB8A45D-95E5-4F14-A51A-29B5A6E45F43"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server_component:10.3:*:*:*:*:*:*:*","matchCriteriaId":"1E3D253B-73D7-4916-B5E4-9D553741E98C"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"217","Ordinal":"1","Title":"CVE-2009-0217","CVE":"CVE-2009-0217","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"217","Ordinal":"1","NoteData":"The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.","Type":"Description","Title":"CVE-2009-0217"},{"CveYear":"2009","CveId":"217","Ordinal":"2","NoteData":"2009-07-14","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"217","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}