CVE-2009-0217


Severity : Medium
Published : 2009-07-14
Modified : 2014-11-13
Base Score : 5.0
Details : The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Product/Version : Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Pro 5.0  
CGE 5.x  
Mobilinux 5.x  
Mobilinux 5.0.24  
MVL 5 Atom  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
 
 
 

CVE Vulnerabilities List CVE-2009

CVE-2009-0021CVE-2009-0028CVE-2009-0159CVE-2009-0163
CVE-2009-0217CVE-2009-0316CVE-2009-0778CVE-2009-0791
CVE-2009-0798CVE-2009-0834CVE-2009-0835CVE-2009-0859
CVE-2009-0887CVE-2009-0949CVE-2009-1192CVE-2009-1194
CVE-2009-1195CVE-2009-1196CVE-2009-1210CVE-2009-1252
CVE-2009-1265CVE-2009-1267CVE-2009-1268CVE-2009-1269
CVE-2009-1297CVE-2009-1337CVE-2009-1377CVE-2009-1378
CVE-2009-1386CVE-2009-1387CVE-2009-1389CVE-2009-1417
CVE-2009-1574CVE-2009-1630CVE-2009-1632CVE-2009-1885
CVE-2009-1890CVE-2009-1891CVE-2009-1895CVE-2009-1961
CVE-2009-2042CVE-2009-2409CVE-2009-2412CVE-2009-2417
CVE-2009-2560CVE-2009-2562CVE-2009-2563CVE-2009-2730
CVE-2009-2847CVE-2009-2848CVE-2009-2849CVE-2009-2903
CVE-2009-2908CVE-2009-2909CVE-2009-2910CVE-2009-3001
CVE-2009-3002CVE-2009-3080CVE-2009-3094CVE-2009-3095
CVE-2009-3228CVE-2009-3230CVE-2009-3238CVE-2009-3245
CVE-2009-3490CVE-2009-3547CVE-2009-3550CVE-2009-3555
CVE-2009-3557CVE-2009-3558CVE-2009-3559CVE-2009-3560
CVE-2009-3563CVE-2009-3612CVE-2009-3620CVE-2009-3621
CVE-2009-3639CVE-2009-3720CVE-2009-3726CVE-2009-3736
CVE-2009-3767CVE-2009-3889CVE-2009-4005CVE-2009-4017
CVE-2009-4020CVE-2009-4021CVE-2009-4022CVE-2009-4029
CVE-2009-4131CVE-2009-4134CVE-2009-4135CVE-2009-4141
CVE-2009-4272CVE-2009-4307CVE-2009-4308CVE-2009-4355
CVE-2009-4377CVE-2009-4410CVE-2009-4537CVE-2009-4880
CVE-2009-4881CVE-2009-4895CVE-2009-5029CVE-2009-5064