CVE-2009-0217


Severity : Medium
Published : 2009-07-14
Modified : 2014-11-13
Base Score : 5.0
Details : The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Product/Version : Pro 4.x  
CGE 4.x  
Mobilinux 4.x  
Pro 5.0  
CGE 5.x  
Mobilinux 5.x  
Mobilinux 5.0.24  
MVL 5 Atom  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
 
 
 


CVE Vulnerabilities List CVE-2009
CVE-2009-5064CVE-2009-5029CVE-2009-4895CVE-2009-4881
CVE-2009-4880CVE-2009-4537CVE-2009-4410CVE-2009-4377
CVE-2009-4355CVE-2009-4308CVE-2009-4307CVE-2009-4272
CVE-2009-4141CVE-2009-4135CVE-2009-4134CVE-2009-4131
CVE-2009-4029CVE-2009-4022CVE-2009-4021CVE-2009-4020
CVE-2009-4017CVE-2009-4005CVE-2009-3889CVE-2009-3767
CVE-2009-3736CVE-2009-3726CVE-2009-3720CVE-2009-3639
CVE-2009-3621CVE-2009-3620CVE-2009-3612CVE-2009-3563
CVE-2009-3560CVE-2009-3559CVE-2009-3558CVE-2009-3557
CVE-2009-3555CVE-2009-3550CVE-2009-3547CVE-2009-3490
CVE-2009-3245CVE-2009-3238CVE-2009-3230CVE-2009-3228
CVE-2009-3095CVE-2009-3094CVE-2009-3080CVE-2009-3002
CVE-2009-3001CVE-2009-2910CVE-2009-2909CVE-2009-2908
CVE-2009-2903CVE-2009-2849CVE-2009-2848CVE-2009-2847
CVE-2009-2730CVE-2009-2563CVE-2009-2562CVE-2009-2560
CVE-2009-2417CVE-2009-2412CVE-2009-2409CVE-2009-2042
CVE-2009-1961CVE-2009-1895CVE-2009-1891CVE-2009-1890
CVE-2009-1885CVE-2009-1632CVE-2009-1630CVE-2009-1574
CVE-2009-1417CVE-2009-1389CVE-2009-1387CVE-2009-1386
CVE-2009-1378CVE-2009-1377CVE-2009-1337CVE-2009-1297
CVE-2009-1269CVE-2009-1268CVE-2009-1267CVE-2009-1265
CVE-2009-1252CVE-2009-1210CVE-2009-1196CVE-2009-1195
CVE-2009-1194CVE-2009-1192CVE-2009-0949CVE-2009-0887
CVE-2009-0859CVE-2009-0835CVE-2009-0834CVE-2009-0798
CVE-2009-0791CVE-2009-0778CVE-2009-0316CVE-2009-0217
CVE-2009-0163CVE-2009-0159CVE-2009-0028CVE-2009-0021