CVE-2009-0217


Severity : Medium
Published : 2009-07-14
Modified : 2014-11-13
Base Score : 5.0
Details : The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Product/Version :  
 
 

CVE Vulnerabilities List CVE-2009

CVE-2009-0021CVE-2009-0028CVE-2009-0159CVE-2009-0163
CVE-2009-0316CVE-2009-0778CVE-2009-0791CVE-2009-0798
CVE-2009-0834CVE-2009-0835CVE-2009-0859CVE-2009-0949
CVE-2009-1192CVE-2009-1194CVE-2009-1195CVE-2009-1196
CVE-2009-1210CVE-2009-1252CVE-2009-1265CVE-2009-1267
CVE-2009-1268CVE-2009-1269CVE-2009-1297CVE-2009-1337
CVE-2009-1377CVE-2009-1378CVE-2009-1389CVE-2009-1417
CVE-2009-1574CVE-2009-1630CVE-2009-1632CVE-2009-1885
CVE-2009-1890CVE-2009-1891CVE-2009-1895CVE-2009-1961
CVE-2009-2042CVE-2009-2409CVE-2009-2412CVE-2009-2417
CVE-2009-2560CVE-2009-2562CVE-2009-2563CVE-2009-2730
CVE-2009-2847CVE-2009-2848CVE-2009-2849CVE-2009-2903
CVE-2009-2908CVE-2009-2909CVE-2009-2910CVE-2009-3001
CVE-2009-3002CVE-2009-3080CVE-2009-3095CVE-2009-3228
CVE-2009-3230CVE-2009-3238CVE-2009-3245CVE-2009-3490
CVE-2009-3547CVE-2009-3550CVE-2009-3555CVE-2009-3557
CVE-2009-3558CVE-2009-3559CVE-2009-3560CVE-2009-3563
CVE-2009-3612CVE-2009-3620CVE-2009-3621CVE-2009-3639
CVE-2009-3720CVE-2009-3726CVE-2009-3736CVE-2009-3767
CVE-2009-3889CVE-2009-4005CVE-2009-4017CVE-2009-4020
CVE-2009-4021CVE-2009-4022CVE-2009-4029CVE-2009-4131
CVE-2009-4134CVE-2009-4135CVE-2009-4141CVE-2009-4272
CVE-2009-4307CVE-2009-4308CVE-2009-4355CVE-2009-4377
CVE-2009-4410CVE-2009-4537CVE-2009-4880CVE-2009-4881
CVE-2009-4895CVE-2009-5029CVE-2009-5064