ByteOS Network

CVE Vulnerability Details :

CVE-2009-0217

PUBLISHED

More Info Official Page

Assigner-certcc

Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b

Published At-14 Jul, 2009 | 23:00

Updated At-07 Aug, 2024 | 04:24

▼CVE Numbering Authority (CNA)

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

References

Hyperlink	Resource
https://rhn.redhat.com/errata/RHSA-2009-1428.html	vendor-advisory x_refsource_REDHAT
http://www.vupen.com/english/advisories/2009/3122	vdb-entry x_refsource_VUPEN
http://www.openoffice.org/security/cves/CVE-2009-0217.html	x_refsource_CONFIRM
https://issues.apache.org/bugzilla/show_bug.cgi?id=47526	x_refsource_CONFIRM
http://secunia.com/advisories/60799	third-party-advisory x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	vendor-advisory x_refsource_GENTOO
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere	vendor-advisory x_refsource_AIXAPAR
https://rhn.redhat.com/errata/RHSA-2009-1200.html	vendor-advisory x_refsource_REDHAT
http://secunia.com/advisories/35776	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/36162	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/36494	third-party-advisory x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2543	vdb-entry x_refsource_VUPEN
http://secunia.com/advisories/35858	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/38695	third-party-advisory x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1	vendor-advisory x_refsource_SUNALERT
http://www.debian.org/security/2010/dsa-1995	vendor-advisory x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=125787273209737&w=2	vendor-advisory x_refsource_HP
http://secunia.com/advisories/35853	third-party-advisory x_refsource_SECUNIA
https://rhn.redhat.com/errata/RHSA-2009-1637.html	vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2009-1694.html	vendor-advisory x_refsource_REDHAT
http://secunia.com/advisories/35852	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/35854	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/34461	third-party-advisory x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/WDON-7TY529	x_refsource_CONFIRM
http://www.mono-project.com/Vulnerabilities	x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1	vendor-advisory x_refsource_SUNALERT
http://www.ubuntu.com/usn/USN-903-1	vendor-advisory x_refsource_UBUNTU
http://www.securityfocus.com/bid/35671	vdb-entry x_refsource_BID
https://issues.apache.org/bugzilla/show_bug.cgi?id=47527	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0366	vdb-entry x_refsource_VUPEN
http://osvdb.org/55907	vdb-entry x_refsource_OSVDB
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209	vendor-advisory x_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html	vendor-advisory x_refsource_SUSE
http://secunia.com/advisories/38567	third-party-advisory x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html	vendor-advisory x_refsource_FEDORA
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1	vendor-advisory x_refsource_SUNALERT
http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=125787273209737&w=2	vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2009/1900	vdb-entry x_refsource_VUPEN
http://www.securitytracker.com/id?1022561	vdb-entry x_refsource_SECTRACK
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	x_refsource_CONFIRM
http://secunia.com/advisories/37671	third-party-advisory x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/466161	third-party-advisory x_refsource_CERT-VN
http://www.securitytracker.com/id?1022567	vdb-entry x_refsource_SECTRACK
https://rhn.redhat.com/errata/RHSA-2009-1636.html	vendor-advisory x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere	vendor-advisory x_refsource_AIXAPAR
https://rhn.redhat.com/errata/RHSA-2009-1649.html	vendor-advisory x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html	x_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA09-294A.html	third-party-advisory x_refsource_CERT
http://www.vupen.com/english/advisories/2009/1909	vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/0635	vdb-entry x_refsource_VUPEN
http://svn.apache.org/viewvc?revision=794013&view=revision	x_refsource_CONFIRM
http://secunia.com/advisories/38568	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/36180	third-party-advisory x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html	vendor-advisory x_refsource_FEDORA
http://www.w3.org/2008/06/xmldsigcore-errata.html#e03	x_refsource_CONFIRM
https://usn.ubuntu.com/826-1/	vendor-advisory x_refsource_UBUNTU
http://secunia.com/advisories/37841	third-party-advisory x_refsource_SECUNIA
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html	x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1	x_refsource_CONFIRM
http://secunia.com/advisories/35855	third-party-advisory x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html	vendor-advisory x_refsource_FEDORA
http://secunia.com/advisories/36176	third-party-advisory x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158	vdb-entry signature x_refsource_OVAL
http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html	x_refsource_MISC
http://www.vupen.com/english/advisories/2009/1908	vdb-entry x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html	vendor-advisory x_refsource_FEDORA
http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925	x_refsource_CONFIRM
http://secunia.com/advisories/41818	third-party-advisory x_refsource_SECUNIA
http://www.securitytracker.com/id?1022661	vdb-entry x_refsource_SECTRACK
http://secunia.com/advisories/37300	third-party-advisory x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1911	vdb-entry x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html	vendor-advisory x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	vendor-advisory x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717	vdb-entry signature x_refsource_OVAL
https://rhn.redhat.com/errata/RHSA-2009-1201.html	vendor-advisory x_refsource_REDHAT
http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7	x_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ	x_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA10-159B.html	third-party-advisory x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186	vdb-entry signature x_refsource_OVAL
http://osvdb.org/55895	vdb-entry x_refsource_OSVDB
http://www.aleksey.com/xmlsec/	x_refsource_CONFIRM
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041	vendor-advisory x_refsource_MS
http://secunia.com/advisories/38921	third-party-advisory x_refsource_SECUNIA
https://rhn.redhat.com/errata/RHSA-2009-1650.html	vendor-advisory x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=511915	x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://rhn.redhat.com/errata/RHSA-2009-1428.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.vupen.com/english/advisories/2009/3122	vdb-entry x_refsource_VUPEN x_transferred
http://www.openoffice.org/security/cves/CVE-2009-0217.html	x_refsource_CONFIRM x_transferred
https://issues.apache.org/bugzilla/show_bug.cgi?id=47526	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/60799	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	vendor-advisory x_refsource_GENTOO x_transferred
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere	vendor-advisory x_refsource_AIXAPAR x_transferred
https://rhn.redhat.com/errata/RHSA-2009-1200.html	vendor-advisory x_refsource_REDHAT x_transferred
http://secunia.com/advisories/35776	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/36162	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/36494	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.vupen.com/english/advisories/2009/2543	vdb-entry x_refsource_VUPEN x_transferred
http://secunia.com/advisories/35858	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/38695	third-party-advisory x_refsource_SECUNIA x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1	vendor-advisory x_refsource_SUNALERT x_transferred
http://www.debian.org/security/2010/dsa-1995	vendor-advisory x_refsource_DEBIAN x_transferred
http://marc.info/?l=bugtraq&m=125787273209737&w=2	vendor-advisory x_refsource_HP x_transferred
http://secunia.com/advisories/35853	third-party-advisory x_refsource_SECUNIA x_transferred
https://rhn.redhat.com/errata/RHSA-2009-1637.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.redhat.com/support/errata/RHSA-2009-1694.html	vendor-advisory x_refsource_REDHAT x_transferred
http://secunia.com/advisories/35852	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/35854	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/34461	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.kb.cert.org/vuls/id/WDON-7TY529	x_refsource_CONFIRM x_transferred
http://www.mono-project.com/Vulnerabilities	x_refsource_CONFIRM x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1	vendor-advisory x_refsource_SUNALERT x_transferred
http://www.ubuntu.com/usn/USN-903-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.securityfocus.com/bid/35671	vdb-entry x_refsource_BID x_transferred
https://issues.apache.org/bugzilla/show_bug.cgi?id=47527	x_refsource_CONFIRM x_transferred
http://www.vupen.com/english/advisories/2010/0366	vdb-entry x_refsource_VUPEN x_transferred
http://osvdb.org/55907	vdb-entry x_refsource_OSVDB x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209	vendor-advisory x_refsource_MANDRIVA x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html	vendor-advisory x_refsource_SUSE x_transferred
http://secunia.com/advisories/38567	third-party-advisory x_refsource_SECUNIA x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html	vendor-advisory x_refsource_FEDORA x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1	vendor-advisory x_refsource_SUNALERT x_transferred
http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161	x_refsource_CONFIRM x_transferred
http://marc.info/?l=bugtraq&m=125787273209737&w=2	vendor-advisory x_refsource_HP x_transferred
http://www.vupen.com/english/advisories/2009/1900	vdb-entry x_refsource_VUPEN x_transferred
http://www.securitytracker.com/id?1022561	vdb-entry x_refsource_SECTRACK x_transferred
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/37671	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.kb.cert.org/vuls/id/466161	third-party-advisory x_refsource_CERT-VN x_transferred
http://www.securitytracker.com/id?1022567	vdb-entry x_refsource_SECTRACK x_transferred
https://rhn.redhat.com/errata/RHSA-2009-1636.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere	vendor-advisory x_refsource_AIXAPAR x_transferred
https://rhn.redhat.com/errata/RHSA-2009-1649.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html	x_refsource_CONFIRM x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-294A.html	third-party-advisory x_refsource_CERT x_transferred
http://www.vupen.com/english/advisories/2009/1909	vdb-entry x_refsource_VUPEN x_transferred
http://www.vupen.com/english/advisories/2010/0635	vdb-entry x_refsource_VUPEN x_transferred
http://svn.apache.org/viewvc?revision=794013&view=revision	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/38568	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/36180	third-party-advisory x_refsource_SECUNIA x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.w3.org/2008/06/xmldsigcore-errata.html#e03	x_refsource_CONFIRM x_transferred
https://usn.ubuntu.com/826-1/	vendor-advisory x_refsource_UBUNTU x_transferred
http://secunia.com/advisories/37841	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html	x_refsource_CONFIRM x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/35855	third-party-advisory x_refsource_SECUNIA x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html	vendor-advisory x_refsource_FEDORA x_transferred
http://secunia.com/advisories/36176	third-party-advisory x_refsource_SECUNIA x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158	vdb-entry signature x_refsource_OVAL x_transferred
http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html	x_refsource_MISC x_transferred
http://www.vupen.com/english/advisories/2009/1908	vdb-entry x_refsource_VUPEN x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html	vendor-advisory x_refsource_FEDORA x_transferred
http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7	x_refsource_CONFIRM x_transferred
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/41818	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securitytracker.com/id?1022661	vdb-entry x_refsource_SECTRACK x_transferred
http://secunia.com/advisories/37300	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.vupen.com/english/advisories/2009/1911	vdb-entry x_refsource_VUPEN x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html	vendor-advisory x_refsource_APPLE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	vendor-advisory x_refsource_SUSE x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717	vdb-entry signature x_refsource_OVAL x_transferred
https://rhn.redhat.com/errata/RHSA-2009-1201.html	vendor-advisory x_refsource_REDHAT x_transferred
http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7	x_refsource_CONFIRM x_transferred
http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ	x_refsource_CONFIRM x_transferred
http://www.us-cert.gov/cas/techalerts/TA10-159B.html	third-party-advisory x_refsource_CERT x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186	vdb-entry signature x_refsource_OVAL x_transferred
http://osvdb.org/55895	vdb-entry x_refsource_OSVDB x_transferred
http://www.aleksey.com/xmlsec/	x_refsource_CONFIRM x_transferred
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041	vendor-advisory x_refsource_MS x_transferred
http://secunia.com/advisories/38921	third-party-advisory x_refsource_SECUNIA x_transferred
https://rhn.redhat.com/errata/RHSA-2009-1650.html	vendor-advisory x_refsource_REDHAT x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=511915	x_refsource_CONFIRM x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References