Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability

Bugtraq ID: 35671
Class: Design Error
CVE: CVE-2009-0217
Remote: Yes
Local: No
Published: Jul 14 2009 12:00AM
Updated: Nov 12 2009 06:56PM
Credit: Thomas Roessler
Vulnerable: XML Security Library XML Security Library 1.2.11
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Sun OpenJDK 6 Build b12
Sun JRE 6.0 Update 7
Sun JRE 6.0 Update 6
Sun JRE 6.0 Update 5
Sun JRE 6.0 Update 4
Sun JRE 6.0 Update 3
Sun JRE 6.0 Update 2
Sun JRE 6.0 Update 14
Sun JRE 6.0 Update 13
Sun JRE 6.0 Update 12
Sun JRE 6.0 Update 11
Sun JRE 6.0 Update 10
Sun JRE 6.0 Update 1
Sun JDK (Windows Production Release) 1.6.0_03
Sun JDK (Windows Production Release) 1.6.0_02
Sun JDK (Windows Production Release) 1.6.0_01-b06
Sun JDK (Windows Production Release) 1.6.0_01
Sun JDK (Solaris Production Release) 1.6.0_03
Sun JDK (Solaris Production Release) 1.6.0_02
Sun JDK (Solaris Production Release) 1.6.0_01
Sun JDK (Linux Production Release) 1.6.0_03
Sun JDK (Linux Production Release) 1.6.0_02
Sun JDK (Linux Production Release) 1.6.0_01
Sun JDK 6.0 Update 7
Sun JDK 6.0 Update 6
Sun JDK 6.0 Update 5
Sun JDK 6.0 Update 4
Sun JDK 6.0 Update 3
Sun JDK 6.0 Update 2
Sun JDK 6.0 Update 14
Sun JDK 6.0 Update 13
Sun JDK 6.0 Update 11
Sun JDK 6.0 Update 10
Sun JDK 6.0 Update 1
Sun JDK 6.0
Sun Glassfish Enterprise Server 2.1
S.u.S.E. SLES 11
S.u.S.E. SLE 11
RSA Security Federated Identity Manager 0
RSA Security BSAFE SSL-J 0
RSA Security BSAFE Cert-J 0
RedHat Fedora 11
RedHat Fedora 10
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux Supplementary EUS 5.3.z
RedHat Enterprise Linux Supplementary 5 server
RedHat Enterprise Linux Extras 4.8.z
RedHat Enterprise Linux Extras 4
RedHat Enterprise Linux EUS 5.3.z server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop Supplementary 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
Pardus Linux 2008 0
Oracle Weblogic Server 9.3 MP3
Oracle Weblogic Server 9.2
Oracle Weblogic Server 9.1 GA
Oracle Weblogic Server 9.0 GA
Oracle Weblogic Server 8.1 SP6
Oracle Weblogic Server 8.1
Oracle Weblogic Server 10.3
Oracle Weblogic Server 10.0 MP1
Oracle Oracle10g Application Server 10.1.3 .4.0
Oracle Oracle10g Application Server 10.1.3 .3.0
Oracle Oracle10g Application Server 10.1.3 .2.0
Oracle Oracle10g Application Server 10.1.2.3.0
Oracle JRockit R27.6.3
Oracle JRockit R27.6.2
Oracle JRockit R27.6.0
Oracle JRockit R27.1.0
Mono Mono 2.4.2 .1
Mono Mono 2.4.2
Mono Mono 2.0
Mono Mono 1.2.5 2
Mono Mono 1.2.5 1
Mono Mono 1.1.18
Mono Mono 1.1.17
Mono Mono 1.1.13
Mono Mono 1.1.4
Mono Mono 1.0.5
Mono Mono 1.0
Mono Mono 1.1.8.3
Mono Mono 1.1.17.1
Mono Mono 1.1.13.7
Mono Mono 1.1.13.6
Mono Mono 1.1.13.4
MandrakeSoft Linux Mandrake 2009.1 x86_64
MandrakeSoft Linux Mandrake 2009.1
MandrakeSoft Linux Mandrake 2009.0 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
IBM Websphere Application Server 7.0 1
IBM Websphere Application Server 6.1 23
IBM Websphere Application Server 6.1 22
IBM Websphere Application Server 6.1 21
IBM Websphere Application Server 6.1 20
IBM Websphere Application Server 6.1 19
IBM Websphere Application Server 6.1 18
IBM Websphere Application Server 6.1 17
IBM Websphere Application Server 6.1 15
IBM Websphere Application Server 6.1 13
IBM Websphere Application Server 6.1 12
IBM Websphere Application Server 6.1 10
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .7
IBM Websphere Application Server 6.1 .6
IBM Websphere Application Server 6.1 .5
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .14
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.0.2 33
IBM Websphere Application Server 6.0.2 31
IBM Websphere Application Server 6.0.2 29
IBM Websphere Application Server 6.0.2 27
IBM Websphere Application Server 6.0.2 .9
IBM Websphere Application Server 6.0.2 .7
IBM Websphere Application Server 6.0.2 .5
IBM Websphere Application Server 6.0.2 .3
IBM Websphere Application Server 6.0.2 .25
IBM Websphere Application Server 6.0.2 .24
IBM Websphere Application Server 6.0.2 .23
IBM Websphere Application Server 6.0.2 .22
IBM Websphere Application Server 6.0.2 .13
IBM Websphere Application Server 6.0.2 .11
IBM Websphere Application Server 6.0.2 .1
IBM Websphere Application Server 6.0.2
IBM Websphere Application Server 6.0.2
IBM Websphere Application Server 6.0.2
IBM Websphere Application Server 6.0.2
IBM Websphere Application Server 6.0.2
IBM Websphere Application Server 6.0.1
IBM Websphere Application Server 6.0
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.0.2.19
IBM Websphere Application Server 6.0.2 Fix Pack 17
IBM Java SE 6.0 SR5
HP HP-UX 11.23
HP HP-UX 11.11
HP HP-UX 11.31
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 armel
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
BEA Systems Weblogic Server 9.2.2
BEA Systems Weblogic Server 9.2.1
BEA Systems Weblogic Server 9.2
BEA Systems Weblogic Server 9.1
BEA Systems Weblogic Server 8.1.6
BEA Systems Weblogic Server 8.1.4
BEA Systems Weblogic Server 8.1 SP 6
BEA Systems Weblogic Server 8.1 SP 5
BEA Systems Weblogic Server 8.1 SP 4
BEA Systems Weblogic Server 8.1 SP 3
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems Weblogic Server 8.1
BEA Systems Weblogic Server 1.0 .1
BEA Systems Weblogic Server 1.0 .0
BEA Systems Weblogic Server 9.2 Maintenance Pack
BEA Systems Weblogic Server 9.2
BEA Systems Weblogic Server 9.1
BEA Systems Weblogic Server 9.1
BEA Systems Weblogic Server 9.0
BEA Systems Weblogic Server 8.1 SP6
BEA Systems Weblogic Server 8.1
BEA Systems Weblogic Server 10.3
BEA Systems Weblogic Server 10.3
BEA Systems Weblogic Server 10.0 MP1
BEA Systems Weblogic Server 10.0 Maintenance Pac
BEA Systems Weblogic Server 10.0
BEA Systems Weblogic Server 10.0
Avaya Messaging Storage Server MSS 3.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 5.0
Avaya Messaging Storage Server 4.0
Avaya Messaging Storage Server 3.1
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Message Networking
Avaya Intuity AUDIX LX 2.0 SP2
Avaya Intuity AUDIX LX 2.0 SP1
Avaya Intuity AUDIX LX 2.0
Apple Mac OS X Server 10.5.8
Apple Mac OS X Server 10.5.7
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.8
Apple Mac OS X 10.5.7
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5
Apache Software Foundation XML Security 1.4.2
Apache Software Foundation XML Security 1.0.4
Not Vulnerable: XML Security Library XML Security Library 1.2.12
Sun JRE 6.0 Update 15
Sun JDK (Windows Production Release) 1.6.0_15
Sun JDK (Solaris Production Release) 1.6.0_15
Sun JDK (Linux Production Release) 1.6.0_15
Sun JDK 6 Update 15
IBM Websphere Application Server 7.0 3
IBM Websphere Application Server 6.1 25
IBM Websphere Application Server 6.0.2 .35







 

Privacy Statement
Copyright 2009, SecurityFocus