IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability

IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability

References:

Advance notification of Security Updates for Java SE (Sun)
US-CERT Vulnerability Note VU#466161 - XML signature HMAC truncation authentica (Sun)
E03: HMAC truncation (CVE-2009-0217) (W3C)
HMAC truncation in XML Signature: When Alice didn't look. (Thomas Roessler)
Java SE 6 Update Release Notes (Sun)
Mono Project Homepage (Mono)
Possible security exposure with XML digital signature with IBM WebSphere Applica (IBM)
Security Vulnerability in OpenOffice.org resulting from 3rd party library (OpenOffice)
Sun's latest Java security alerts (IBM)
Vulnerabilities - Mono (Mono)
XML Security Homepage (Apache Software Foundation)
XML Security Library Homepage (XML Security Library)
XML Signature Syntax and Processing (Second Edition) (W3C)
263429 HMAC-based XML Digital Signatures (Sun)
269208 A Security Vulnerability With Verifying HMAC-based XML Digital Signatures (Sun)
ASA-2009-403 xmlsec1 security update (RHSA-2009-1428) (Avaya)
ASA-2010-153 MS10-041 Vulnerability in Microsoft .NET Framework Could Allow Tamp (Avaya)
DSA-1995-1 openoffice.org -- several vulnerabilities (Debian)
Microsoft Security Bulletin MS10-041 (Microsoft)
Oracle Critical Patch Update Advisory - July 2009 (Oracle)
Oracle Critical Patch Update Advisory - July 2010 (Oracle)
Oracle Critical Patch Update Advisory - October 2009 (Oracle)
RHSA-2009:1199 java-1.5.0-sun security update (Red Hat)
RHSA-2009:1200 java-1.6.0-sun security update (Red Hat)
RHSA-2009:1201 java-1.6.0-openjdk security and bug fix update (Red Hat)
RSA Security, Inc. Information for VU#466161 (US-CERT)