CVE-2009-0217

Severity

50%

Complexity

99%

Confidentiality

48%

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N).

Overview

First reported 15 years ago

2009-07-14 23:30:00

Last updated 6 years ago

2018-10-12 21:49:00

Affected Software

IBM WebSphere Application Server 6.0

6.0

IBM WebSphere Application Server 6.0.0.1

6.0.0.1

IBM WebSphere Application Server 6.0.0.2

6.0.0.2

IBM WebSphere Application Server 6.0.0.3

6.0.0.3

IBM WebSphere Application Server 6.0.1

6.0.1

IBM WebSphere Application Server 6.0.1.1

6.0.1.1

IBM WebSphere Application Server 6.0.1.2

6.0.1.2

IBM WebSphere Application Server 6.0.1.3

6.0.1.3

IBM WebSphere Application Server 6.0.1.5

6.0.1.5

IBM WebSphere Application Server 6.0.1.7

6.0.1.7

IBM WebSphere Application Server 6.0.1.9

6.0.1.9

IBM WebSphere Application Server 6.0.1.11

6.0.1.11

IBM WebSphere Application Server 6.0.1.13

6.0.1.13

IBM WebSphere Application Server 6.0.1.15

6.0.1.15

IBM WebSphere Application Server 6.0.1.17

6.0.1.17

IBM WebSphere Application Server 6.0.2

6.0.2

IBM WebSphere Application Server 6.0.2.1

6.0.2.1

IBM WebSphere Application Server 6.0.2.2

6.0.2.2

IBM WebSphere Application Server 6.0.2.3

6.0.2.3

IBM WebSphere Application Server 6.0.2.11

6.0.2.11

IBM WebSphere Application Server 6.0.2.13

6.0.2.13

IBM WebSphere Application Server 6.0.2.15

6.0.2.15

IBM WebSphere Application Server 6.0.2.17

6.0.2.17

IBM WebSphere Application Server 6.0.2.19

6.0.2.19

IBM WebSphere Application Server 6.0.2.22

6.0.2.22

IBM WebSphere Application Server 6.0.2.23

6.0.2.23

IBM WebSphere Application Server 6.0.2.24

6.0.2.24

IBM WebSphere Application Server 6.0.2.25

6.0.2.25

IBM WebSphere Application Server 6.0.2.28

6.0.2.28

IBM WebSphere Application Server 6.0.2.29

6.0.2.29

IBM WebSphere Application Server 6.0.2.30

6.0.2.30

IBM WebSphere Application Server 6.0.2.31

6.0.2.31

IBM WebSphere Application Server 6.0.2.32

6.0.2.32

IBM WebSphere Application Server 6.0.2.33

6.0.2.33

IBM WebSphere Application Server 6.1

6.1

IBM WebSphere Application Server 6.1.0

6.1.0

IBM WebSphere Application Server 6.1.0.0

6.1.0.0

IBM WebSphere Application Server 6.1.0.1 (Fix Pack 1)

6.1.0.1

IBM WebSphere Application Server 6.1.0.2 (Fix Pack 2)

6.1.0.2

IBM WebSphere Application Server 6.1.0.3 (Fix Pack 3)

6.1.0.3

IBM WebSphere Application Server 6.1.0.5 (Fix Pack 5)

6.1.0.5

IBM WebSphere Application Server 6.1.0.7 (Fix Pack 7)

6.1.0.7

IBM WebSphere Application Server 6.1.0.9 (Fix Pack 9)

6.1.0.9

IBM WebSphere Application Server 6.1.0.11 (Fix Pack 11)

6.1.0.11

IBM WebSphere Application Server 6.1.0.12

6.1.0.12

IBM WebSphere Application Server 6.1.0.13 (Fix Pack 13)

6.1.0.13

IBM WebSphere Application Server 6.1.0.14 (Fix Pack 14)

6.1.0.14

IBM WebSphere Application Server 6.1.0.15 (Fix Pack 15)

6.1.0.15

IBM WebSphere Application Server 6.1.0.17 (Fix Pack 17)

6.1.0.17

IBM WebSphere Application Server 6.1.0.19 (Fix Pack 19)

6.1.0.19

IBM WebSphere Application Server 6.1.0.21 (Fix Pack 21)

6.1.0.21

IBM WebSphere Application Server 6.1.0.23 (Fix Pack 23)

6.1.0.23

IBM WebSphere Application Server 7.0

7.0

IBM WebSphere Application Server 7.0.0.1

7.0.0.1

Oracle Application Server 10g 10.1.2.3

10.1.2.3

References

http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161

http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7

http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7

APPLE-SA-2009-09-03-1

SUSE-SA:2009:053

SUSE-SA:2010:017

HPSBUX02476

55895

55907

34461

35776

Vendor Advisory

35852

Vendor Advisory

35853

Vendor Advisory

35854

Vendor Advisory

35855

Vendor Advisory

35858

Vendor Advisory

36162

Vendor Advisory

36176

Vendor Advisory

36180

Vendor Advisory

36494

Vendor Advisory

37300

37671

37841

38567

38568

38695

38921

41818

60799

http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

263429

269208

1020710

http://svn.apache.org/viewvc?revision=794013&view=revision

http://www.aleksey.com/xmlsec/

DSA-1995

GLSA-201408-19

VU#466161

US Government Resource

http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ

http://www.kb.cert.org/vuls/id/WDON-7TY529

MDVSA-2009:209

http://www.mono-project.com/Vulnerabilities

Vendor Advisory

http://www.openoffice.org/security/cves/CVE-2009-0217.html

http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

RHSA-2009:1694

35671

Patch

1022561

1022567

1022661

USN-903-1

TA09-294A

US Government Resource

TA10-159B

US Government Resource

ADV-2009-1900

Patch, Vendor Advisory

ADV-2009-1908

Patch, Vendor Advisory

ADV-2009-1909

Patch, Vendor Advisory

ADV-2009-1911

Patch, Vendor Advisory

ADV-2009-2543

ADV-2009-3122

ADV-2010-0366

ADV-2010-0635

http://www.w3.org/2008/06/xmldsigcore-errata.html#e03

Vendor Advisory

http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html

Vendor Advisory

PK80596

Patch, Vendor Advisory

PK80627

Patch, Vendor Advisory

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925

Patch, Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=511915

MS10-041

https://issues.apache.org/bugzilla/show_bug.cgi?id=47526

https://issues.apache.org/bugzilla/show_bug.cgi?id=47527

oval:org.mitre.oval:def:10186

oval:org.mitre.oval:def:7158

oval:org.mitre.oval:def:8717

RHSA-2009:1200

RHSA-2009:1201

RHSA-2009:1428

RHSA-2009:1636

RHSA-2009:1637

RHSA-2009:1649

RHSA-2009:1650

USN-826-1

FEDORA-2009-8329

FEDORA-2009-8337

FEDORA-2009-8456

FEDORA-2009-8473

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.