gsd-2009-0217
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Aliases
Aliases
{ GSD: { alias: "CVE-2009-0217", description: "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.", id: "GSD-2009-0217", references: [ "https://www.suse.com/security/cve/CVE-2009-0217.html", "https://www.debian.org/security/2010/dsa-1995", "https://www.debian.org/security/2009/dsa-1849", "https://access.redhat.com/errata/RHSA-2010:0043", "https://access.redhat.com/errata/RHSA-2009:1694", "https://access.redhat.com/errata/RHSA-2009:1650", "https://access.redhat.com/errata/RHSA-2009:1649", "https://access.redhat.com/errata/RHSA-2009:1637", "https://access.redhat.com/errata/RHSA-2009:1636", "https://access.redhat.com/errata/RHSA-2009:1428", "https://access.redhat.com/errata/RHSA-2009:1201", "https://access.redhat.com/errata/RHSA-2009:1200", "https://linux.oracle.com/cve/CVE-2009-0217.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2009-0217", ], details: "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.", id: "GSD-2009-0217", modified: "2023-12-13T01:19:44.491810Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2009-0217", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2009:1428", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1428.html", }, { name: "ADV-2009-3122", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/3122", }, { name: "http://www.openoffice.org/security/cves/CVE-2009-0217.html", refsource: "CONFIRM", url: "http://www.openoffice.org/security/cves/CVE-2009-0217.html", }, { name: "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526", refsource: "CONFIRM", url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526", }, { name: "60799", refsource: "SECUNIA", url: "http://secunia.com/advisories/60799", }, { name: "GLSA-201408-19", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml", }, { name: "PK80596", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere", }, { name: "RHSA-2009:1200", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1200.html", }, { name: "35776", refsource: "SECUNIA", url: "http://secunia.com/advisories/35776", }, { name: "36162", refsource: "SECUNIA", url: "http://secunia.com/advisories/36162", }, { name: "36494", refsource: "SECUNIA", url: "http://secunia.com/advisories/36494", }, { name: "ADV-2009-2543", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2543", }, { name: "35858", refsource: "SECUNIA", url: "http://secunia.com/advisories/35858", }, { name: "38695", refsource: "SECUNIA", url: "http://secunia.com/advisories/38695", }, { name: "269208", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1", }, { name: "DSA-1995", refsource: "DEBIAN", url: "http://www.debian.org/security/2010/dsa-1995", }, { name: "HPSBUX02476", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "35853", refsource: "SECUNIA", url: "http://secunia.com/advisories/35853", }, { name: "RHSA-2009:1637", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1637.html", }, { name: "RHSA-2009:1694", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2009-1694.html", }, { name: "35852", refsource: "SECUNIA", url: "http://secunia.com/advisories/35852", }, { name: "35854", refsource: "SECUNIA", url: "http://secunia.com/advisories/35854", }, { name: "34461", refsource: "SECUNIA", url: "http://secunia.com/advisories/34461", }, { name: "http://www.kb.cert.org/vuls/id/WDON-7TY529", refsource: "CONFIRM", url: "http://www.kb.cert.org/vuls/id/WDON-7TY529", }, { name: "http://www.mono-project.com/Vulnerabilities", refsource: "CONFIRM", url: "http://www.mono-project.com/Vulnerabilities", }, { name: "1020710", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1", }, { name: "USN-903-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-903-1", }, { name: "35671", refsource: "BID", url: "http://www.securityfocus.com/bid/35671", }, { name: "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527", refsource: "CONFIRM", url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527", }, { name: "ADV-2010-0366", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0366", }, { name: "55907", refsource: "OSVDB", url: "http://osvdb.org/55907", }, { name: "MDVSA-2009:209", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209", }, { name: "SUSE-SA:2010:017", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html", }, { name: "38567", refsource: "SECUNIA", url: "http://secunia.com/advisories/38567", }, { name: "FEDORA-2009-8329", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", }, { name: "263429", refsource: "SUNALERT", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1", }, { name: "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161", refsource: "CONFIRM", url: "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161", }, { name: "SSRT090250", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "ADV-2009-1900", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1900", }, { name: "1022561", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022561", }, { name: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", }, { name: "37671", refsource: "SECUNIA", url: "http://secunia.com/advisories/37671", }, { name: "VU#466161", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/466161", }, { name: "1022567", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022567", }, { name: "RHSA-2009:1636", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1636.html", }, { name: "PK80627", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere", }, { name: "RHSA-2009:1649", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1649.html", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", }, { name: "TA09-294A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", }, { name: "ADV-2009-1909", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1909", }, { name: "ADV-2010-0635", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0635", }, { name: "http://svn.apache.org/viewvc?revision=794013&view=revision", refsource: "CONFIRM", url: "http://svn.apache.org/viewvc?revision=794013&view=revision", }, { name: "38568", refsource: "SECUNIA", url: "http://secunia.com/advisories/38568", }, { name: "36180", refsource: "SECUNIA", url: "http://secunia.com/advisories/36180", }, { name: "FEDORA-2009-8456", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html", }, { name: "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03", refsource: "CONFIRM", url: "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03", }, { name: "USN-826-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/826-1/", }, { name: "37841", refsource: "SECUNIA", url: "http://secunia.com/advisories/37841", }, { name: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", }, { name: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", refsource: "CONFIRM", url: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", }, { name: "35855", refsource: "SECUNIA", url: "http://secunia.com/advisories/35855", }, { name: "FEDORA-2009-8473", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html", }, { name: "36176", refsource: "SECUNIA", url: "http://secunia.com/advisories/36176", }, { name: "oval:org.mitre.oval:def:7158", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158", }, { name: "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html", refsource: "MISC", url: "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html", }, { name: "ADV-2009-1908", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1908", }, { name: "FEDORA-2009-8337", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", }, { name: "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7", refsource: "CONFIRM", url: "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7", }, { name: "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925", }, { name: "41818", refsource: "SECUNIA", url: "http://secunia.com/advisories/41818", }, { name: "1022661", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022661", }, { name: "37300", refsource: "SECUNIA", url: "http://secunia.com/advisories/37300", }, { name: "ADV-2009-1911", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/1911", }, { name: "APPLE-SA-2009-09-03-1", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", }, { name: "SUSE-SA:2009:053", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", }, { name: "oval:org.mitre.oval:def:8717", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717", }, { name: "RHSA-2009:1201", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1201.html", }, { name: "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7", refsource: "CONFIRM", url: "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7", }, { name: "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ", refsource: "CONFIRM", url: "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ", }, { name: "TA10-159B", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA10-159B.html", }, { name: "oval:org.mitre.oval:def:10186", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186", }, { name: "55895", refsource: "OSVDB", url: "http://osvdb.org/55895", }, { name: "http://www.aleksey.com/xmlsec/", refsource: "CONFIRM", url: "http://www.aleksey.com/xmlsec/", }, { name: "MS10-041", refsource: "MS", url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041", }, { name: "38921", refsource: "SECUNIA", url: "http://secunia.com/advisories/38921", }, { name: "RHSA-2009:1650", refsource: "REDHAT", url: "https://rhn.redhat.com/errata/RHSA-2009-1650.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=511915", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=511915", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "[1.4-alpha0,1.4.2]", affected_versions: "All versions starting from 1.4-alpha0 up to 1.4.2", cvss_v2: "AV:N/AC:L/Au:N/C:N/I:P/A:N", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2018-10-12", description: "This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.", fixed_versions: [ "1.4.3", ], identifier: "CVE-2009-0217", identifiers: [ "CVE-2009-0217", ], not_impacted: "All versions before 1.4-alpha0, all versions after 1.4.2", package_slug: "maven/org.apache.santuario/xmlsec", pubdate: "2009-07-14", solution: "Upgrade to version 1.4.3 or above.", title: "XML signature HMAC truncation authentication bypass", urls: [ "http://svn.apache.org/viewvc?view=revision&revision=794013", "https://bugzilla.redhat.com/CVE-2009-0217", ], uuid: "14840313-e424-49fa-a16a-7510c93c9397", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:oracle:application_server:10.1.3.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:application_server:10.1.2.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mono_project:mono:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server_component:10.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server_component:10.0:mp1:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.14:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mono_project:mono:1.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mono_project:mono:1.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.18:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:application_server:10.1.4.3im:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mono_project:mono:1.2.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mono_project:mono:1.2.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server_component:9.2:mp3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server_component:9.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.33:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mono_project:mono:1.2.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mono_project:mono:1.2.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mono_project:mono:1.2.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server_component:9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:weblogic_server_component:8.1:sp6:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:fp17:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.16:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2009-0217", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], }, ], }, references: { reference_data: [ { name: "VU#466161", refsource: "CERT-VN", tags: [ "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/466161", }, { name: "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03", }, { name: "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html", refsource: "MISC", tags: [ "Vendor Advisory", ], url: "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html", }, { name: "http://www.aleksey.com/xmlsec/", refsource: "CONFIRM", tags: [], url: "http://www.aleksey.com/xmlsec/", }, { name: "http://www.mono-project.com/Vulnerabilities", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://www.mono-project.com/Vulnerabilities", }, { name: "ADV-2009-1911", refsource: "VUPEN", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1911", }, { name: "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527", refsource: "CONFIRM", tags: [], url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527", }, { name: "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925", refsource: "CONFIRM", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925", }, { name: "1022561", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id?1022561", }, { name: "PK80596", refsource: "AIXAPAR", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere", }, { name: "PK80627", refsource: "AIXAPAR", tags: [ "Patch", "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere", }, { name: "ADV-2009-1908", refsource: "VUPEN", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1908", }, { name: "55895", refsource: "OSVDB", tags: [], url: "http://osvdb.org/55895", }, { name: "35776", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35776", }, { name: "ADV-2009-1900", refsource: "VUPEN", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1900", }, { name: "55907", refsource: "OSVDB", tags: [], url: "http://osvdb.org/55907", }, { name: "1022567", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id?1022567", }, { name: "35855", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35855", }, { name: "35853", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35853", }, { name: "35854", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35854", }, { name: "35858", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35858", }, { name: "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ", refsource: "CONFIRM", tags: [], url: "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ", }, { name: "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161", refsource: "CONFIRM", tags: [], url: "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161", }, { name: "http://www.kb.cert.org/vuls/id/WDON-7TY529", refsource: "CONFIRM", tags: [], url: "http://www.kb.cert.org/vuls/id/WDON-7TY529", }, { name: "263429", refsource: "SUNALERT", tags: [], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1", }, { name: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", refsource: "CONFIRM", tags: [], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1", }, { name: "35671", refsource: "BID", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/35671", }, { name: "RHSA-2009:1201", refsource: "REDHAT", tags: [], url: "https://rhn.redhat.com/errata/RHSA-2009-1201.html", }, { name: "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526", refsource: "CONFIRM", tags: [], url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526", }, { name: "36180", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36180", }, { name: "RHSA-2009:1200", refsource: "REDHAT", tags: [], url: "https://rhn.redhat.com/errata/RHSA-2009-1200.html", }, { name: "ADV-2009-1909", refsource: "VUPEN", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2009/1909", }, { name: "1022661", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id?1022661", }, { name: "36162", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36162", }, { name: "35852", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/35852", }, { name: "36176", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36176", }, { name: "FEDORA-2009-8329", refsource: "FEDORA", tags: [], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html", }, { name: "FEDORA-2009-8337", refsource: "FEDORA", tags: [], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html", }, { name: "FEDORA-2009-8456", refsource: "FEDORA", tags: [], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html", }, { name: "FEDORA-2009-8473", refsource: "FEDORA", tags: [], url: "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html", }, { name: "MDVSA-2009:209", refsource: "MANDRIVA", tags: [], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209", }, { name: "36494", refsource: "SECUNIA", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/36494", }, { name: "APPLE-SA-2009-09-03-1", refsource: "APPLE", tags: [], url: "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html", }, { name: "ADV-2009-2543", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2009/2543", }, { name: "TA09-294A", refsource: "CERT", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA09-294A.html", }, { name: "ADV-2009-3122", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2009/3122", }, { name: "SUSE-SA:2009:053", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html", }, { name: "269208", refsource: "SUNALERT", tags: [], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1", }, { name: "HPSBUX02476", refsource: "HP", tags: [], url: "http://marc.info/?l=bugtraq&m=125787273209737&w=2", }, { name: "37300", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/37300", }, { name: "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7", refsource: "CONFIRM", tags: [], url: "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7", }, { name: "RHSA-2009:1428", refsource: "REDHAT", tags: [], url: "https://rhn.redhat.com/errata/RHSA-2009-1428.html", }, { name: "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7", refsource: "CONFIRM", tags: [], url: "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7", }, { name: "http://svn.apache.org/viewvc?revision=794013&view=revision", refsource: "CONFIRM", tags: [], url: "http://svn.apache.org/viewvc?revision=794013&view=revision", }, { name: "RHSA-2009:1649", refsource: "REDHAT", tags: [], url: "https://rhn.redhat.com/errata/RHSA-2009-1649.html", }, { name: "RHSA-2009:1637", refsource: "REDHAT", tags: [], url: "https://rhn.redhat.com/errata/RHSA-2009-1637.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=511915", refsource: "CONFIRM", tags: [], url: "https://bugzilla.redhat.com/show_bug.cgi?id=511915", }, { name: "RHSA-2009:1636", refsource: "REDHAT", tags: [], url: "https://rhn.redhat.com/errata/RHSA-2009-1636.html", }, { name: "37671", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/37671", }, { name: "RHSA-2009:1650", refsource: "REDHAT", tags: [], url: "https://rhn.redhat.com/errata/RHSA-2009-1650.html", }, { name: "37841", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/37841", }, { name: "RHSA-2009:1694", refsource: "REDHAT", tags: [], url: "http://www.redhat.com/support/errata/RHSA-2009-1694.html", }, { name: "38567", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/38567", }, { name: "38568", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/38568", }, { name: "ADV-2010-0366", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2010/0366", }, { name: "DSA-1995", refsource: "DEBIAN", tags: [], url: "http://www.debian.org/security/2010/dsa-1995", }, { name: "http://www.openoffice.org/security/cves/CVE-2009-0217.html", refsource: "CONFIRM", tags: [], url: "http://www.openoffice.org/security/cves/CVE-2009-0217.html", }, { name: "38695", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/38695", }, { name: "USN-903-1", refsource: "UBUNTU", tags: [], url: "http://www.ubuntu.com/usn/USN-903-1", }, { name: "SUSE-SA:2010:017", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html", }, { name: "38921", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/38921", }, { name: "ADV-2010-0635", refsource: "VUPEN", tags: [], url: "http://www.vupen.com/english/advisories/2010/0635", }, { name: "1020710", refsource: "SUNALERT", tags: [], url: "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1", }, { name: "TA10-159B", refsource: "CERT", tags: [ "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA10-159B.html", }, { name: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", }, { name: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", refsource: "CONFIRM", tags: [], url: "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", }, { name: "34461", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/34461", }, { name: "GLSA-201408-19", refsource: "GENTOO", tags: [], url: "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml", }, { name: "60799", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/60799", }, { name: "41818", refsource: "SECUNIA", tags: [], url: "http://secunia.com/advisories/41818", }, { name: "oval:org.mitre.oval:def:8717", refsource: "OVAL", tags: [], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717", }, { name: "oval:org.mitre.oval:def:7158", refsource: "OVAL", tags: [], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158", }, { name: "oval:org.mitre.oval:def:10186", refsource: "OVAL", tags: [], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186", }, { name: "USN-826-1", refsource: "UBUNTU", tags: [], url: "https://usn.ubuntu.com/826-1/", }, { name: "MS10-041", refsource: "MS", tags: [], url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, }, lastModifiedDate: "2018-10-12T21:49Z", publishedDate: "2009-07-14T23:30Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.