CVE-2009-0217

12 documents8 sources

Severity

5.0MEDIUM

EPSS

2.2%

top 15.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server Mono Project Mono Oracle Application Server +2 more

Timeline

PublishedJul 14

Latest updateMay 2

Description

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.…

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages9 packages

▶NVDoracle/application_server10.1.2.3, 10.1.3.4, 10.1.4.3im+2

▶NVDoracle/bea_product_suite6 versions+5

▶NVDibm/websphere_application_server69 versions+68

▶NVDoracle/weblogic6 versions+5

▶Debianxml-security-c< 1.4.0-4+3

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation↗2022-05-02

▶

OSV

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation↗2022-05-02

▶

CVEList

CVE-2009-0217: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Devel↗2009-07-14

▶

OSV

CVE-2009-0217: The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Devel↗2009-07-14

▶

📋Vendor Advisories

Ubuntu

OpenOffice.org vulnerabilities↗2010-02-24

▶

Ubuntu

Mono vulnerabilities↗2009-08-26

▶

Ubuntu

OpenJDK vulnerabilities↗2009-08-11

▶

Red Hat

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass↗2009-07-14

▶

Debian

CVE-2009-0217: mono - The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendati...↗2009

▶

💬Community

Bugzilla

CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass [epel-5]↗2011-04-06

▶

Bugzilla

CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass↗2009-07-15

▶