ID CVE-2009-0217
Summary The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
References
Vulnerable Configurations
  • IBM WebSphere Application Server 6.0
    cpe:2.3:a:ibm:websphere_application_server:6.0
  • IBM WebSphere Application Server 6.0.0.1
    cpe:2.3:a:ibm:websphere_application_server:6.0.0.1
  • IBM WebSphere Application Server 6.0.0.2
    cpe:2.3:a:ibm:websphere_application_server:6.0.0.2
  • IBM WebSphere Application Server 6.0.0.3
    cpe:2.3:a:ibm:websphere_application_server:6.0.0.3
  • IBM WebSphere Application Server 6.0.1
    cpe:2.3:a:ibm:websphere_application_server:6.0.1
  • IBM WebSphere Application Server 6.0.1.1
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.1
  • IBM WebSphere Application Server 6.0.1.2
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.2
  • IBM WebSphere Application Server 6.0.1.3
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.3
  • IBM WebSphere Application Server 6.0.1.5
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.5
  • IBM WebSphere Application Server 6.0.1.7
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.7
  • IBM WebSphere Application Server 6.0.1.9
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.9
  • IBM WebSphere Application Server 6.0.1.11
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.11
  • IBM WebSphere Application Server 6.0.1.13
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.13
  • IBM WebSphere Application Server 6.0.1.15
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.15
  • IBM WebSphere Application Server 6.0.1.17
    cpe:2.3:a:ibm:websphere_application_server:6.0.1.17
  • IBM WebSphere Application Server 6.0.2
    cpe:2.3:a:ibm:websphere_application_server:6.0.2
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2:-:fp17
    cpe:2.3:a:ibm:websphere_application_server:6.0.2:-:fp17
  • IBM WebSphere Application Server 6.0.2.1
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.1
  • IBM WebSphere Application Server 6.0.2.2
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.2
  • IBM WebSphere Application Server 6.0.2.3
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.3
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.10
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.10
  • IBM WebSphere Application Server 6.0.2.11
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.11
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.12
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.12
  • IBM WebSphere Application Server 6.0.2.13
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.13
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.14
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.14
  • IBM WebSphere Application Server 6.0.2.15
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.15
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.16
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.16
  • IBM WebSphere Application Server 6.0.2.17
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.17
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.18
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.18
  • IBM WebSphere Application Server 6.0.2.19
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.19
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.20
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.20
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.21
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.21
  • IBM WebSphere Application Server 6.0.2.22
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.22
  • IBM WebSphere Application Server 6.0.2.23
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.23
  • IBM WebSphere Application Server 6.0.2.24
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.24
  • IBM WebSphere Application Server 6.0.2.25
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.25
  • IBM WebSphere Application Server 6.0.2.28
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.28
  • IBM WebSphere Application Server 6.0.2.29
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.29
  • IBM WebSphere Application Server 6.0.2.30
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.30
  • IBM WebSphere Application Server 6.0.2.31
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.31
  • IBM WebSphere Application Server 6.0.2.32
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.32
  • IBM WebSphere Application Server 6.0.2.33
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.33
  • IBM WebSphere Application Server 6.1
    cpe:2.3:a:ibm:websphere_application_server:6.1
  • IBM WebSphere Application Server 6.1.0
    cpe:2.3:a:ibm:websphere_application_server:6.1.0
  • IBM WebSphere Application Server 6.1.0.0
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.0
  • IBM WebSphere Application Server 6.1.0.1 (Fix Pack 1)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.1
  • IBM WebSphere Application Server 6.1.0.2 (Fix Pack 2)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.2
  • IBM WebSphere Application Server 6.1.0.3 (Fix Pack 3)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.3
  • cpe:2.3:a:ibm:websphere_application_server:6.1.0.4
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.4
  • IBM WebSphere Application Server 6.1.0.5 (Fix Pack 5)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.5
  • cpe:2.3:a:ibm:websphere_application_server:6.1.0.6
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.6
  • IBM WebSphere Application Server 6.1.0.7 (Fix Pack 7)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.7
  • cpe:2.3:a:ibm:websphere_application_server:6.1.0.8
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.8
  • IBM WebSphere Application Server 6.1.0.9 (Fix Pack 9)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.9
  • cpe:2.3:a:ibm:websphere_application_server:6.1.0.10
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.10
  • IBM WebSphere Application Server 6.1.0.11 (Fix Pack 11)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.11
  • IBM WebSphere Application Server 6.1.0.12
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.12
  • IBM WebSphere Application Server 6.1.0.13 (Fix Pack 13)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.13
  • IBM WebSphere Application Server 6.1.0.14 (Fix Pack 14)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.14
  • IBM WebSphere Application Server 6.1.0.15 (Fix Pack 15)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.15
  • cpe:2.3:a:ibm:websphere_application_server:6.1.0.16
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.16
  • IBM WebSphere Application Server 6.1.0.17 (Fix Pack 17)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.17
  • cpe:2.3:a:ibm:websphere_application_server:6.1.0.18
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.18
  • IBM WebSphere Application Server 6.1.0.19 (Fix Pack 19)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.19
  • cpe:2.3:a:ibm:websphere_application_server:6.1.0.20
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.20
  • IBM WebSphere Application Server 6.1.0.21 (Fix Pack 21)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.21
  • cpe:2.3:a:ibm:websphere_application_server:6.1.0.22
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.22
  • IBM WebSphere Application Server 6.1.0.23 (Fix Pack 23)
    cpe:2.3:a:ibm:websphere_application_server:6.1.0.23
  • IBM WebSphere Application Server 7.0
    cpe:2.3:a:ibm:websphere_application_server:7.0
  • IBM WebSphere Application Server 7.0.0.1
    cpe:2.3:a:ibm:websphere_application_server:7.0.0.1
  • cpe:2.3:a:mono_project:mono:1.2.1
    cpe:2.3:a:mono_project:mono:1.2.1
  • cpe:2.3:a:mono_project:mono:1.2.2
    cpe:2.3:a:mono_project:mono:1.2.2
  • cpe:2.3:a:mono_project:mono:1.2.3
    cpe:2.3:a:mono_project:mono:1.2.3
  • cpe:2.3:a:mono_project:mono:1.2.4
    cpe:2.3:a:mono_project:mono:1.2.4
  • cpe:2.3:a:mono_project:mono:1.2.5
    cpe:2.3:a:mono_project:mono:1.2.5
  • cpe:2.3:a:mono_project:mono:1.2.6
    cpe:2.3:a:mono_project:mono:1.2.6
  • cpe:2.3:a:mono_project:mono:1.9
    cpe:2.3:a:mono_project:mono:1.9
  • cpe:2.3:a:mono_project:mono:2.0
    cpe:2.3:a:mono_project:mono:2.0
  • Oracle Application Server 10g 10.1.2.3
    cpe:2.3:a:oracle:application_server:10.1.2.3
  • cpe:2.3:a:oracle:application_server:10.1.3.4
    cpe:2.3:a:oracle:application_server:10.1.3.4
  • cpe:2.3:a:oracle:application_server:10.1.4.3im
    cpe:2.3:a:oracle:application_server:10.1.4.3im
  • cpe:2.3:a:oracle:bea_product_suite:8.1:sp6
    cpe:2.3:a:oracle:bea_product_suite:8.1:sp6
  • cpe:2.3:a:oracle:bea_product_suite:9.0
    cpe:2.3:a:oracle:bea_product_suite:9.0
  • cpe:2.3:a:oracle:bea_product_suite:9.1
    cpe:2.3:a:oracle:bea_product_suite:9.1
  • cpe:2.3:a:oracle:bea_product_suite:9.2:mp3
    cpe:2.3:a:oracle:bea_product_suite:9.2:mp3
  • cpe:2.3:a:oracle:bea_product_suite:10.0:mp1
    cpe:2.3:a:oracle:bea_product_suite:10.0:mp1
  • cpe:2.3:a:oracle:bea_product_suite:10.3
    cpe:2.3:a:oracle:bea_product_suite:10.3
  • cpe:2.3:a:oracle:weblogic_server_component:8.1:sp6
    cpe:2.3:a:oracle:weblogic_server_component:8.1:sp6
  • cpe:2.3:a:oracle:weblogic_server_component:9.0
    cpe:2.3:a:oracle:weblogic_server_component:9.0
  • cpe:2.3:a:oracle:weblogic_server_component:9.1
    cpe:2.3:a:oracle:weblogic_server_component:9.1
  • cpe:2.3:a:oracle:weblogic_server_component:9.2:mp3
    cpe:2.3:a:oracle:weblogic_server_component:9.2:mp3
  • cpe:2.3:a:oracle:weblogic_server_component:10.0:mp1
    cpe:2.3:a:oracle:weblogic_server_component:10.0:mp1
  • cpe:2.3:a:oracle:weblogic_server_component:10.3
    cpe:2.3:a:oracle:weblogic_server_component:10.3
CVSS
Base: 5.0 (as of 15-07-2009 - 09:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
msbulletin via4
bulletin_id MS10-041
bulletin_url
date 2010-06-08T00:00:00
impact Tampering
knowledgebase_id 981343
knowledgebase_url
severity Important
title Vulnerability in Microsoft .NET Framework Could Allow Tampering
nessus via4
  • NASL family Windows
    NASL id OPENOFFICE_32.NASL
    description The version of Sun Microsystems OpenOffice.org installed on the remote host is prior to version 3.2. It is, therefore, affected by several issues : - Signatures may not be handled properly due to a vulnerability in the libxml2 library. (CVE-2006-4339) - There is an HMAC truncation authentication bypass vulnerability in the libxmlsec library. (CVE-2009-0217) - The application is bundled with a vulnerable version of the Microsoft VC++ runtime. (CVE-2009-2493) - Specially crafted XPM files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2949) - Specially crafted GIF files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2950) - Specially crafted Microsoft Word documents are not processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / CVE-2009-3302)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 44597
    published 2010-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44597
    title Sun OpenOffice.org < 3.2 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1650.NASL
    description Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5 as JBEAP 4.2.0.CP08. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.2.0.CP07. These updated packages include bug fixes and enhancements which are detailed in the Release Notes, available shortly from: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform / The following security issues are also fixed with this release : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xml-security. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Swatej Kumar discovered cross-site scripting (XSS) flaws in the JBoss Application Server Web Console. An attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session. (CVE-2009-2405) A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625) An information leak flaw was found in the twiddle command line client. The JMX password was logged in plain text to 'twiddle.log'. (CVE-2009-3554) An XSS flaw was found in the JMX Console. An attacker could use this flaw to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session. (CVE-2009-1380) Warning: Before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files. All users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 63906
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63906
    title RHEL 5 : JBoss EAP (RHSA-2009:1650)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59651
    published 2012-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59651
    title GLSA-201206-13 : Mono: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_JAVA-1_6_0-OPENJDK-090826.NASL
    description The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documentes. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. (CVE-2009-0217) The WebStart component does not allow to run unsigned code in some cases. (CVE-2009-1896) A NULL pointer dereference was fixed in the LittleCMS component. (CVE-2009-0793)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40816
    published 2009-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40816
    title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201408-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77467
    published 2014-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77467
    title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-090827.NASL
    description The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documentes. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. (CVE-2009-0217) The WebStart component does not allow to run unsigned code in some cases. (CVE-2009-1896) A NULL pointer dereference was fixed in the LittleCMS component. (CVE-2009-0793)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40818
    published 2009-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40818
    title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_128641.NASL
    description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
    last seen 2019-02-21
    modified 2016-12-09
    plugin id 35421
    published 2009-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35421
    title Solaris 9 (x86) : 128641-30
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-322.NASL
    description Multiple vulnerabilities has been found and corrected in mono : IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers (CVE-2007-5197). Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren) (CVE-2008-3422). CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string (CVE-2008-3906). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers The updated packages have been patched to fix these issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 43041
    published 2009-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43041
    title Mandriva Linux Security Advisory : mono (MDVSA-2009:322)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-826-1.NASL
    description It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3422) It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data (such as passwords), or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3906). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40794
    published 2009-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40794
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : mono vulnerabilities (USN-826-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-268.NASL
    description Multiple vulnerabilities has been found and corrected in mono : Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren) (CVE-2008-3422). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes these vulnerabilities.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 42095
    published 2009-10-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42095
    title Mandriva Linux Security Advisory : mono (MDVSA-2009:268)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-318.NASL
    description Multiple security vulnerabilities has been identified and fixed in xmlsec1 : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes this vulnerability.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 43021
    published 2009-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43021
    title Mandriva Linux Security Advisory : xmlsec1 (MDVSA-2009:318)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-814-1.NASL
    description It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) It was discovered that JAR bundles would appear signed if only one element was signed. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this to gain access to private information and potentially run untrusted code. (CVE-2009-1896) It was discovered that certain variables could leak information. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this to gain access to private information and potentially run untrusted code. (CVE-2009-2475, CVE-2009-2690) A flaw was discovered the OpenType checking. If a user were tricked into running a malicious Java applet, a remote attacker could bypass access restrictions. (CVE-2009-2476) It was discovered that the XML processor did not correctly check recursion. If a user or automated system were tricked into processing a specially crafted XML, the system could crash, leading to a denial of service. (CVE-2009-2625) It was discovered that the Java audio subsystem did not correctly validate certain parameters. If a user were tricked into running an untrusted applet, a remote attacker could read system properties. (CVE-2009-2670) Multiple flaws were discovered in the proxy subsystem. If a user were tricked into running an untrusted applet, a remote attacker could discover local user names, obtain access to sensitive information, or bypass socket restrictions, leading to a loss of privacy. (CVE-2009-2671, CVE-2009-2672, CVE-2009-2673) Flaws were discovered in the handling of JPEG images, Unpack200 archives, and JDK13Services. If a user were tricked into running an untrusted applet, a remote attacker could load a specially crafted file that would bypass local file access protections and run arbitrary code with user privileges. (CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40547
    published 2009-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40547
    title Ubuntu 8.10 / 9.04 : openjdk-6 vulnerabilities (USN-814-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C97D7A37223311DF96DD001B2134EF46.NASL
    description OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.2 CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime CVE-2009-2949: Potential vulnerability related to XPM file processing CVE-2009-2950: Potential vulnerability related to GIF file processing CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44922
    published 2010-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44922
    title FreeBSD : openoffice.org -- multiple vulnerabilities (c97d7a37-2233-11df-96dd-001b2134ef46)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_128641-30.NASL
    description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
    last seen 2019-02-21
    modified 2018-10-29
    plugin id 107968
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107968
    title Solaris 10 (x86) : 128641-30
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_128640.NASL
    description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
    last seen 2019-02-21
    modified 2016-12-09
    plugin id 35419
    published 2009-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35419
    title Solaris 9 (sparc) : 128640-30
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1636.NASL
    description Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP07. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.3.0.CP06. These updated packages include bug fixes and enhancements which are detailed in the Release Notes, available shortly from: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform / The following security issues are also fixed with this release : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xml-security. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Swatej Kumar discovered cross-site scripting (XSS) flaws in the JBoss Application Server Web Console. An attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session. (CVE-2009-2405) A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625) An information leak flaw was found in the twiddle command line client. The JMX password was logged in plain text to 'twiddle.log'. (CVE-2009-3554) An XSS flaw was found in the JMX Console. An attacker could use this flaw to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session. (CVE-2009-1380) Warning: Before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files. All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade to these updated packages.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 63903
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63903
    title RHEL 4 : JBoss EAP (RHSA-2009:1636)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_128641.NASL
    description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 128641 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 35415
    published 2009-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35415
    title Solaris 10 (x86) : 128641-30 (deprecated)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1637.NASL
    description Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP08. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.2.0.CP07. These updated packages include bug fixes and enhancements which are detailed in the Release Notes, available shortly from: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform / The following security issues are also fixed with this release : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xml-security. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Swatej Kumar discovered cross-site scripting (XSS) flaws in the JBoss Application Server Web Console. An attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session. (CVE-2009-2405) A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625) An information leak flaw was found in the twiddle command line client. The JMX password was logged in plain text to 'twiddle.log'. (CVE-2009-3554) An XSS flaw was found in the JMX Console. An attacker could use this flaw to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session. (CVE-2009-1380) Warning: Before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files. All users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade to these updated packages.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 63904
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63904
    title RHEL 4 : JBoss EAP (RHSA-2009:1637)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1649.NASL
    description Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP07. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.3.0.CP06. These updated packages include bug fixes and enhancements which are detailed in the Release Notes, available shortly from: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform / The following security issues are also fixed with this release : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xml-security. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Swatej Kumar discovered cross-site scripting (XSS) flaws in the JBoss Application Server Web Console. An attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session. (CVE-2009-2405) A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625) An information leak flaw was found in the twiddle command line client. The JMX password was logged in plain text to 'twiddle.log'. (CVE-2009-3554) An XSS flaw was found in the JMX Console. An attacker could use this flaw to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser session. (CVE-2009-1380) Warning: Before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files. All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 63905
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63905
    title RHEL 5 : JBoss EAP (RHSA-2009:1649)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_128640-30.NASL
    description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
    last seen 2019-02-21
    modified 2018-10-26
    plugin id 107469
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107469
    title Solaris 10 (sparc) : 128640-30
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125136.NASL
    description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 This plugin has been deprecated and either replaced with individual 125136 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 26984
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26984
    title Solaris 10 (sparc) : 125136-97 (deprecated)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-267.NASL
    description A vulnerability has been found and corrected in xmlsec1 : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). This update fixes this vulnerability.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 42092
    published 2009-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42092
    title Mandriva Linux Security Advisory : xmlsec1 (MDVSA-2009:267)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141710-03.NASL
    description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, _x86: SVR. Date this patch was last updated by Sun : Jan/08/10
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 108027
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108027
    title Solaris 10 (x86) : 141710-03
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8121.NASL
    description Fixes CVE-2009-0217 (#511915) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40451
    published 2009-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40451
    title Fedora 10 : xml-security-c-1.5.1-1.fc10 (2009-8121)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1200.NASL
    description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2690) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40749
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40749
    title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1200)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_125136.NASL
    description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15
    last seen 2018-09-01
    modified 2015-10-20
    plugin id 27008
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27008
    title Solaris 8 (sparc) : 125136-97
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_125136.NASL
    description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15
    last seen 2018-09-01
    modified 2015-10-20
    plugin id 27020
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27020
    title Solaris 9 (sparc) : 125136-97
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENOFFICE_ORG-100225.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness. (CVE-2009-0217) - XPM Import Integer Overflow. (CVE-2009-2949) - GIF Import Heap Overflow. (CVE-2009-2950) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3301) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3302) - In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2010-0136) This also provides the maintenance update to OpenOffice.org-3.2. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.0.html
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 51594
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51594
    title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100216.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45075
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45075
    title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1980)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1694.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM 'Security alerts' page listed in the References section. (CVE-2009-0217, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR7 Java release. All running instances of IBM Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 43597
    published 2009-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43597
    title RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1694)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_10_5_UPDATE5.NASL
    description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 5. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 40873
    published 2009-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40873
    title Mac OS X : Java for Mac OS X 10.5 Update 5
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100211.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45073
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45073
    title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1981)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_708C65A57C5811DEA9940030843D3802.NASL
    description Secunia reports : A security issue has been reported in Mono, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to an error when processing certain XML signatures.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 40429
    published 2009-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40429
    title FreeBSD : mono -- XML signature HMAC truncation spoofing (708c65a5-7c58-11de-a994-0030843d3802)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_141710.NASL
    description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, _x86: SVR. Date this patch was last updated by Sun : Jan/08/10 This plugin has been deprecated and either replaced with individual 141710 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 39003
    published 2009-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39003
    title Solaris 10 (x86) : 141710-03 (deprecated)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090908_XMLSEC1_ON_SL4_X.NASL
    description CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60663
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60663
    title Scientific Linux Security Update : xmlsec1 on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-6884.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2009-0217) This also provides the maintenance update to OpenOffice.org-3.2.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51685
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51685
    title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6884)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_OPENOFFICE_ORG-100226.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness. (CVE-2009-0217) - XPM Import Integer Overflow. (CVE-2009-2949) - GIF Import Heap Overflow. (CVE-2009-2950) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3301) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3302) - In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2010-0136) This also provides the maintenance update to OpenOffice.org-3.2. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.0.html
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45064
    published 2010-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45064
    title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-903-1.NASL
    description It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) Sebastian Apelt and Frank Reissner discovered that OpenOffice did not correctly import XPM and GIF images. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. (CVE-2009-2949, CVE-2009-2950) Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. (CVE-2009-3301, CVE-2009-3302) It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls. (CVE-2010-0136). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 44912
    published 2010-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44912
    title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openoffice.org vulnerabilities (USN-903-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_OPENOFFICE_ORG-100211.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 45071
    published 2010-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45071
    title openSUSE Security Update : OpenOffice_org (OpenOffice_org-1979)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8329.NASL
    description Urgent security updates have been included Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40507
    published 2009-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40507
    title Fedora 11 : java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 (2009-8329)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090806_JAVA_1_6_0_OPENJDK_ON_SL5_3.NASL
    description CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524) CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071) CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497) CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373) CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335) CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701) CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600 49,6660539,6813167) CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293) CVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges (6777448) CVE-2009-2690 OpenJDK private variable information disclosure (6777487) A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60633
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60633
    title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.3 i386/x86_64
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125136-71.NASL
    description JavaSE 6: update 71 patch (equivalent to JDK 6u71). Date this patch was last updated by Sun : Jan/14/14
    last seen 2018-11-22
    modified 2018-11-21
    plugin id 107415
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107415
    title Solaris 10 (sparc) : 125136-71
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-091102.NASL
    description The IBM Java 6 JRE/SDK was updated to Service Release 6, fixing various bugs and security issues. The following security issues were fixed : - A security vulnerability in the JNLPAppletLauncher might impact users of the Sun JDK and JRE. Non-current versions of the JNLPAppletLauncher might be re-purposed with an untrusted Java applet to write arbitrary files on the system of the user downloading and running the untrusted applet. (CVE-2009-2676) The JNLPAppletLauncher is a general purpose JNLP-based applet launcher class for deploying applets that use extension libraries containing native code. - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) - A vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to access system properties. (CVE-2009-2670) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217) Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application. - A vulnerability in the Java Runtime Environment with the SOCKS proxy implementation might allow an untrusted applet or Java Web Start application to determine the username of the user running the applet or application. (CVE-2009-2671 / CVE-2009-2672) A second vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to obtain browser cookies and leverage those cookies to hijack sessions. - A vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to make non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-2674) - An integer overflow vulnerability in the Java Runtime Environment with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-2675) - A vulnerability in the Java Runtime Environment (JRE) with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on. (CVE-2009-2625)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 42396
    published 2009-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42396
    title SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1497)
  • NASL family Misc.
    NASL id SUN_JAVA_JRE_263408_UNIX.NASL
    description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 / 1.3.1_26. Such version are potentially affected by the following security issues : - A vulnerability in the JRE audio system may allow system properties to be accessed. (263408) - A privilege escalation vulnerability may exist in the JRE SOCKS proxy implementation. (263409) - An integer overflow vulnerability when parsing JPEG images may allow an untrusted Java Web Start application to elevate privileges. (263428) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation may allow authentication to be bypassed. (263429) - An integer overflow vulnerability with unpacking applets and Java Web start applications using the 'unpack200' JAR unpacking utility may allow an untrusted applet to elevate privileges. (263488) - An issue with parsing XML data may allow a remote client to create a denial of service condition. (263489) - Non-current versions of the 'JNLPAppletLauncher' may be re-purposed with an untrusted Java applet to write arbitrary files. (263490)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64830
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64830
    title Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) (Unix)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_128640.NASL
    description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 128640 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 35409
    published 2009-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35409
    title Solaris 10 (sparc) : 128640-30 (deprecated)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1995.NASL
    description Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. - CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. - CVE-2009-2949 Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. - CVE-2009-2950 Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. - CVE-2009-3301/ CVE-2009-3302 Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44859
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44859
    title Debian DSA-1995-1 : openoffice.org - several vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8337.NASL
    description Urgent security fixes have been included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40515
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40515
    title Fedora 10 : java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 (2009-8337)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-6883.NASL
    description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2009-0217) This also provides the maintenance update to OpenOffice.org-3.2.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51684
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51684
    title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6883)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1201.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. This update also fixes the following bug : * the EVR in the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux allowed the java-1.6.0-openjdk package from the EPEL repository to take precedence (appear newer). Users using java-1.6.0-openjdk from EPEL would not have received security updates since October 2008. This update prevents the packages from EPEL from taking precedence. (BZ#499079) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40510
    published 2009-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40510
    title RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1201)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1201.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. This update also fixes the following bug : * the EVR in the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux allowed the java-1.6.0-openjdk package from the EPEL repository to take precedence (appear newer). Users using java-1.6.0-openjdk from EPEL would not have received security updates since October 2008. This update prevents the packages from EPEL from taking precedence. (BZ#499079) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43774
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43774
    title CentOS 5 : java-1.6.0-openjdk (CESA-2009:1201)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1201.NASL
    description From Red Hat Security Advisory 2009:1201 : Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. This update also fixes the following bug : * the EVR in the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux allowed the java-1.6.0-openjdk package from the EPEL repository to take precedence (appear newer). Users using java-1.6.0-openjdk from EPEL would not have received security updates since October 2008. This update prevents the packages from EPEL from taking precedence. (BZ#499079) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67905
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67905
    title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1201)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125136-75.NASL
    description JavaSE 6: update 75 patch (equivalent to JDK 6u75). Date this patch was last updated by Sun : Apr/14/14
    last seen 2018-11-22
    modified 2018-11-21
    plugin id 107416
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107416
    title Solaris 10 (sparc) : 125136-75
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_141710.NASL
    description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, _x86: SVR. Date this patch was last updated by Sun : Jan/08/10
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 39005
    published 2009-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39005
    title Solaris 9 (x86) : 141710-03
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS10-041.NASL
    description A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 46848
    published 2010-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46848
    title MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_141709.NASL
    description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, Solaris:. Date this patch was last updated by Sun : Jan/08/10 This plugin has been deprecated and either replaced with individual 141709 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 39002
    published 2009-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39002
    title Solaris 10 (sparc) : 141709-03 (deprecated)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8473.NASL
    description - Tue Aug 11 2009 Daniel Veillard - 1.2.12-1 - update to new upstream release 1.2.12 - includes fix for CVE-2009-0217 - cleanup spec file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40567
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40567
    title Fedora 11 : xmlsec1-1.2.12-1.fc11 (2009-8473)
  • NASL family Windows
    NASL id SUN_JAVA_JRE_263408.NASL
    description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 / 1.3.1_26. Such version are potentially affected by the following security issues : - A vulnerability in the JRE audio system may allow system properties to be accessed. (263408) - A privilege escalation vulnerability may exist in the JRE SOCKS proxy implementation. (263409) - An integer overflow vulnerability when parsing JPEG images may allow an untrusted Java Web Start application to escalate privileges. (263428) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation may allow authentication to be bypassed. (263429) - An integer overflow vulnerability with unpacking applets and Java Web start applications using the 'unpack200' JAR unpacking utility may allow an untrusted applet to escalate privileges. (263488) - An issue with parsing XML data may allow a remote client to create a denial of service condition. (263489) - Non-current versions of the 'JNLPAppletLauncher' may be re-purposed with an untrusted Java applet to write arbitrary files. (263490) - A vulnerability in the Active Template Library in various releases of Microsoft Visual Studio that is used by the Java Web Start ActiveX control can be leveraged to execute arbitrary code. (264648)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 40495
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40495
    title Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_JAVA-1_6_0-IBM-100105.NASL
    description IBM Java 6 was updated to Service Refresh 7. The following security issues were fixed : - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A command execution vulnerability in the Java Runtime Environment Deployment Toolkit might be used to run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3865) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - A security vulnerability in the Java Web Start Installer might be used to allow an untrusted Java Web Start application to run as a trusted application and run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3866) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217) Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 43872
    published 2010-01-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43872
    title SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1748)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1849.NASL
    description It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44714
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44714
    title Debian DSA-1849-1 : xml-security-c - design flaw
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1428.NASL
    description Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40894
    published 2009-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40894
    title CentOS 4 / 5 : xmlsec1 (CESA-2009:1428)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8456.NASL
    description - Tue Aug 11 2009 Daniel Veillard - 1.2.12-1 - update to new upstream release 1.2.12 - includes fix for CVE-2009-0217 - cleanup spec file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40579
    published 2009-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40579
    title Fedora 10 : xmlsec1-1.2.12-1.fc10 (2009-8456)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_141709-03.NASL
    description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, Solaris:. Date this patch was last updated by Sun : Jan/08/10
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107528
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107528
    title Solaris 10 (sparc) : 141709-03
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-269.NASL
    description A vulnerability has been found and corrected in mono : The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes this vulnerability.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 48155
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48155
    title Mandriva Linux Security Advisory : mono (MDVSA-2009:269)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_141709.NASL
    description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, Solaris:. Date this patch was last updated by Sun : Jan/08/10
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 39004
    published 2009-06-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39004
    title Solaris 9 (sparc) : 141709-03
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090824_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    description CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524) CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071) CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497) CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373) CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335) CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701) CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600 49,6660539,6813167) CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293) CVE-2009-2690 OpenJDK private variable information disclosure (6777487) CVE-2009-2676 JRE applet launcher vulnerability All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60645
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60645
    title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-209.NASL
    description Multiple Java OpenJDK security vulnerabilities has been identified and fixed : The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation specifies an HMAC truncation length (HMACOutputLength) but does not require a minimum for its length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits (CVE-2009-0217). The Java Web Start framework does not properly check all application jar files trust and this allows context-dependent attackers to execute arbitrary code via a crafted application, related to NetX (CVE-2009-1896). Some variables and data structures without the final keyword definition allows context-depend attackers to obtain sensitive information. The target variables and data structures are stated as follow: (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475). The Java Management Extensions (JMX) implementation does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object (CVE-2009-2476). A flaw in the Xerces2 as used in OpenJDK allows remote attackers to cause denial of service via a malformed XML input (CVE-2009-2625). The audio system does not prevent access to java.lang.System properties either by untrusted applets and Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties (CVE-2009-2670). A flaw in the SOCKS proxy implementation allows remote attackers to discover the user name of the account that invoked either an untrusted applet or Java Web Start application via unspecified vectors (CVE-2009-2671). A flaw in the proxy mechanism implementation allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword (CVE-2009-2673). An integer overflow in the JPEG images parsing allows context-dependent attackers to gain privileges via an untrusted Java Web Start application that grants permissions to itself (CVE-2009-2674). An integer overflow in the unpack200 utility decompression allows context-dependent attackers to gain privileges via vectors involving either an untrusted applet or Java Web Start application that grants permissions to itself (CVE-2009-2675). A flaw in the JDK13Services.getProviders grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions either via an untrusted applet or application (CVE-2009-2689). A flaw in the OpenJDK's encoder, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information either via an untrusted applet or application (CVE-2009-2690).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 40694
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40694
    title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0043.NASL
    description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.3. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) Users of Red Hat Network Satellite Server 5.3 are advised to upgrade to these updated java-1.6.0-ibm packages, which resolve these issues. For this update to take effect, Red Hat Network Satellite Server must be restarted ('/usr/sbin/rhn-satellite restart'), as well as all running instances of IBM Java.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44029
    published 2010-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44029
    title RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1428.NASL
    description From Red Hat Security Advisory 2009:1428 : Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67921
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67921
    title Oracle Linux 4 / 5 : xmlsec1 (ELSA-2009-1428)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8157.NASL
    description Fixes CVE-2009-0217 (#511915) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40454
    published 2009-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40454
    title Fedora 11 : xml-security-c-1.5.1-1.fc11 (2009-8157)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1428.NASL
    description Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 40902
    published 2009-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40902
    title RHEL 4 / 5 : xmlsec1 (RHSA-2009:1428)
  • NASL family Web Servers
    NASL id ORACLE_APPLICATION_SERVER_PCI.NASL
    description The remote host is running Oracle Application Server. It was not possible to determine its version, so the version of Oracle Application Server installed on the remote host could potentially be affected by multiple vulnerabilities : - CVE-2000-0169: Remote command execution in the web listener component. - CVE-2000-1235: Information disclosure in the port listener component and modplsql. - CVE-2000-1236: SQL injection in mod_sql. - CVE-2001-0326: Information disclosure in the Java Virtual Machine. - CVE-2001-0419: Buffer overflow in ndwfn4.so. - CVE-2001-0591: Directory traversal. - CVE-2001-1216: Buffer overflow in the PL/SQL Apache module. - CVE-2001-1217: Directory traversal vulnerability in the PL/SQL Apache module. - CVE-2001-1371: Improper access control in the SOAP service. - CVE-2001-1372: Information disclosure. - CVE-2002-0386: Denial of service through the administration module for Oracle Web Cache. - CVE-2002-0559: Buffer overflows in the PL/SQL module. - CVE-2002-0560: Information disclosure in the PL/SQL module. - CVE-2002-0561: Authentication bypass in the PL/SQL Gateway web administration interface. - CVE-2002-0562: Information disclosure through globals.jsa. - CVE-2002-0563: Improper access control on several services. - CVE-2002-0564: Authentication bypass in the PL/SQL module. - CVE-2002-0565: Information disclosure through JSP files in the _pages directory. - CVE-2002-0566: Denial of service in the PL/SQL module. - CVE-2002-0568: Improper access control on XSQLConfig.xml and soapConfig.xml. - CVE-2002-0569: Authentication bypass through XSQLServlet. - CVE-2002-0655: Denial of service in OpenSSL. - CVE-2002-0656: Buffer overflows in OpenSSL. - CVE-2002-0659: Denial of service in OpenSSL. - CVE-2002-0840: Cross-site scripting in the default error page of Apache. - CVE-2002-0842: Format string vulnerability in mod_dav. - CVE-2002-0843: Buffer overflows in ApacheBench. - CVE-2002-0947: Buffer overflow in rwcgi60. - CVE-2002-1089: Information disclosure in rwcgi60. - CVE-2002-1630: Improper access control on sendmail.jsp. - CVE-2002-1631: SQL injection in query.xsql. - CVE-2002-1632: Information disclosure through several JSP pages. - CVE-2002-1635: Information disclosure in Apache. - CVE-2002-1636: Cross-site scripting in the htp PL/SQL package. - CVE-2002-1637: Default credentials in multiple components. - CVE-2002-1858: Information disclosure through the WEB-INF directory. - CVE-2002-2153: Format string vulnerability in the administrative pages of the PL/SQL module. - CVE-2002-2345: Credential leakage in the web cache administrator interface. - CVE-2002-2347: Cross-site scripting in several JSP pages. - CVE-2004-1362: Authentication bypass in the PL/SQL module. - CVE-2004-1363: Buffer overflow in extproc. - CVE-2004-1364: Directory traversal in extproc. - CVE-2004-1365: Command execution in extproc. - CVE-2004-1366: Improper access control on emoms.properties. - CVE-2004-1367: Credential leakage in Database Server. - CVE-2004-1368: Arbitrary file execution in ISQL*Plus. - CVE-2004-1369: Denial of service in TNS Listener. - CVE-2004-1370: Multiple SQL injection vulnerabilities in PL/SQL. - CVE-2004-1371: Stack-based buffer overflow. - CVE-2004-1707: Privilege escalation in dbsnmp and nmo. - CVE-2004-1774: Buffer overflow in the MD2 package. - CVE-2004-1877: Phishing vulnerability in Single Sign-On component. - CVE-2004-2134: Weak cryptography for passwords in the toplink mapping workBench. - CVE-2004-2244: Denial of service in the XML parser. - CVE-2005-1383: Authentication bypass in HTTP Server. - CVE-2005-1495: Detection bypass. - CVE-2005-1496: Privilege escalation in the DBMS_Scheduler. - CVE-2005-2093: Web cache poisoning. - CVE-2005-3204: Cross-site scripting. - CVE-2005-3445: Multiple unspecified vulnerabilities in HTTP Server. - CVE-2005-3446: Unspecified vulnerability in Internet Directory. - CVE-2005-3447: Unspecified vulnerability in Single Sign-On. - CVE-2005-3448: Unspecified vulnerability in the OC4J module. - CVE-2005-3449: Multiple unspecified vulnerabilities in multiple components. - CVE-2005-3450: Unspecified vulnerability in HTTP Server. - CVE-2005-3451: Unspecified vulnerability in SQL*ReportWriter. - CVE-2005-3452: Unspecified vulnerability in Web Cache. - CVE-2005-3453: Multiple unspecified vulnerabilities in Web Cache. - CVE-2006-0273: Unspecified vulnerability in the Portal component. - CVE-2006-0274: Unspecified vulnerability in the Oracle Reports Developer component. - CVE-2006-0275: Unspecified vulnerability in the Oracle Reports Developer component. - CVE-2006-0282: Unspecified vulnerability. - CVE-2006-0283: Unspecified vulnerability. - CVE-2006-0284: Multiple unspecified vulnerabilities. - CVE-2006-0285: Unspecified vulnerability in the Java Net component. - CVE-2006-0286: Unspecified vulnerability in HTTP Server. - CVE-2006-0287: Unspecified vulnerability in HTTP Server. - CVE-2006-0288: Multiple unspecified vulnerabilities in the Oracle Reports Developer component. - CVE-2006-0289: Multiple unspecified vulnerabilities. - CVE-2006-0290: Unspecified vulnerability in the Oracle Workflow Cartridge component. - CVE-2006-0291: Multiple unspecified vulnerabilities in the Oracle Workflow Cartridge component. - CVE-2006-0435: Unspecified vulnerability in Oracle PL/SQL. - CVE-2006-0552: Unspecified vulnerability in the Net Listener component. - CVE-2006-0586: Multiple SQL injection vulnerabilities. - CVE-2006-1884: Unspecified vulnerability in the Oracle Thesaurus Management System component. - CVE-2006-3706: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3707: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3708: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3709: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3710: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3711: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3712: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3713: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3714: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5353: Unspecified vulnerability in HTTP Server. - CVE-2006-5354: Unspecified vulnerability in HTTP Server. - CVE-2006-5355: Unspecified vulnerability in Single Sign-On. - CVE-2006-5356: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5357: Unspecified vulnerability in HTTP Server. - CVE-2006-5358: Unspecified vulnerability in the Oracle Forms component. - CVE-2006-5359: Multiple unspecified vulnerabilities in Oracle Reports Developer component. - CVE-2006-5360: Unspecified vulnerability in Oracle Forms component. - CVE-2006-5361: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5362: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5363: Unspecified vulnerability in Single Sign-On. - CVE-2006-5364: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5365: Unspecified vulnerability in Oracle Forms. - CVE-2006-5366: Multiple unspecified vulnerabilities. - CVE-2007-0222: Directory traversal vulnerability in EmChartBean. - CVE-2007-0275: Cross-site scripting vulnerability in Oracle Reports Web Cartridge (RWCGI60). - CVE-2007-0280: Buffer overflow in Oracle Notification Service. - CVE-2007-0281: Multiple unspecified vulnerabilities in HTTP Server. - CVE-2007-0282: Unspecified vulnerability in OPMN02. - CVE-2007-0283: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2007-0284: Multiple unspecified vulnerabilities in Oracle Containers for J2EE. - CVE-2007-0285: Unspecified vulnerability in Oracle Reports Developer. - CVE-2007-0286: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2007-0287: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2007-0288: Unspecified vulnerability in Oracle Internet Directory. - CVE-2007-0289: Multiple unspecified vulnerabilities in Oracle Containers for J2EE. - CVE-2007-1359: Improper access control in mod_security. - CVE-2007-1609: Cross-site scripting vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS). - CVE-2007-2119: Cross-site scripting vulnerability in the Administration Front End for Oracle Enterprise (Ultra) Search. - CVE-2007-2120: Denial of service in the Oracle Discoverer servlet. - CVE-2007-2121: Unspecified vulnerability in the COREid Access component. - CVE-2007-2122: Unspecified vulnerability in the Wireless component. - CVE-2007-2123: Unspecified vulnerability in the Portal component. - CVE-2007-2124: Unspecified vulnerability in the Portal component. - CVE-2007-2130: Unspecified vulnerability in Workflow Cartridge. - CVE-2007-3553: Cross-site scripting vulnerability in Rapid Install Web Server. - CVE-2007-3854: Multiple unspecified vulnerabilities in the Advanced Queuing component and the Spatial component. - CVE-2007-3859: Unspecified vulnerability in the Oracle Internet Directory component. - CVE-2007-3861: Unspecified vulnerability in Oracle Jdeveloper. - CVE-2007-3862: Unspecified vulnerability in Single Sign-On. - CVE-2007-3863: Unspecified vulnerability in Oracle JDeveloper. - CVE-2007-5516: Unspecified vulnerability in the Oracle Process Mgmt & Notification component. - CVE-2007-5517: Unspecified vulnerability in the Oracle Portal component. - CVE-2007-5518: Unspecified vulnerability in HTTP Server. - CVE-2007-5519: Unspecified vulnerability in the Oracle Portal component. - CVE-2007-5520: Unspecified vulnerability in the Oracle Internet Directory component. - CVE-2007-5521: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2007-5522: Unspecified vulnerability in the Oracle Portal component. - CVE-2007-5523: Unspecified vulnerability in the Oracle Internet Directory component. - CVE-2007-5524: Unspecified vulnerability in Single Sign-On. - CVE-2007-5525: Unspecified vulnerability in Single Sign-On. - CVE-2007-5526: Unspecified vulnerability in the Oracle Portal component. - CVE-2007-5531: Unspecified vulnerability in Oracle Help for Web. - CVE-2008-0340: Multiple unspecified vulnerabilities in the Advanced Queuing component and Spatial component. - CVE-2008-0343: Unspecified vulnerability in the Oracle Spatial component. - CVE-2008-0344: Unspecified vulnerability in the Oracle Spatial component. - CVE-2008-0345: Unspecified vulnerability in the Core RDBMS component. - CVE-2008-0346: Unspecified vulnerability in the Oracle Jinitiator component. - CVE-2008-0347: Unspecified vulnerability in the Oracle Ultra Search component. - CVE-2008-0348: Multiple unspecified vulnerabilities in the PeopleTools component. - CVE-2008-0349: Unspecified vulnerability in the PeopleTools component. - CVE-2008-1812: Unspecified vulnerability in the Oracle Enterprise Manager component. - CVE-2008-1814: Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component. - CVE-2008-1823: Unspecified vulnerability in the Oracle Jinitiator component. - CVE-2008-1824: Unspecified vulnerability in the Oracle Dynamic Monitoring Service component. - CVE-2008-1825: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2583: Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component. - CVE-2008-2588: Unspecified vulnerability in the Oracle JDeveloper component. - CVE-2008-2589: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2593: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2594: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2595: Unspecified vulnerability in the Oracle Internet Directory component. - CVE-2008-2609: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2612: Unspecified vulnerability in the Hyperion BI Plus component. - CVE-2008-2614: Unspecified vulnerability in HTTP Server. - CVE-2008-2619: Unspecified vulnerability in the Oracle Reports Developer component. - CVE-2008-2623: Unspecified vulnerability in the Oracle JDeveloper component. - CVE-2008-3975: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-3977: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-3986: Unspecified vulnerability in the Oracle Discoverer Administrator component. - CVE-2008-3987: Unspecified vulnerability in the Oracle Discoverer Desktop component. - CVE-2008-4014: Unspecified vulnerability in the Oracle BPEL Process Manager component. - CVE-2008-4017: Unspecified vulnerability in the OC4J component. - CVE-2008-5438: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-7233: Unspecified vulnerability in the Oracle Jinitiator component. - CVE-2009-0217: Signature spoofing vulnerability in multiple components. - CVE-2009-0989: Unspecified vulnerability in the BI Publisher component. - CVE-2009-0990: Unspecified vulnerability in the BI Publisher component. - CVE-2009-0994: Unspecified vulnerability in the BI Publisher component. - CVE-2009-1008: Unspecified vulnerability in the Outside In Technology component. - CVE-2009-1009: Unspecified vulnerability in the Outside In Technology component. - CVE-2009-1010: Unspecified vulnerability in the Outside In Technology component. - CVE-2009-1011: Unspecified vulnerability in the Outside In Technology component. - CVE-2009-1017: Unspecified vulnerability in the BI Publisher component. - CVE-2009-1976: Unspecified vulnerability in HTTP Server. - CVE-2009-1990: Unspecified vulnerability in the Business Intelligence Enterprise Edition component. - CVE-2009-1999: Unspecified vulnerability in the Business Intelligence Enterprise Edition component. - CVE-2009-3407: Unspecified vulnerability in the Portal component. - CVE-2009-3412: Unspecified vulnerability in the Unzip component. - CVE-2010-0066: Unspecified vulnerability in the Access Manager Identity Server component. - CVE-2010-0067: Unspecified vulnerability in the Oracle Containers for J2EE component. - CVE-2010-0070: Unspecified vulnerability in the Oracle Containers for J2EE component. - CVE-2011-0789: Unspecified vulnerability in HTTP Server. - CVE-2011-0795: Unspecified vulnerability in Single Sign-On. - CVE-2011-0884: Unspecified vulnerability in the Oracle BPEL Process Manager component. - CVE-2011-2237: Unspecified vulnerability in the Oracle Web Services Manager component. - CVE-2011-2314: Unspecified vulnerability in the Oracle Containers for J2EE component. - CVE-2011-3523: Unspecified vulnerability in the Oracle Web Services Manager component.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 57619
    published 2012-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57619
    title Oracle Application Server Multiple Vulnerabilities
oval via4
  • accepted 2013-04-29T04:03:03.908-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description and bypass authentication by specifying a truncation length with a small number of bits.
    family unix
    id oval:org.mitre.oval:def:10186
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title and bypass authentication by specifying a truncation length with a small number of bits.
    version 25
  • accepted 2014-08-18T04:06:24.788-04:00
    class vulnerability
    contributors
    • name Dragos Prisaca
      organization Symantec Corporation
    • name J. Daniel Brown
      organization DTCC
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Sharath S
      organization SecPod Technologies
    • name Maria Mikhno
      organization ALTX-SOFT
    definition_extensions
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft .NET Framework 1.1 Service Pack 1 is Installed
      oval oval:org.mitre.oval:def:1834
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft .NET Framework 1.1 Service Pack 1 is Installed
      oval oval:org.mitre.oval:def:1834
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft .NET Framework 3.5 Original Release is installed
      oval oval:org.mitre.oval:def:6689
    • comment Microsoft Windows 2000 is installed
      oval oval:org.mitre.oval:def:85
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft .NET Framework 2.0 Service Pack 2 is installed
      oval oval:org.mitre.oval:def:6158
    • comment Microsoft .NET Framework 3.5 SP1 is installed
      oval oval:org.mitre.oval:def:12542
    • comment Microsoft Windows XP (32-bit) is installed
      oval oval:org.mitre.oval:def:1353
    • comment Microsoft Windows XP x64 is installed
      oval oval:org.mitre.oval:def:15247
    • comment Microsoft Windows Server 2003 (32-bit) is installed
      oval oval:org.mitre.oval:def:1870
    • comment Microsoft Windows Server 2003 (x64) is installed
      oval oval:org.mitre.oval:def:730
    • comment Microsoft Windows Server 2003 (ia64) Gold is installed
      oval oval:org.mitre.oval:def:396
    • comment Microsoft .NET Framework 3.5 Original Release is installed
      oval oval:org.mitre.oval:def:6689
    • comment Microsoft Windows Vista (32-bit) is installed
      oval oval:org.mitre.oval:def:1282
    • comment Microsoft Windows Vista x64 Edition is installed
      oval oval:org.mitre.oval:def:2041
    • comment Microsoft Windows Server 2008 (32-bit) is installed
      oval oval:org.mitre.oval:def:4870
    • comment Microsoft Windows Server 2008 (64-bit) is installed
      oval oval:org.mitre.oval:def:5356
    • comment Microsoft Windows Server 2008 (ia-64) is installed
      oval oval:org.mitre.oval:def:5667
    • comment Microsoft .NET Framework 3.5 SP1 is installed
      oval oval:org.mitre.oval:def:12542
    • comment Microsoft Windows 7 (32-bit) is installed
      oval oval:org.mitre.oval:def:6165
    • comment Microsoft Windows 7 x64 Edition is installed
      oval oval:org.mitre.oval:def:5950
    • comment Microsoft Windows Server 2008 R2 x64 Edition is installed
      oval oval:org.mitre.oval:def:6438
    • comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed
      oval oval:org.mitre.oval:def:5954
    • comment Microsoft .NET Framework 3.5 SP1 is installed
      oval oval:org.mitre.oval:def:12542
    description The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
    family windows
    id oval:org.mitre.oval:def:7158
    status accepted
    submitted 2010-06-08T13:00:00
    title XML Signature HMAC Truncation Authentication Bypass Vulnerability
    version 43
  • accepted 2015-04-20T04:02:41.445-04:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
    family unix
    id oval:org.mitre.oval:def:8717
    status accepted
    submitted 2010-03-22T17:00:25.000-04:00
    title HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
    version 43
redhat via4
advisories
  • bugzilla
    id 511915
    title CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment xmlsec1 is earlier than 0:1.2.6-3.1
            oval oval:com.redhat.rhsa:tst:20091428002
          • comment xmlsec1 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091428003
        • AND
          • comment xmlsec1-devel is earlier than 0:1.2.6-3.1
            oval oval:com.redhat.rhsa:tst:20091428008
          • comment xmlsec1-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091428009
        • AND
          • comment xmlsec1-openssl is earlier than 0:1.2.6-3.1
            oval oval:com.redhat.rhsa:tst:20091428004
          • comment xmlsec1-openssl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091428005
        • AND
          • comment xmlsec1-openssl-devel is earlier than 0:1.2.6-3.1
            oval oval:com.redhat.rhsa:tst:20091428006
          • comment xmlsec1-openssl-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091428007
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment xmlsec1 is earlier than 0:1.2.9-8.1.1
            oval oval:com.redhat.rhsa:tst:20091428011
          • comment xmlsec1 is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091428012
        • AND
          • comment xmlsec1-devel is earlier than 0:1.2.9-8.1.1
            oval oval:com.redhat.rhsa:tst:20091428021
          • comment xmlsec1-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091428022
        • AND
          • comment xmlsec1-gnutls is earlier than 0:1.2.9-8.1.1
            oval oval:com.redhat.rhsa:tst:20091428023
          • comment xmlsec1-gnutls is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091428024
        • AND
          • comment xmlsec1-gnutls-devel is earlier than 0:1.2.9-8.1.1
            oval oval:com.redhat.rhsa:tst:20091428019
          • comment xmlsec1-gnutls-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091428020
        • AND
          • comment xmlsec1-nss is earlier than 0:1.2.9-8.1.1
            oval oval:com.redhat.rhsa:tst:20091428015
          • comment xmlsec1-nss is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091428016
        • AND
          • comment xmlsec1-nss-devel is earlier than 0:1.2.9-8.1.1
            oval oval:com.redhat.rhsa:tst:20091428025
          • comment xmlsec1-nss-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091428026
        • AND
          • comment xmlsec1-openssl is earlier than 0:1.2.9-8.1.1
            oval oval:com.redhat.rhsa:tst:20091428013
          • comment xmlsec1-openssl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091428014
        • AND
          • comment xmlsec1-openssl-devel is earlier than 0:1.2.9-8.1.1
            oval oval:com.redhat.rhsa:tst:20091428017
          • comment xmlsec1-openssl-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091428018
    rhsa
    id RHSA-2009:1428
    released 2009-09-08
    severity Moderate
    title RHSA-2009:1428: xmlsec1 security update (Moderate)
  • rhsa
    id RHSA-2009:1200
  • rhsa
    id RHSA-2009:1201
  • rhsa
    id RHSA-2009:1636
  • rhsa
    id RHSA-2009:1637
  • rhsa
    id RHSA-2009:1649
  • rhsa
    id RHSA-2009:1650
  • rhsa
    id RHSA-2009:1694
rpms
  • java-1.6.0-openjdk-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.2.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.2.b09.el5
  • xmlsec1-0:1.2.6-3.1
  • xmlsec1-devel-0:1.2.6-3.1
  • xmlsec1-openssl-0:1.2.6-3.1
  • xmlsec1-openssl-devel-0:1.2.6-3.1
  • xmlsec1-0:1.2.9-8.1.1
  • xmlsec1-devel-0:1.2.9-8.1.1
  • xmlsec1-gnutls-0:1.2.9-8.1.1
  • xmlsec1-gnutls-devel-0:1.2.9-8.1.1
  • xmlsec1-nss-0:1.2.9-8.1.1
  • xmlsec1-nss-devel-0:1.2.9-8.1.1
  • xmlsec1-openssl-0:1.2.9-8.1.1
  • xmlsec1-openssl-devel-0:1.2.9-8.1.1
refmap via4
aixapar
  • PK80596
  • PK80627
apple APPLE-SA-2009-09-03-1
bid 35671
cert
  • TA09-294A
  • TA10-159B
cert-vn VU#466161
confirm
debian DSA-1995
fedora
  • FEDORA-2009-8329
  • FEDORA-2009-8337
  • FEDORA-2009-8456
  • FEDORA-2009-8473
gentoo GLSA-201408-19
hp
  • HPSBUX02476
  • SSRT090250
mandriva MDVSA-2009:209
misc http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
ms MS10-041
osvdb
  • 55895
  • 55907
sectrack
  • 1022561
  • 1022567
  • 1022661
secunia
  • 34461
  • 35776
  • 35852
  • 35853
  • 35854
  • 35855
  • 35858
  • 36162
  • 36176
  • 36180
  • 36494
  • 37300
  • 37671
  • 37841
  • 38567
  • 38568
  • 38695
  • 38921
  • 41818
  • 60799
sunalert
  • 1020710
  • 263429
  • 269208
suse
  • SUSE-SA:2009:053
  • SUSE-SA:2010:017
ubuntu
  • USN-826-1
  • USN-903-1
vupen
  • ADV-2009-1900
  • ADV-2009-1908
  • ADV-2009-1909
  • ADV-2009-1911
  • ADV-2009-2543
  • ADV-2009-3122
  • ADV-2010-0366
  • ADV-2010-0635
Last major update 13-11-2014 - 21:59
Published 14-07-2009 - 19:30
Last modified 12-10-2018 - 17:49
Back to Top