National Vulnerability Database (NVD) National Vulnerability Database (CVE-2009-0217)

National Cyber Awareness System

Vulnerability Summary for CVE-2009-0217

Original release date:07/14/2009

Last revised:10/23/2012

Source: US-CERT/NIST

Overview

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA10-159B

Name: TA10-159B

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA10-159B.html

US-CERT Technical Alert: TA09-294A

Name: TA09-294A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA09-294A.html

US-CERT Vulnerability Note: VU#466161

Name: VU#466161

Hyperlink:http://www.kb.cert.org/vuls/id/466161

External Source: VUPEN

Name: ADV-2009-1911

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/1911

External Source: VUPEN

Name: ADV-2009-1909

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/1909

External Source: VUPEN

Name: ADV-2009-1908

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/1908

External Source: VUPEN

Name: ADV-2009-1900

Type: Advisory; Patch Information

Hyperlink:http://www.vupen.com/english/advisories/2009/1900

External Source: BID

Name: 35671

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/35671

External Source: CONFIRM

Name: http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925

Type: Advisory; Patch Information

Hyperlink:http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925

External Source: AIXAPAR

Name: PK80627

Type: Advisory; Patch Information

Hyperlink:http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere

External Source: AIXAPAR

Name: PK80596

Type: Advisory; Patch Information

Hyperlink:http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere

External Source: FEDORA

Name: FEDORA-2009-8473

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html

External Source: FEDORA

Name: FEDORA-2009-8456

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html

External Source: FEDORA

Name: FEDORA-2009-8337

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

External Source: FEDORA

Name: FEDORA-2009-8329

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

External Source: REDHAT

Name: RHSA-2009:1650

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1650.html

External Source: REDHAT

Name: RHSA-2009:1649

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1649.html

External Source: REDHAT

Name: RHSA-2009:1637

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1637.html

External Source: REDHAT

Name: RHSA-2009:1636

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1636.html

External Source: REDHAT

Name: RHSA-2009:1428

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1428.html

External Source: REDHAT

Name: RHSA-2009:1201

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1201.html

External Source: REDHAT

Name: RHSA-2009:1200

Hyperlink:https://rhn.redhat.com/errata/RHSA-2009-1200.html

External Source: CONFIRM

Name: https://issues.apache.org/bugzilla/show_bug.cgi?id=47527

Hyperlink:https://issues.apache.org/bugzilla/show_bug.cgi?id=47527

External Source: CONFIRM

Name: https://issues.apache.org/bugzilla/show_bug.cgi?id=47526

Hyperlink:https://issues.apache.org/bugzilla/show_bug.cgi?id=47526

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=511915

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=511915

External Source: MISC

Name: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html

Type: Advisory

Hyperlink:http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html

External Source: CONFIRM

Name: http://www.w3.org/2008/06/xmldsigcore-errata.html#e03

Type: Advisory

Hyperlink:http://www.w3.org/2008/06/xmldsigcore-errata.html#e03

External Source: VUPEN

Name: ADV-2010-0635

Hyperlink:http://www.vupen.com/english/advisories/2010/0635

External Source: VUPEN

Name: ADV-2010-0366

Hyperlink:http://www.vupen.com/english/advisories/2010/0366

External Source: VUPEN

Name: ADV-2009-3122

Hyperlink:http://www.vupen.com/english/advisories/2009/3122

External Source: VUPEN

Name: ADV-2009-2543

Hyperlink:http://www.vupen.com/english/advisories/2009/2543

External Source: UBUNTU

Name: USN-826-1

Hyperlink:http://www.ubuntulinux.org/support/documentation/usn/usn-826-1

External Source: UBUNTU

Name: USN-903-1

Hyperlink:http://www.ubuntu.com/usn/USN-903-1

External Source: SECTRACK

Name: 1022661

Hyperlink:http://www.securitytracker.com/id?1022661

External Source: SECTRACK

Name: 1022567

Hyperlink:http://www.securitytracker.com/id?1022567

External Source: SECTRACK

Name: 1022561

Hyperlink:http://www.securitytracker.com/id?1022561

External Source: REDHAT

Name: RHSA-2009:1694

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1694.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

External Source: CONFIRM

Name: http://www.openoffice.org/security/cves/CVE-2009-0217.html

Hyperlink:http://www.openoffice.org/security/cves/CVE-2009-0217.html

External Source: CONFIRM

Name: http://www.mono-project.com/Vulnerabilities

Type: Advisory

Hyperlink:http://www.mono-project.com/Vulnerabilities

External Source: MS

Name: MS10-041

Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx

External Source: MANDRIVA

Name: MDVSA-2009:209

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:209

External Source: CONFIRM

Name: http://www.kb.cert.org/vuls/id/WDON-7TY529

Hyperlink:http://www.kb.cert.org/vuls/id/WDON-7TY529

External Source: CONFIRM

Name: http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ

Hyperlink:http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ

External Source: DEBIAN

Name: DSA-1995

Hyperlink:http://www.debian.org/security/2010/dsa-1995

External Source: CONFIRM

Name: http://www.aleksey.com/xmlsec/

Hyperlink:http://www.aleksey.com/xmlsec/

External Source: CONFIRM

Name: http://svn.apache.org/viewvc?revision=794013&view=revision

Hyperlink:http://svn.apache.org/viewvc?revision=794013&view=revision

External Source: SUNALERT

Name: 1020710

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1

External Source: SUNALERT

Name: 269208

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1

External Source: SUNALERT

Name: 263429

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1

External Source: CONFIRM

Name: http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1

External Source: SECUNIA

Name: 38921

Hyperlink:http://secunia.com/advisories/38921

External Source: SECUNIA

Name: 38695

Hyperlink:http://secunia.com/advisories/38695

External Source: SECUNIA

Name: 38568

Hyperlink:http://secunia.com/advisories/38568

External Source: SECUNIA

Name: 38567

Hyperlink:http://secunia.com/advisories/38567

External Source: SECUNIA

Name: 37841

Hyperlink:http://secunia.com/advisories/37841

External Source: SECUNIA

Name: 37671

Hyperlink:http://secunia.com/advisories/37671

External Source: SECUNIA

Name: 37300

Hyperlink:http://secunia.com/advisories/37300

External Source: SECUNIA

Name: 36494

Type: Advisory

Hyperlink:http://secunia.com/advisories/36494

External Source: SECUNIA

Name: 36180

Type: Advisory

Hyperlink:http://secunia.com/advisories/36180

External Source: SECUNIA

Name: 36176

Type: Advisory

Hyperlink:http://secunia.com/advisories/36176

External Source: SECUNIA

Name: 36162

Type: Advisory

Hyperlink:http://secunia.com/advisories/36162

External Source: SECUNIA

Name: 35858

Type: Advisory

Hyperlink:http://secunia.com/advisories/35858

External Source: SECUNIA

Name: 35855

Type: Advisory

Hyperlink:http://secunia.com/advisories/35855

External Source: SECUNIA

Name: 35854

Type: Advisory

Hyperlink:http://secunia.com/advisories/35854

External Source: SECUNIA

Name: 35853

Type: Advisory

Hyperlink:http://secunia.com/advisories/35853

External Source: SECUNIA

Name: 35852

Type: Advisory

Hyperlink:http://secunia.com/advisories/35852

External Source: SECUNIA

Name: 35776

Type: Advisory

Hyperlink:http://secunia.com/advisories/35776

External Source: OVAL

Name: oval:org.mitre.oval:def:8717

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8717

External Source: OVAL

Name: oval:org.mitre.oval:def:7158

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7158

External Source: OVAL

Name: oval:org.mitre.oval:def:10186

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10186

External Source: OSVDB

Name: 55907

Hyperlink:http://osvdb.org/55907

External Source: OSVDB

Name: 55895

Hyperlink:http://osvdb.org/55895

External Source: HP

Name: HPSBUX02476

Hyperlink:http://marc.info/?l=bugtraq&m=125787273209737&w=2

External Source: HP

Name: HPSBUX02476

Hyperlink:http://marc.info/?l=bugtraq&m=125787273209737&w=2

External Source: SUSE

Name: SUSE-SA:2010:017

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html

External Source: SUSE

Name: SUSE-SA:2009:053

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

External Source: APPLE

Name: APPLE-SA-2009-09-03-1

Hyperlink:http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

External Source: CONFIRM

Name: http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7

Hyperlink:http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7

External Source: CONFIRM

Name: http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7

Hyperlink:http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7

External Source: CONFIRM

Name: http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161

Hyperlink:http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161

References to Check Content

Identifier:oval:org.mitre.oval:def:10186

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10186

Identifier:oval:org.mitre.oval:def:7158

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7158

Identifier:oval:org.mitre.oval:def:8717

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8717

Vulnerable software and versions

Configuration 1

* cpe:/a:oracle:application_server:10.1.3.4

* cpe:/a:oracle:application_server:10.1.2.3

* cpe:/a:oracle:application_server:10.1.4.3im

* cpe:/a:oracle:bea_product_suite:10.3

* cpe:/a:oracle:bea_product_suite:9.2:mp3

* cpe:/a:oracle:bea_product_suite:8.1:sp6

* cpe:/a:oracle:bea_product_suite:9.1

* cpe:/a:oracle:bea_product_suite:9.0

* cpe:/a:oracle:bea_product_suite:10.0:mp1

* cpe:/a:mono_project:mono:2.0

* cpe:/a:mono_project:mono:1.2.6

* cpe:/a:mono_project:mono:1.2.3

* cpe:/a:mono_project:mono:1.2.2

* cpe:/a:mono_project:mono:1.2.5

* cpe:/a:mono_project:mono:1.2.4

* cpe:/a:mono_project:mono:1.2.1

* cpe:/a:mono_project:mono:1.9

* cpe:/a:oracle:weblogic_server_component:10.3

* cpe:/a:oracle:weblogic_server_component:10.0:mp1

* cpe:/a:oracle:weblogic_server_component:9.2:mp3

* cpe:/a:oracle:weblogic_server_component:9.1

* cpe:/a:oracle:weblogic_server_component:9.0

* cpe:/a:oracle:weblogic_server_component:8.1:sp6

* cpe:/a:ibm:websphere_application_server:6.0.1.15

* cpe:/a:ibm:websphere_application_server:6.0.1.17

* cpe:/a:ibm:websphere_application_server:6.0.2.10

* cpe:/a:ibm:websphere_application_server:6.0.2.12

* cpe:/a:ibm:websphere_application_server:6.0.2.14

* cpe:/a:ibm:websphere_application_server:6.0.2.16

* cpe:/a:ibm:websphere_application_server:6.0.2.18

* cpe:/a:ibm:websphere_application_server:6.0.2.20

* cpe:/a:ibm:websphere_application_server:6.0.1.5

* cpe:/a:ibm:websphere_application_server:6.0.1.3

* cpe:/a:ibm:websphere_application_server:6.0.1.1

* cpe:/a:ibm:websphere_application_server:6.0.1.13

* cpe:/a:ibm:websphere_application_server:6.0.1.11

* cpe:/a:ibm:websphere_application_server:6.0.1.9

* cpe:/a:ibm:websphere_application_server:6.0.1.7

* cpe:/a:ibm:websphere_application_server:6.0.2.13

* cpe:/a:ibm:websphere_application_server:6.0.2.11

* cpe:/a:ibm:websphere_application_server:6.0.2.1

* cpe:/a:ibm:websphere_application_server:6.0.2

* cpe:/a:ibm:websphere_application_server:6.0.2.2

* cpe:/a:ibm:websphere_application_server:6.0.2.19

* cpe:/a:ibm:websphere_application_server:6.0.2.17

* cpe:/a:ibm:websphere_application_server:6.0.2.15

* cpe:/a:ibm:websphere_application_server:6.0

* cpe:/a:ibm:websphere_application_server:6.0.0.1

* cpe:/a:ibm:websphere_application_server:6.0.1

* cpe:/a:ibm:websphere_application_server:6.0.1.2

* cpe:/a:ibm:websphere_application_server:6.0.2.21

* cpe:/a:ibm:websphere_application_server:6.0.0.2

* cpe:/a:ibm:websphere_application_server:6.0.0.3

* cpe:/a:ibm:websphere_application_server:6.0.2.33

* cpe:/a:ibm:websphere_application_server:6.0.2.32

* cpe:/a:ibm:websphere_application_server:6.0.2.31

* cpe:/a:ibm:websphere_application_server:6.0.2.30

* cpe:/a:ibm:websphere_application_server:6.0.2.3

* cpe:/a:ibm:websphere_application_server:6.0.2.29

* cpe:/a:ibm:websphere_application_server:6.0.2.28

* cpe:/a:ibm:websphere_application_server:6.0.2.25

* cpe:/a:ibm:websphere_application_server:6.0.2.24

* cpe:/a:ibm:websphere_application_server:6.0.2.23

* cpe:/a:ibm:websphere_application_server:6.0.2.22

* cpe:/a:ibm:websphere_application_server:6.0.2::fp17

* cpe:/a:ibm:websphere_application_server:6.1.0.19

* cpe:/a:ibm:websphere_application_server:6.1.0.21

* cpe:/a:ibm:websphere_application_server:6.1.0.20

* cpe:/a:ibm:websphere_application_server:6.1.0.22

* cpe:/a:ibm:websphere_application_server:6.1.0.23

* cpe:/a:ibm:websphere_application_server:6.1.0.1

* cpe:/a:ibm:websphere_application_server:6.1.0.16

* cpe:/a:ibm:websphere_application_server:6.1.0.2

* cpe:/a:ibm:websphere_application_server:6.1.0.10

* cpe:/a:ibm:websphere_application_server:6.1.0.15

* cpe:/a:ibm:websphere_application_server:6.1.0.13

* cpe:/a:ibm:websphere_application_server:6.1.0.14

* cpe:/a:ibm:websphere_application_server:6.1.0.17

* cpe:/a:ibm:websphere_application_server:6.1.0.0

* cpe:/a:ibm:websphere_application_server:6.1.0

* cpe:/a:ibm:websphere_application_server:6.1.0.11

* cpe:/a:ibm:websphere_application_server:6.1.0.12

* cpe:/a:ibm:websphere_application_server:6.1

* cpe:/a:ibm:websphere_application_server:6.1.0.18

* cpe:/a:ibm:websphere_application_server:6.1.0.3

* cpe:/a:ibm:websphere_application_server:6.1.0.4

* cpe:/a:ibm:websphere_application_server:6.1.0.5

* cpe:/a:ibm:websphere_application_server:6.1.0.6

* cpe:/a:ibm:websphere_application_server:6.1.0.7

* cpe:/a:ibm:websphere_application_server:6.1.0.8

* cpe:/a:ibm:websphere_application_server:6.1.0.9

* cpe:/a:ibm:websphere_application_server:7.0

* cpe:/a:ibm:websphere_application_server:7.0.0.1

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Design Error (NVD-CWE-DesignError)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217