Vulnerabilities > CVE-2009-0217 - Authentication Bypass vulnerability in IETF and W3C XML Digital Signature Specification HMAC Truncation
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Vulnerable Configurations
Msbulletin
| bulletin_id | MS10-041 |
| bulletin_url | |
| date | 2010-06-08T00:00:00 |
| impact | Tampering |
| knowledgebase_id | 981343 |
| knowledgebase_url | |
| severity | Important |
| title | Vulnerability in Microsoft .NET Framework Could Allow Tampering |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS8_125136.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27008 published 2007-10-12 reporter This script is Copyright (C) 2007-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27008 title Solaris 8 (sparc) : 125136-97 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(27008); script_version("$Revision: 1.32 $"); script_cvs_date("$Date: 2015/10/20 23:02:22 $"); script_cve_id("CVE-2009-0217", "CVE-2009-2625", "CVE-2009-2670", "CVE-2009-2671", "CVE-2009-2672", "CVE-2009-2673", "CVE-2009-2674", "CVE-2009-2675", "CVE-2009-2676", "CVE-2009-3403", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0451", "CVE-2014-0453", "CVE-2014-0457", "CVE-2014-0460", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2412", "CVE-2014-2421", "CVE-2014-2427"); script_name(english:"Solaris 8 (sparc) : 125136-97"); script_summary(english:"Check for patch 125136-97"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 125136-97" ); script_set_attribute( attribute:"description", value: "JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/125136-97" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2015 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"125136-97", obsoleted_by:"152076-05 ", package:"SUNWj6rt", version:"1.6.0,REV=2006.11.29.05.57") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"125136-97", obsoleted_by:"152076-05 ", package:"SUNWj6jmp", version:"1.6.0,REV=2006.12.07.19.24") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"125136-97", obsoleted_by:"152076-05 ", package:"SUNWj6man", version:"1.6.0,REV=2006.12.07.16.37") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"125136-97", obsoleted_by:"152076-05 ", package:"SUNWj6cfg", version:"1.6.0,REV=2006.11.29.05.57") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"125136-97", obsoleted_by:"152076-05 ", package:"SUNWj6dmo", version:"1.6.0,REV=2006.11.29.05.57") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"125136-97", obsoleted_by:"152076-05 ", package:"SUNWj6dev", version:"1.6.0,REV=2006.11.29.05.57") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-903-1.NASL description It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) Sebastian Apelt and Frank Reissner discovered that OpenOffice did not correctly import XPM and GIF images. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. (CVE-2009-2949, CVE-2009-2950) Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. (CVE-2009-3301, CVE-2009-3302) It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls. (CVE-2010-0136). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44912 published 2010-02-25 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44912 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openoffice.org vulnerabilities (USN-903-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_125136-75.NASL description JavaSE 6: update 75 patch (equivalent to JDK 6u75). Date this patch was last updated by Sun : Apr/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107416 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107416 title Solaris 10 (sparc) : 125136-75 NASL family Fedora Local Security Checks NASL id FEDORA_2009-8456.NASL description - Tue Aug 11 2009 Daniel Veillard <veillard at redhat.com> - 1.2.12-1 - update to new upstream release 1.2.12 - includes fix for CVE-2009-0217 - cleanup spec file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40579 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40579 title Fedora 10 : xmlsec1-1.2.12-1.fc10 (2009-8456) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-318.NASL description Multiple security vulnerabilities has been identified and fixed in xmlsec1 : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 43021 published 2009-12-07 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43021 title Mandriva Linux Security Advisory : xmlsec1 (MDVSA-2009:318) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-814-1.NASL description It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) It was discovered that JAR bundles would appear signed if only one element was signed. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this to gain access to private information and potentially run untrusted code. (CVE-2009-1896) It was discovered that certain variables could leak information. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this to gain access to private information and potentially run untrusted code. (CVE-2009-2475, CVE-2009-2690) A flaw was discovered the OpenType checking. If a user were tricked into running a malicious Java applet, a remote attacker could bypass access restrictions. (CVE-2009-2476) It was discovered that the XML processor did not correctly check recursion. If a user or automated system were tricked into processing a specially crafted XML, the system could crash, leading to a denial of service. (CVE-2009-2625) It was discovered that the Java audio subsystem did not correctly validate certain parameters. If a user were tricked into running an untrusted applet, a remote attacker could read system properties. (CVE-2009-2670) Multiple flaws were discovered in the proxy subsystem. If a user were tricked into running an untrusted applet, a remote attacker could discover local user names, obtain access to sensitive information, or bypass socket restrictions, leading to a loss of privacy. (CVE-2009-2671, CVE-2009-2672, CVE-2009-2673) Flaws were discovered in the handling of JPEG images, Unpack200 archives, and JDK13Services. If a user were tricked into running an untrusted applet, a remote attacker could load a specially crafted file that would bypass local file access protections and run arbitrary code with user privileges. (CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40547 published 2009-08-11 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40547 title Ubuntu 8.10 / 9.04 : openjdk-6 vulnerabilities (USN-814-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_128641-30.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 107968 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107968 title Solaris 10 (x86) : 128641-30 NASL family Fedora Local Security Checks NASL id FEDORA_2009-8473.NASL description - Tue Aug 11 2009 Daniel Veillard <veillard at redhat.com> - 1.2.12-1 - update to new upstream release 1.2.12 - includes fix for CVE-2009-0217 - cleanup spec file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40567 published 2009-08-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40567 title Fedora 11 : xmlsec1-1.2.12-1.fc11 (2009-8473) NASL family Solaris Local Security Checks NASL id SOLARIS9_128640.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 35419 published 2009-01-19 reporter This script is Copyright (C) 2009-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35419 title Solaris 9 (sparc) : 128640-30 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-19.NASL description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77467 published 2014-09-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77467 title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20090806_JAVA_1_6_0_OPENJDK_ON_SL5_3.NASL description CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524) CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071) CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497) CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373) CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335) CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701) CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600 49,6660539,6813167) CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293) CVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges (6777448) CVE-2009-2690 OpenJDK private variable information disclosure (6777487) A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the last seen 2020-06-01 modified 2020-06-02 plugin id 60633 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60633 title Scientific Linux Security Update : java-1.6.0-openjdk on SL5.3 i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2009-8337.NASL description Urgent security fixes have been included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40515 published 2009-08-10 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40515 title Fedora 10 : java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 (2009-8337) NASL family SuSE Local Security Checks NASL id SUSE_11_0_OPENOFFICE_ORG-100211.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. last seen 2020-06-01 modified 2020-06-02 plugin id 45071 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45071 title openSUSE Security Update : OpenOffice_org (OpenOffice_org-1979) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_141710-03.NASL description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, _x86: SVR. Date this patch was last updated by Sun : Jan/08/10 last seen 2020-06-01 modified 2020-06-02 plugin id 108027 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108027 title Solaris 10 (x86) : 141710-03 NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_6_0-OPENJDK-090826.NASL description The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documentes. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. (CVE-2009-0217) The WebStart component does not allow to run unsigned code in some cases. (CVE-2009-1896) A NULL pointer dereference was fixed in the LittleCMS component. (CVE-2009-0793) last seen 2020-06-01 modified 2020-06-02 plugin id 40816 published 2009-08-31 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40816 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252) NASL family Solaris Local Security Checks NASL id SOLARIS9_125136.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 27020 published 2007-10-12 reporter This script is Copyright (C) 2007-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27020 title Solaris 9 (sparc) : 125136-97 NASL family Web Servers NASL id ORACLE_APPLICATION_SERVER_PCI.NASL description The remote host is running Oracle Application Server. It was not possible to determine its version, so the version of Oracle Application Server installed on the remote host could potentially be affected by multiple vulnerabilities : - CVE-2000-0169: Remote command execution in the web listener component. - CVE-2000-1235: Information disclosure in the port listener component and modplsql. - CVE-2000-1236: SQL injection in mod_sql. - CVE-2001-0326: Information disclosure in the Java Virtual Machine. - CVE-2001-0419: Buffer overflow in ndwfn4.so. - CVE-2001-0591: Directory traversal. - CVE-2001-1216: Buffer overflow in the PL/SQL Apache module. - CVE-2001-1217: Directory traversal vulnerability in the PL/SQL Apache module. - CVE-2001-1371: Improper access control in the SOAP service. - CVE-2001-1372: Information disclosure. - CVE-2002-0386: Denial of service through the administration module for Oracle Web Cache. - CVE-2002-0559: Buffer overflows in the PL/SQL module. - CVE-2002-0560: Information disclosure in the PL/SQL module. - CVE-2002-0561: Authentication bypass in the PL/SQL Gateway web administration interface. - CVE-2002-0562: Information disclosure through globals.jsa. - CVE-2002-0563: Improper access control on several services. - CVE-2002-0564: Authentication bypass in the PL/SQL module. - CVE-2002-0565: Information disclosure through JSP files in the _pages directory. - CVE-2002-0566: Denial of service in the PL/SQL module. - CVE-2002-0568: Improper access control on XSQLConfig.xml and soapConfig.xml. - CVE-2002-0569: Authentication bypass through XSQLServlet. - CVE-2002-0655: Denial of service in OpenSSL. - CVE-2002-0656: Buffer overflows in OpenSSL. - CVE-2002-0659: Denial of service in OpenSSL. - CVE-2002-0840: Cross-site scripting in the default error page of Apache. - CVE-2002-0842: Format string vulnerability in mod_dav. - CVE-2002-0843: Buffer overflows in ApacheBench. - CVE-2002-0947: Buffer overflow in rwcgi60. - CVE-2002-1089: Information disclosure in rwcgi60. - CVE-2002-1630: Improper access control on sendmail.jsp. - CVE-2002-1631: SQL injection in query.xsql. - CVE-2002-1632: Information disclosure through several JSP pages. - CVE-2002-1635: Information disclosure in Apache. - CVE-2002-1636: Cross-site scripting in the htp PL/SQL package. - CVE-2002-1637: Default credentials in multiple components. - CVE-2002-1858: Information disclosure through the WEB-INF directory. - CVE-2002-2153: Format string vulnerability in the administrative pages of the PL/SQL module. - CVE-2002-2345: Credential leakage in the web cache administrator interface. - CVE-2002-2347: Cross-site scripting in several JSP pages. - CVE-2004-1362: Authentication bypass in the PL/SQL module. - CVE-2004-1363: Buffer overflow in extproc. - CVE-2004-1364: Directory traversal in extproc. - CVE-2004-1365: Command execution in extproc. - CVE-2004-1366: Improper access control on emoms.properties. - CVE-2004-1367: Credential leakage in Database Server. - CVE-2004-1368: Arbitrary file execution in ISQL*Plus. - CVE-2004-1369: Denial of service in TNS Listener. - CVE-2004-1370: Multiple SQL injection vulnerabilities in PL/SQL. - CVE-2004-1371: Stack-based buffer overflow. - CVE-2004-1707: Privilege escalation in dbsnmp and nmo. - CVE-2004-1774: Buffer overflow in the MD2 package. - CVE-2004-1877: Phishing vulnerability in Single Sign-On component. - CVE-2004-2134: Weak cryptography for passwords in the toplink mapping workBench. - CVE-2004-2244: Denial of service in the XML parser. - CVE-2005-1383: Authentication bypass in HTTP Server. - CVE-2005-1495: Detection bypass. - CVE-2005-1496: Privilege escalation in the DBMS_Scheduler. - CVE-2005-2093: Web cache poisoning. - CVE-2005-3204: Cross-site scripting. - CVE-2005-3445: Multiple unspecified vulnerabilities in HTTP Server. - CVE-2005-3446: Unspecified vulnerability in Internet Directory. - CVE-2005-3447: Unspecified vulnerability in Single Sign-On. - CVE-2005-3448: Unspecified vulnerability in the OC4J module. - CVE-2005-3449: Multiple unspecified vulnerabilities in multiple components. - CVE-2005-3450: Unspecified vulnerability in HTTP Server. - CVE-2005-3451: Unspecified vulnerability in SQL*ReportWriter. - CVE-2005-3452: Unspecified vulnerability in Web Cache. - CVE-2005-3453: Multiple unspecified vulnerabilities in Web Cache. - CVE-2006-0273: Unspecified vulnerability in the Portal component. - CVE-2006-0274: Unspecified vulnerability in the Oracle Reports Developer component. - CVE-2006-0275: Unspecified vulnerability in the Oracle Reports Developer component. - CVE-2006-0282: Unspecified vulnerability. - CVE-2006-0283: Unspecified vulnerability. - CVE-2006-0284: Multiple unspecified vulnerabilities. - CVE-2006-0285: Unspecified vulnerability in the Java Net component. - CVE-2006-0286: Unspecified vulnerability in HTTP Server. - CVE-2006-0287: Unspecified vulnerability in HTTP Server. - CVE-2006-0288: Multiple unspecified vulnerabilities in the Oracle Reports Developer component. - CVE-2006-0289: Multiple unspecified vulnerabilities. - CVE-2006-0290: Unspecified vulnerability in the Oracle Workflow Cartridge component. - CVE-2006-0291: Multiple unspecified vulnerabilities in the Oracle Workflow Cartridge component. - CVE-2006-0435: Unspecified vulnerability in Oracle PL/SQL. - CVE-2006-0552: Unspecified vulnerability in the Net Listener component. - CVE-2006-0586: Multiple SQL injection vulnerabilities. - CVE-2006-1884: Unspecified vulnerability in the Oracle Thesaurus Management System component. - CVE-2006-3706: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3707: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3708: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3709: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3710: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3711: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3712: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3713: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-3714: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5353: Unspecified vulnerability in HTTP Server. - CVE-2006-5354: Unspecified vulnerability in HTTP Server. - CVE-2006-5355: Unspecified vulnerability in Single Sign-On. - CVE-2006-5356: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5357: Unspecified vulnerability in HTTP Server. - CVE-2006-5358: Unspecified vulnerability in the Oracle Forms component. - CVE-2006-5359: Multiple unspecified vulnerabilities in Oracle Reports Developer component. - CVE-2006-5360: Unspecified vulnerability in Oracle Forms component. - CVE-2006-5361: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5362: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5363: Unspecified vulnerability in Single Sign-On. - CVE-2006-5364: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2006-5365: Unspecified vulnerability in Oracle Forms. - CVE-2006-5366: Multiple unspecified vulnerabilities. - CVE-2007-0222: Directory traversal vulnerability in EmChartBean. - CVE-2007-0275: Cross-site scripting vulnerability in Oracle Reports Web Cartridge (RWCGI60). - CVE-2007-0280: Buffer overflow in Oracle Notification Service. - CVE-2007-0281: Multiple unspecified vulnerabilities in HTTP Server. - CVE-2007-0282: Unspecified vulnerability in OPMN02. - CVE-2007-0283: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2007-0284: Multiple unspecified vulnerabilities in Oracle Containers for J2EE. - CVE-2007-0285: Unspecified vulnerability in Oracle Reports Developer. - CVE-2007-0286: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2007-0287: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2007-0288: Unspecified vulnerability in Oracle Internet Directory. - CVE-2007-0289: Multiple unspecified vulnerabilities in Oracle Containers for J2EE. - CVE-2007-1359: Improper access control in mod_security. - CVE-2007-1609: Cross-site scripting vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS). - CVE-2007-2119: Cross-site scripting vulnerability in the Administration Front End for Oracle Enterprise (Ultra) Search. - CVE-2007-2120: Denial of service in the Oracle Discoverer servlet. - CVE-2007-2121: Unspecified vulnerability in the COREid Access component. - CVE-2007-2122: Unspecified vulnerability in the Wireless component. - CVE-2007-2123: Unspecified vulnerability in the Portal component. - CVE-2007-2124: Unspecified vulnerability in the Portal component. - CVE-2007-2130: Unspecified vulnerability in Workflow Cartridge. - CVE-2007-3553: Cross-site scripting vulnerability in Rapid Install Web Server. - CVE-2007-3854: Multiple unspecified vulnerabilities in the Advanced Queuing component and the Spatial component. - CVE-2007-3859: Unspecified vulnerability in the Oracle Internet Directory component. - CVE-2007-3861: Unspecified vulnerability in Oracle Jdeveloper. - CVE-2007-3862: Unspecified vulnerability in Single Sign-On. - CVE-2007-3863: Unspecified vulnerability in Oracle JDeveloper. - CVE-2007-5516: Unspecified vulnerability in the Oracle Process Mgmt & Notification component. - CVE-2007-5517: Unspecified vulnerability in the Oracle Portal component. - CVE-2007-5518: Unspecified vulnerability in HTTP Server. - CVE-2007-5519: Unspecified vulnerability in the Oracle Portal component. - CVE-2007-5520: Unspecified vulnerability in the Oracle Internet Directory component. - CVE-2007-5521: Unspecified vulnerability in Oracle Containers for J2EE. - CVE-2007-5522: Unspecified vulnerability in the Oracle Portal component. - CVE-2007-5523: Unspecified vulnerability in the Oracle Internet Directory component. - CVE-2007-5524: Unspecified vulnerability in Single Sign-On. - CVE-2007-5525: Unspecified vulnerability in Single Sign-On. - CVE-2007-5526: Unspecified vulnerability in the Oracle Portal component. - CVE-2007-5531: Unspecified vulnerability in Oracle Help for Web. - CVE-2008-0340: Multiple unspecified vulnerabilities in the Advanced Queuing component and Spatial component. - CVE-2008-0343: Unspecified vulnerability in the Oracle Spatial component. - CVE-2008-0344: Unspecified vulnerability in the Oracle Spatial component. - CVE-2008-0345: Unspecified vulnerability in the Core RDBMS component. - CVE-2008-0346: Unspecified vulnerability in the Oracle Jinitiator component. - CVE-2008-0347: Unspecified vulnerability in the Oracle Ultra Search component. - CVE-2008-0348: Multiple unspecified vulnerabilities in the PeopleTools component. - CVE-2008-0349: Unspecified vulnerability in the PeopleTools component. - CVE-2008-1812: Unspecified vulnerability in the Oracle Enterprise Manager component. - CVE-2008-1814: Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component. - CVE-2008-1823: Unspecified vulnerability in the Oracle Jinitiator component. - CVE-2008-1824: Unspecified vulnerability in the Oracle Dynamic Monitoring Service component. - CVE-2008-1825: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2583: Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component. - CVE-2008-2588: Unspecified vulnerability in the Oracle JDeveloper component. - CVE-2008-2589: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2593: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2594: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2595: Unspecified vulnerability in the Oracle Internet Directory component. - CVE-2008-2609: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-2612: Unspecified vulnerability in the Hyperion BI Plus component. - CVE-2008-2614: Unspecified vulnerability in HTTP Server. - CVE-2008-2619: Unspecified vulnerability in the Oracle Reports Developer component. - CVE-2008-2623: Unspecified vulnerability in the Oracle JDeveloper component. - CVE-2008-3975: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-3977: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-3986: Unspecified vulnerability in the Oracle Discoverer Administrator component. - CVE-2008-3987: Unspecified vulnerability in the Oracle Discoverer Desktop component. - CVE-2008-4014: Unspecified vulnerability in the Oracle BPEL Process Manager component. - CVE-2008-4017: Unspecified vulnerability in the OC4J component. - CVE-2008-5438: Unspecified vulnerability in the Oracle Portal component. - CVE-2008-7233: Unspecified vulnerability in the Oracle Jinitiator component. - CVE-2009-0217: Signature spoofing vulnerability in multiple components. - CVE-2009-0989: Unspecified vulnerability in the BI Publisher component. - CVE-2009-0990: Unspecified vulnerability in the BI Publisher component. - CVE-2009-0994: Unspecified vulnerability in the BI Publisher component. - CVE-2009-1008: Unspecified vulnerability in the Outside In Technology component. - CVE-2009-1009: Unspecified vulnerability in the Outside In Technology component. - CVE-2009-1010: Unspecified vulnerability in the Outside In Technology component. - CVE-2009-1011: Unspecified vulnerability in the Outside In Technology component. - CVE-2009-1017: Unspecified vulnerability in the BI Publisher component. - CVE-2009-1976: Unspecified vulnerability in HTTP Server. - CVE-2009-1990: Unspecified vulnerability in the Business Intelligence Enterprise Edition component. - CVE-2009-1999: Unspecified vulnerability in the Business Intelligence Enterprise Edition component. - CVE-2009-3407: Unspecified vulnerability in the Portal component. - CVE-2009-3412: Unspecified vulnerability in the Unzip component. - CVE-2010-0066: Unspecified vulnerability in the Access Manager Identity Server component. - CVE-2010-0067: Unspecified vulnerability in the Oracle Containers for J2EE component. - CVE-2010-0070: Unspecified vulnerability in the Oracle Containers for J2EE component. - CVE-2011-0789: Unspecified vulnerability in HTTP Server. - CVE-2011-0795: Unspecified vulnerability in Single Sign-On. - CVE-2011-0884: Unspecified vulnerability in the Oracle BPEL Process Manager component. - CVE-2011-2237: Unspecified vulnerability in the Oracle Web Services Manager component. - CVE-2011-2314: Unspecified vulnerability in the Oracle Containers for J2EE component. - CVE-2011-3523: Unspecified vulnerability in the Oracle Web Services Manager component. last seen 2020-06-01 modified 2020-06-02 plugin id 57619 published 2012-01-24 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57619 title Oracle Application Server Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1201.NASL description Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the last seen 2020-06-01 modified 2020-06-02 plugin id 40510 published 2009-08-07 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40510 title RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1201) NASL family Windows NASL id SUN_JAVA_JRE_263408.NASL description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 / 1.3.1_26. Such version are potentially affected by the following security issues : - A vulnerability in the JRE audio system may allow system properties to be accessed. (263408) - A privilege escalation vulnerability may exist in the JRE SOCKS proxy implementation. (263409) - An integer overflow vulnerability when parsing JPEG images may allow an untrusted Java Web Start application to escalate privileges. (263428) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation may allow authentication to be bypassed. (263429) - An integer overflow vulnerability with unpacking applets and Java Web start applications using the last seen 2020-06-01 modified 2020-06-02 plugin id 40495 published 2009-08-05 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40495 title Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-090827.NASL description The XML signature checker did not impose limits on the minimum length of HMAC signatures in XML documentes. Attackers could therefore specify a length of e.g. 1 to make the signature appear valid and therefore effectively bypass verification of XML documents. (CVE-2009-0217) The WebStart component does not allow to run unsigned code in some cases. (CVE-2009-1896) A NULL pointer dereference was fixed in the LittleCMS component. (CVE-2009-0793) last seen 2020-06-01 modified 2020-06-02 plugin id 40818 published 2009-08-31 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40818 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1252) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1995.NASL description Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. - CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. - CVE-2009-2949 Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. - CVE-2009-2950 Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. - CVE-2009-3301/ CVE-2009-3302 Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 44859 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44859 title Debian DSA-1995-1 : openoffice.org - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-6883.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2009-0217) This also provides the maintenance update to OpenOffice.org-3.2. last seen 2020-06-01 modified 2020-06-02 plugin id 51684 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51684 title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6883) NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-6884.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2009-0217) This also provides the maintenance update to OpenOffice.org-3.2. last seen 2020-06-01 modified 2020-06-02 plugin id 51685 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51685 title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6884) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-209.NASL description Multiple Java OpenJDK security vulnerabilities has been identified and fixed : The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation specifies an HMAC truncation length (HMACOutputLength) but does not require a minimum for its length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits (CVE-2009-0217). The Java Web Start framework does not properly check all application jar files trust and this allows context-dependent attackers to execute arbitrary code via a crafted application, related to NetX (CVE-2009-1896). Some variables and data structures without the final keyword definition allows context-depend attackers to obtain sensitive information. The target variables and data structures are stated as follow: (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS (CVE-2009-2475). The Java Management Extensions (JMX) implementation does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object (CVE-2009-2476). A flaw in the Xerces2 as used in OpenJDK allows remote attackers to cause denial of service via a malformed XML input (CVE-2009-2625). The audio system does not prevent access to java.lang.System properties either by untrusted applets and Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties (CVE-2009-2670). A flaw in the SOCKS proxy implementation allows remote attackers to discover the user name of the account that invoked either an untrusted applet or Java Web Start application via unspecified vectors (CVE-2009-2671). A flaw in the proxy mechanism implementation allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword (CVE-2009-2673). An integer overflow in the JPEG images parsing allows context-dependent attackers to gain privileges via an untrusted Java Web Start application that grants permissions to itself (CVE-2009-2674). An integer overflow in the unpack200 utility decompression allows context-dependent attackers to gain privileges via vectors involving either an untrusted applet or Java Web Start application that grants permissions to itself (CVE-2009-2675). A flaw in the JDK13Services.getProviders grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions either via an untrusted applet or application (CVE-2009-2689). A flaw in the OpenJDK last seen 2020-06-01 modified 2020-06-02 plugin id 40694 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40694 title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1201.NASL description Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the last seen 2020-06-01 modified 2020-06-02 plugin id 43774 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43774 title CentOS 5 : java-1.6.0-openjdk (CESA-2009:1201) NASL family SuSE Local Security Checks NASL id SUSE_11_OPENOFFICE_ORG-100225.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness. (CVE-2009-0217) - XPM Import Integer Overflow. (CVE-2009-2949) - GIF Import Heap Overflow. (CVE-2009-2950) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3301) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3302) - In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2010-0136) This also provides the maintenance update to OpenOffice.org-3.2. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.0.html last seen 2020-06-01 modified 2020-06-02 plugin id 51594 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51594 title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1649.NASL description Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP07. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.3.0.CP06. These updated packages include bug fixes and enhancements which are detailed in the Release Notes, available shortly from: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform / The following security issues are also fixed with this release : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xml-security. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Swatej Kumar discovered cross-site scripting (XSS) flaws in the JBoss Application Server Web Console. An attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user last seen 2020-06-01 modified 2020-06-02 plugin id 63905 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63905 title RHEL 5 : JBoss EAP (RHSA-2009:1649) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_5_UPDATE5.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 5. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user. last seen 2020-03-18 modified 2009-09-03 plugin id 40873 published 2009-09-03 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40873 title Mac OS X : Java for Mac OS X 10.5 Update 5 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_128641.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 35421 published 2009-01-19 reporter This script is Copyright (C) 2009-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35421 title Solaris 9 (x86) : 128641-30 NASL family SuSE Local Security Checks NASL id SUSE_11_1_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100211.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. last seen 2020-06-01 modified 2020-06-02 plugin id 45073 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45073 title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1981) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1849.NASL description It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. last seen 2020-06-01 modified 2020-06-02 plugin id 44714 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44714 title Debian DSA-1849-1 : xml-security-c - design flaw NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1637.NASL description Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP08. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.2.0.CP07. These updated packages include bug fixes and enhancements which are detailed in the Release Notes, available shortly from: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform / The following security issues are also fixed with this release : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xml-security. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Swatej Kumar discovered cross-site scripting (XSS) flaws in the JBoss Application Server Web Console. An attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user last seen 2020-06-01 modified 2020-06-02 plugin id 63904 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63904 title RHEL 4 : JBoss EAP (RHSA-2009:1637) NASL family Windows NASL id OPENOFFICE_32.NASL description The version of Sun Microsystems OpenOffice.org installed on the remote host is prior to version 3.2. It is, therefore, affected by several issues : - Signatures may not be handled properly due to a vulnerability in the libxml2 library. (CVE-2006-4339) - There is an HMAC truncation authentication bypass vulnerability in the libxmlsec library. (CVE-2009-0217) - The application is bundled with a vulnerable version of the Microsoft VC++ runtime. (CVE-2009-2493) - Specially crafted XPM files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2949) - Specially crafted GIF files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2950) - Specially crafted Microsoft Word documents are not processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / CVE-2009-3302) last seen 2020-06-01 modified 2020-06-02 plugin id 44597 published 2010-02-12 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44597 title Sun OpenOffice.org < 3.2 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-268.NASL description Multiple vulnerabilities has been found and corrected in mono : Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren) (CVE-2008-3422). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 42095 published 2009-10-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42095 title Mandriva Linux Security Advisory : mono (MDVSA-2009:268) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8157.NASL description Fixes CVE-2009-0217 (#511915) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40454 published 2009-08-01 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40454 title Fedora 11 : xml-security-c-1.5.1-1.fc11 (2009-8157) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-13.NASL description The remote host is affected by the vulnerability described in GLSA-201206-13 (Mono: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code, bypass general constraints, obtain the source code for .aspx applications, obtain other sensitive information, cause a Denial of Service, modify internal data structures, or corrupt the internal state of the security manager. A local attacker could entice a user into running Mono debugger in a directory containing a specially crafted library file to execute arbitrary code with the privileges of the user running Mono debugger. A context-dependent attacker could bypass the authentication mechanism provided by the XML Signature specification. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59651 published 2012-06-22 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59651 title GLSA-201206-13 : Mono: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_OPENOFFICE_ORG-100226.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness. (CVE-2009-0217) - XPM Import Integer Overflow. (CVE-2009-2949) - GIF Import Heap Overflow. (CVE-2009-2950) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3301) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3302) - In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2010-0136) This also provides the maintenance update to OpenOffice.org-3.2. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.0.html last seen 2020-06-01 modified 2020-06-02 plugin id 45064 published 2010-03-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45064 title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_141710.NASL description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, _x86: SVR. Date this patch was last updated by Sun : Jan/08/10 last seen 2020-06-01 modified 2020-06-02 plugin id 39005 published 2009-06-03 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39005 title Solaris 9 (x86) : 141710-03 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1636.NASL description Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP07. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.3.0.CP06. These updated packages include bug fixes and enhancements which are detailed in the Release Notes, available shortly from: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform / The following security issues are also fixed with this release : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xml-security. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Swatej Kumar discovered cross-site scripting (XSS) flaws in the JBoss Application Server Web Console. An attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user last seen 2020-06-01 modified 2020-06-02 plugin id 63903 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63903 title RHEL 4 : JBoss EAP (RHSA-2009:1636) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-826-1.NASL description It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3422) It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data (such as passwords), or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-3906). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40794 published 2009-08-27 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40794 title Ubuntu 8.04 LTS / 8.10 / 9.04 : mono vulnerabilities (USN-826-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_128640-30.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. last seen 2020-06-01 modified 2020-06-02 plugin id 107469 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107469 title Solaris 10 (sparc) : 128640-30 NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-322.NASL description Multiple vulnerabilities has been found and corrected in mono : IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers (CVE-2007-5197). Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren) (CVE-2008-3422). CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string (CVE-2008-3906). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers The updated packages have been patched to fix these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43041 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43041 title Mandriva Linux Security Advisory : mono (MDVSA-2009:322) NASL family Solaris Local Security Checks NASL id SOLARIS10_125136-71.NASL description JavaSE 6: update 71 patch (equivalent to JDK 6u71). Date this patch was last updated by Sun : Jan/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107415 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107415 title Solaris 10 (sparc) : 125136-71 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1428.NASL description Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 40894 published 2009-09-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40894 title CentOS 4 / 5 : xmlsec1 (CESA-2009:1428) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1201.NASL description From Red Hat Security Advisory 2009:1201 : Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the last seen 2020-06-01 modified 2020-06-02 plugin id 67905 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67905 title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1201) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1428.NASL description Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 40902 published 2009-09-09 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40902 title RHEL 4 / 5 : xmlsec1 (RHSA-2009:1428) NASL family Solaris Local Security Checks NASL id SOLARIS9_141709.NASL description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, Solaris:. Date this patch was last updated by Sun : Jan/08/10 last seen 2020-06-01 modified 2020-06-02 plugin id 39004 published 2009-06-03 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39004 title Solaris 9 (sparc) : 141709-03 NASL family Fedora Local Security Checks NASL id FEDORA_2009-8329.NASL description Urgent security updates have been included Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40507 published 2009-08-07 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40507 title Fedora 11 : java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 (2009-8329) NASL family Solaris Local Security Checks NASL id SOLARIS10_141709.NASL description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, Solaris:. Date this patch was last updated by Sun : Jan/08/10 This plugin has been deprecated and either replaced with individual 141709 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39002 published 2009-06-03 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39002 title Solaris 10 (sparc) : 141709-03 (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-100105.NASL description IBM Java 6 was updated to Service Refresh 7. The following security issues were fixed : - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A command execution vulnerability in the Java Runtime Environment Deployment Toolkit might be used to run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3865) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - A security vulnerability in the Java Web Start Installer might be used to allow an untrusted Java Web Start application to run as a trusted application and run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3866) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217) Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application. last seen 2020-06-01 modified 2020-06-02 plugin id 43872 published 2010-01-13 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43872 title SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1748) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_6_0-IBM-091102.NASL description The IBM Java 6 JRE/SDK was updated to Service Release 6, fixing various bugs and security issues. The following security issues were fixed : - A security vulnerability in the JNLPAppletLauncher might impact users of the Sun JDK and JRE. Non-current versions of the JNLPAppletLauncher might be re-purposed with an untrusted Java applet to write arbitrary files on the system of the user downloading and running the untrusted applet. (CVE-2009-2676) The JNLPAppletLauncher is a general purpose JNLP-based applet launcher class for deploying applets that use extension libraries containing native code. - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) - A vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to access system properties. (CVE-2009-2670) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217) Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application. - A vulnerability in the Java Runtime Environment with the SOCKS proxy implementation might allow an untrusted applet or Java Web Start application to determine the username of the user running the applet or application. (CVE-2009-2671 / CVE-2009-2672) A second vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to obtain browser cookies and leverage those cookies to hijack sessions. - A vulnerability in the Java Runtime Environment with the proxy mechanism implementation might allow an untrusted applet or Java Web Start application to make non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-2674) - An integer overflow vulnerability in the Java Runtime Environment with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility might allow an untrusted applet or application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-2675) - A vulnerability in the Java Runtime Environment (JRE) with parsing XML data might allow a remote client to create a denial-of-service condition on the system that the JRE runs on. (CVE-2009-2625) last seen 2020-06-01 modified 2020-06-02 plugin id 42396 published 2009-11-05 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42396 title SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1497) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_141710.NASL description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, _x86: SVR. Date this patch was last updated by Sun : Jan/08/10 This plugin has been deprecated and either replaced with individual 141710 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 39003 published 2009-06-03 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=39003 title Solaris 10 (x86) : 141710-03 (deprecated) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS10-041.NASL description A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 46848 published 2010-06-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46848 title MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) NASL family Solaris Local Security Checks NASL id SOLARIS10_128640.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 128640 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 35409 published 2009-01-19 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=35409 title Solaris 10 (sparc) : 128640-30 (deprecated) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-267.NASL description A vulnerability has been found and corrected in xmlsec1 : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). This update fixes this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 42092 published 2009-10-12 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42092 title Mandriva Linux Security Advisory : xmlsec1 (MDVSA-2009:267) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0043.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.3. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) Users of Red Hat Network Satellite Server 5.3 are advised to upgrade to these updated java-1.6.0-ibm packages, which resolve these issues. For this update to take effect, Red Hat Network Satellite Server must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 44029 published 2010-01-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44029 title RHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043) NASL family Scientific Linux Local Security Checks NASL id SL_20090908_XMLSEC1_ON_SL4_X.NASL description CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60663 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60663 title Scientific Linux Security Update : xmlsec1 on SL4.x, SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_141709-03.NASL description Sun GlassFish Enterprise Server v2.1.1 Security Patch01, Solaris:. Date this patch was last updated by Sun : Jan/08/10 last seen 2020-06-01 modified 2020-06-02 plugin id 107528 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107528 title Solaris 10 (sparc) : 141709-03 NASL family SuSE Local Security Checks NASL id SUSE_11_2_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100216.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. last seen 2020-06-01 modified 2020-06-02 plugin id 45075 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45075 title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1980) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1694.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 43597 published 2009-12-27 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43597 title RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1694) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1428.NASL description From Red Hat Security Advisory 2009:1428 : Updated xmlsec1 packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67921 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67921 title Oracle Linux 4 / 5 : xmlsec1 (ELSA-2009-1428) NASL family Scientific Linux Local Security Checks NASL id SL_20090824_JAVA__JDK_1_6_0__ON_SL4_X.NASL description CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524) CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071) CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497) CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373) CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335) CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701) CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,66600 49,6660539,6813167) CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293) CVE-2009-2690 OpenJDK private variable information disclosure (6777487) CVE-2009-2676 JRE applet launcher vulnerability All running instances of Sun Java must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60645 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60645 title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C97D7A37223311DF96DD001B2134EF46.NASL description OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.2 CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime CVE-2009-2949: Potential vulnerability related to XPM file processing CVE-2009-2950: Potential vulnerability related to GIF file processing CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing last seen 2020-06-01 modified 2020-06-02 plugin id 44922 published 2010-03-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44922 title FreeBSD : openoffice.org -- multiple vulnerabilities (c97d7a37-2233-11df-96dd-001b2134ef46) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_708C65A57C5811DEA9940030843D3802.NASL description Secunia reports : A security issue has been reported in Mono, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to an error when processing certain XML signatures. last seen 2020-06-01 modified 2020-06-02 plugin id 40429 published 2009-07-30 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40429 title FreeBSD : mono -- XML signature HMAC truncation spoofing (708c65a5-7c58-11de-a994-0030843d3802) NASL family Misc. NASL id SUN_JAVA_JRE_263408_UNIX.NASL description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 15 / 5.0 Update 20 / 1.4.2_22 / 1.3.1_26. Such version are potentially affected by the following security issues : - A vulnerability in the JRE audio system may allow system properties to be accessed. (263408) - A privilege escalation vulnerability may exist in the JRE SOCKS proxy implementation. (263409) - An integer overflow vulnerability when parsing JPEG images may allow an untrusted Java Web Start application to elevate privileges. (263428) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation may allow authentication to be bypassed. (263429) - An integer overflow vulnerability with unpacking applets and Java Web start applications using the last seen 2020-06-01 modified 2020-06-02 plugin id 64830 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64830 title Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..) (Unix) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1200.NASL description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the last seen 2020-06-01 modified 2020-06-02 plugin id 40749 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40749 title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1200) NASL family Solaris Local Security Checks NASL id SOLARIS10_125136.NASL description JavaSE 6: update 101 patch (equivalent to. Date this patch was last updated by Sun : Jul/13/15 This plugin has been deprecated and either replaced with individual 125136 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26984 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26984 title Solaris 10 (sparc) : 125136-97 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_128641.NASL description Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. This plugin has been deprecated and either replaced with individual 128641 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 35415 published 2009-01-19 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=35415 title Solaris 10 (x86) : 128641-30 (deprecated) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1650.NASL description Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5 as JBEAP 4.2.0.CP08. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.2.0.CP07. These updated packages include bug fixes and enhancements which are detailed in the Release Notes, available shortly from: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform / The following security issues are also fixed with this release : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xml-security. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Swatej Kumar discovered cross-site scripting (XSS) flaws in the JBoss Application Server Web Console. An attacker could use these flaws to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user last seen 2020-06-01 modified 2020-06-02 plugin id 63906 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63906 title RHEL 5 : JBoss EAP (RHSA-2009:1650) NASL family Fedora Local Security Checks NASL id FEDORA_2009-8121.NASL description Fixes CVE-2009-0217 (#511915) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40451 published 2009-08-01 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40451 title Fedora 10 : xml-security-c-1.5.1-1.fc10 (2009-8121) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-269.NASL description A vulnerability has been found and corrected in mono : The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation (CVE-2009-0217). This update fixes this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 48155 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48155 title Mandriva Linux Security Advisory : mono (MDVSA-2009:269)
Oval
accepted 2013-04-29T04:03:03.908-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description and bypass authentication by specifying a truncation length with a small number of bits. family unix id oval:org.mitre.oval:def:10186 status accepted submitted 2010-07-09T03:56:16-04:00 title and bypass authentication by specifying a truncation length with a small number of bits. version 28 accepted 2014-08-18T04:06:24.788-04:00 class vulnerability contributors name Dragos Prisaca organization Symantec Corporation name J. Daniel Brown organization DTCC name Dragos Prisaca organization Symantec Corporation name Sharath S organization SecPod Technologies name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft .NET Framework 1.1 Service Pack 1 is Installed oval oval:org.mitre.oval:def:1834 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft .NET Framework 1.1 Service Pack 1 is Installed oval oval:org.mitre.oval:def:1834 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft .NET Framework 3.5 Original Release is installed oval oval:org.mitre.oval:def:6689 comment Microsoft Windows 2000 is installed oval oval:org.mitre.oval:def:85 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft .NET Framework 2.0 Service Pack 2 is installed oval oval:org.mitre.oval:def:6158 comment Microsoft .NET Framework 3.5 SP1 is installed oval oval:org.mitre.oval:def:12542 comment Microsoft Windows XP (32-bit) is installed oval oval:org.mitre.oval:def:1353 comment Microsoft Windows XP x64 is installed oval oval:org.mitre.oval:def:15247 comment Microsoft Windows Server 2003 (32-bit) is installed oval oval:org.mitre.oval:def:1870 comment Microsoft Windows Server 2003 (x64) is installed oval oval:org.mitre.oval:def:730 comment Microsoft Windows Server 2003 (ia64) Gold is installed oval oval:org.mitre.oval:def:396 comment Microsoft .NET Framework 3.5 Original Release is installed oval oval:org.mitre.oval:def:6689 comment Microsoft Windows Vista (32-bit) is installed oval oval:org.mitre.oval:def:1282 comment Microsoft Windows Vista x64 Edition is installed oval oval:org.mitre.oval:def:2041 comment Microsoft Windows Server 2008 (32-bit) is installed oval oval:org.mitre.oval:def:4870 comment Microsoft Windows Server 2008 (64-bit) is installed oval oval:org.mitre.oval:def:5356 comment Microsoft Windows Server 2008 (ia-64) is installed oval oval:org.mitre.oval:def:5667 comment Microsoft .NET Framework 3.5 SP1 is installed oval oval:org.mitre.oval:def:12542 comment Microsoft Windows 7 (32-bit) is installed oval oval:org.mitre.oval:def:6165 comment Microsoft Windows 7 x64 Edition is installed oval oval:org.mitre.oval:def:5950 comment Microsoft Windows Server 2008 R2 x64 Edition is installed oval oval:org.mitre.oval:def:6438 comment Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed oval oval:org.mitre.oval:def:5954 comment Microsoft .NET Framework 3.5 SP1 is installed oval oval:org.mitre.oval:def:12542
description The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. family windows id oval:org.mitre.oval:def:7158 status accepted submitted 2010-06-08T13:00:00 title XML Signature HMAC Truncation Authentication Bypass Vulnerability version 46 accepted 2015-04-20T04:02:41.445-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits. family unix id oval:org.mitre.oval:def:8717 status accepted submitted 2010-03-22T17:00:25.000-04:00 title HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities version 47
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Related news
References
- http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161
- http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7
- http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
- http://marc.info/?l=bugtraq&m=125787273209737&w=2
- http://osvdb.org/55895
- http://osvdb.org/55907
- http://secunia.com/advisories/34461
- http://secunia.com/advisories/35776
- http://secunia.com/advisories/35852
- http://secunia.com/advisories/35853
- http://secunia.com/advisories/35854
- http://secunia.com/advisories/35855
- http://secunia.com/advisories/35858
- http://secunia.com/advisories/36162
- http://secunia.com/advisories/36176
- http://secunia.com/advisories/36180
- http://secunia.com/advisories/36494
- http://secunia.com/advisories/37300
- http://secunia.com/advisories/37671
- http://secunia.com/advisories/37841
- http://secunia.com/advisories/38567
- http://secunia.com/advisories/38568
- http://secunia.com/advisories/38695
- http://secunia.com/advisories/38921
- http://secunia.com/advisories/41818
- http://secunia.com/advisories/60799
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1
- http://svn.apache.org/viewvc?revision=794013&view=revision
- http://www.aleksey.com/xmlsec/
- http://www.debian.org/security/2010/dsa-1995
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.kb.cert.org/vuls/id/466161
- http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ
- http://www.kb.cert.org/vuls/id/WDON-7TY529
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
- http://www.mono-project.com/Vulnerabilities
- http://www.openoffice.org/security/cves/CVE-2009-0217.html
- http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- http://www.redhat.com/support/errata/RHSA-2009-1694.html
- http://www.securityfocus.com/bid/35671
- http://www.securitytracker.com/id?1022561
- http://www.securitytracker.com/id?1022567
- http://www.securitytracker.com/id?1022661
- http://www.ubuntu.com/usn/USN-903-1
- http://www.us-cert.gov/cas/techalerts/TA09-294A.html
- http://www.us-cert.gov/cas/techalerts/TA10-159B.html
- http://www.vupen.com/english/advisories/2009/1900
- http://www.vupen.com/english/advisories/2009/1908
- http://www.vupen.com/english/advisories/2009/1909
- http://www.vupen.com/english/advisories/2009/1911
- http://www.vupen.com/english/advisories/2009/2543
- http://www.vupen.com/english/advisories/2009/3122
- http://www.vupen.com/english/advisories/2010/0366
- http://www.vupen.com/english/advisories/2010/0635
- http://www.w3.org/2008/06/xmldsigcore-errata.html#e03
- http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
- http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere
- http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere
- http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925
- https://bugzilla.redhat.com/show_bug.cgi?id=511915
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041
- https://issues.apache.org/bugzilla/show_bug.cgi?id=47526
- https://issues.apache.org/bugzilla/show_bug.cgi?id=47527
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717
- https://rhn.redhat.com/errata/RHSA-2009-1200.html
- https://rhn.redhat.com/errata/RHSA-2009-1201.html
- https://rhn.redhat.com/errata/RHSA-2009-1428.html
- https://rhn.redhat.com/errata/RHSA-2009-1636.html
- https://rhn.redhat.com/errata/RHSA-2009-1637.html
- https://rhn.redhat.com/errata/RHSA-2009-1649.html
- https://rhn.redhat.com/errata/RHSA-2009-1650.html
- https://usn.ubuntu.com/826-1/
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html
- https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html