Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for weblogic_server_component by oracle

    CVE-2009-0217 (GCVE-0-2009-0217)

    Vulnerability from nvd – Published: 2009-07-14 23:00 – Updated: 2024-08-07 04:24
    VLAI
    Summary
    The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://rhn.redhat.com/errata/RHSA-2009-1428.html vendor-advisoryx_refsource_REDHAT
    http://www.vupen.com/english/advisories/2009/3122 vdb-entryx_refsource_VUPEN
    http://www.openoffice.org/security/cves/CVE-2009-… x_refsource_CONFIRM
    https://issues.apache.org/bugzilla/show_bug.cgi?i… x_refsource_CONFIRM
    http://secunia.com/advisories/60799 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20140… vendor-advisoryx_refsource_GENTOO
    http://www-01.ibm.com/support/docview.wss?rs=180&… vendor-advisoryx_refsource_AIXAPAR
    https://rhn.redhat.com/errata/RHSA-2009-1200.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/35776 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36162 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36494 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/2543 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/35858 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/38695 third-party-advisoryx_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://www.debian.org/security/2010/dsa-1995 vendor-advisoryx_refsource_DEBIAN
    http://marc.info/?l=bugtraq&m=125787273209737&w=2 vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35853 third-party-advisoryx_refsource_SECUNIA
    https://rhn.redhat.com/errata/RHSA-2009-1637.html vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2009-16… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/35852 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/35854 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/34461 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/WDON-7TY529 x_refsource_CONFIRM
    http://www.mono-project.com/Vulnerabilities x_refsource_CONFIRM
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://www.ubuntu.com/usn/USN-903-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/35671 vdb-entryx_refsource_BID
    https://issues.apache.org/bugzilla/show_bug.cgi?i… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2010/0366 vdb-entryx_refsource_VUPEN
    http://osvdb.org/55907 vdb-entryx_refsource_OSVDB
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38567 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://blogs.sun.com/security/entry/cert_vulnerab… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/1900 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1022561 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://secunia.com/advisories/37671 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/466161 third-party-advisoryx_refsource_CERT-VN
    http://www.securitytracker.com/id?1022567 vdb-entryx_refsource_SECTRACK
    https://rhn.redhat.com/errata/RHSA-2009-1636.html vendor-advisoryx_refsource_REDHAT
    http://www-01.ibm.com/support/docview.wss?rs=180&… vendor-advisoryx_refsource_AIXAPAR
    https://rhn.redhat.com/errata/RHSA-2009-1649.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.us-cert.gov/cas/techalerts/TA09-294A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2009/1909 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2010/0635 vdb-entryx_refsource_VUPEN
    http://svn.apache.org/viewvc?revision=794013&view… x_refsource_CONFIRM
    http://secunia.com/advisories/38568 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36180 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.w3.org/2008/06/xmldsigcore-errata.html#e03 x_refsource_CONFIRM
    https://usn.ubuntu.com/826-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/37841 third-party-advisoryx_refsource_SECUNIA
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_CONFIRM
    http://secunia.com/advisories/35855 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/36176 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.w3.org/QA/2009/07/hmac_truncation_in_x… x_refsource_MISC
    http://www.vupen.com/english/advisories/2009/1908 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://git.gnome.org/cgit/xmlsec/commit/?id=34b34… x_refsource_CONFIRM
    http://www-01.ibm.com/support/docview.wss?rs=180&… x_refsource_CONFIRM
    http://secunia.com/advisories/41818 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1022661 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/37300 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1911 vdb-entryx_refsource_VUPEN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://rhn.redhat.com/errata/RHSA-2009-1201.html vendor-advisoryx_refsource_REDHAT
    http://git.gnome.org/cgit/xmlsec/patch/?id=34b349… x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ x_refsource_CONFIRM
    http://www.us-cert.gov/cas/techalerts/TA10-159B.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://osvdb.org/55895 vdb-entryx_refsource_OSVDB
    http://www.aleksey.com/xmlsec/ x_refsource_CONFIRM
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://secunia.com/advisories/38921 third-party-advisoryx_refsource_SECUNIA
    https://rhn.redhat.com/errata/RHSA-2009-1650.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=511915 x_refsource_CONFIRM
    Date Public
    2009-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:24:18.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2009:1428",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html"
              },
              {
                "name": "ADV-2009-3122",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3122"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"
              },
              {
                "name": "60799",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60799"
              },
              {
                "name": "GLSA-201408-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
              },
              {
                "name": "PK80596",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023545\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
              },
              {
                "name": "RHSA-2009:1200",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
              },
              {
                "name": "35776",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35776"
              },
              {
                "name": "36162",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36162"
              },
              {
                "name": "36494",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36494"
              },
              {
                "name": "ADV-2009-2543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/2543"
              },
              {
                "name": "35858",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35858"
              },
              {
                "name": "38695",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38695"
              },
              {
                "name": "269208",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"
              },
              {
                "name": "DSA-1995",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-1995"
              },
              {
                "name": "HPSBUX02476",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
              },
              {
                "name": "35853",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35853"
              },
              {
                "name": "RHSA-2009:1637",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
              },
              {
                "name": "RHSA-2009:1694",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
              },
              {
                "name": "35852",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35852"
              },
              {
                "name": "35854",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35854"
              },
              {
                "name": "34461",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34461"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/WDON-7TY529"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "name": "1020710",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"
              },
              {
                "name": "USN-903-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-903-1"
              },
              {
                "name": "35671",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35671"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"
              },
              {
                "name": "ADV-2010-0366",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0366"
              },
              {
                "name": "55907",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/55907"
              },
              {
                "name": "MDVSA-2009:209",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
              },
              {
                "name": "SUSE-SA:2010:017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
              },
              {
                "name": "38567",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38567"
              },
              {
                "name": "FEDORA-2009-8329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
              },
              {
                "name": "263429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"
              },
              {
                "name": "SSRT090250",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
              },
              {
                "name": "ADV-2009-1900",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1900"
              },
              {
                "name": "1022561",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022561"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
              },
              {
                "name": "37671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37671"
              },
              {
                "name": "VU#466161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/466161"
              },
              {
                "name": "1022567",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022567"
              },
              {
                "name": "RHSA-2009:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
              },
              {
                "name": "PK80627",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023723\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
              },
              {
                "name": "RHSA-2009:1649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
              },
              {
                "name": "TA09-294A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
              },
              {
                "name": "ADV-2009-1909",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1909"
              },
              {
                "name": "ADV-2010-0635",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0635"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.apache.org/viewvc?revision=794013\u0026view=revision"
              },
              {
                "name": "38568",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38568"
              },
              {
                "name": "36180",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36180"
              },
              {
                "name": "FEDORA-2009-8456",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"
              },
              {
                "name": "USN-826-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/826-1/"
              },
              {
                "name": "37841",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37841"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
              },
              {
                "name": "35855",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35855"
              },
              {
                "name": "FEDORA-2009-8473",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"
              },
              {
                "name": "36176",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36176"
              },
              {
                "name": "oval:org.mitre.oval:def:7158",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"
              },
              {
                "name": "ADV-2009-1908",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1908"
              },
              {
                "name": "FEDORA-2009-8337",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg21384925"
              },
              {
                "name": "41818",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41818"
              },
              {
                "name": "1022661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022661"
              },
              {
                "name": "37300",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37300"
              },
              {
                "name": "ADV-2009-1911",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1911"
              },
              {
                "name": "APPLE-SA-2009-09-03-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
              },
              {
                "name": "SUSE-SA:2009:053",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
              },
              {
                "name": "oval:org.mitre.oval:def:8717",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"
              },
              {
                "name": "RHSA-2009:1201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"
              },
              {
                "name": "TA10-159B",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10186",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"
              },
              {
                "name": "55895",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/55895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.aleksey.com/xmlsec/"
              },
              {
                "name": "MS10-041",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"
              },
              {
                "name": "38921",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38921"
              },
              {
                "name": "RHSA-2009:1650",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "RHSA-2009:1428",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html"
            },
            {
              "name": "ADV-2009-3122",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3122"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"
            },
            {
              "name": "60799",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60799"
            },
            {
              "name": "GLSA-201408-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
            },
            {
              "name": "PK80596",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023545\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
            },
            {
              "name": "RHSA-2009:1200",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
            },
            {
              "name": "35776",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35776"
            },
            {
              "name": "36162",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36162"
            },
            {
              "name": "36494",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36494"
            },
            {
              "name": "ADV-2009-2543",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2543"
            },
            {
              "name": "35858",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35858"
            },
            {
              "name": "38695",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38695"
            },
            {
              "name": "269208",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"
            },
            {
              "name": "DSA-1995",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1995"
            },
            {
              "name": "HPSBUX02476",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
            },
            {
              "name": "35853",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35853"
            },
            {
              "name": "RHSA-2009:1637",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
            },
            {
              "name": "RHSA-2009:1694",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
            },
            {
              "name": "35852",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35852"
            },
            {
              "name": "35854",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35854"
            },
            {
              "name": "34461",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34461"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/WDON-7TY529"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "1020710",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"
            },
            {
              "name": "USN-903-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-903-1"
            },
            {
              "name": "35671",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35671"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"
            },
            {
              "name": "ADV-2010-0366",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0366"
            },
            {
              "name": "55907",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/55907"
            },
            {
              "name": "MDVSA-2009:209",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
            },
            {
              "name": "SUSE-SA:2010:017",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
            },
            {
              "name": "38567",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38567"
            },
            {
              "name": "FEDORA-2009-8329",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
            },
            {
              "name": "263429",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"
            },
            {
              "name": "SSRT090250",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
            },
            {
              "name": "ADV-2009-1900",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1900"
            },
            {
              "name": "1022561",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022561"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
            },
            {
              "name": "37671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37671"
            },
            {
              "name": "VU#466161",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/466161"
            },
            {
              "name": "1022567",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022567"
            },
            {
              "name": "RHSA-2009:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
            },
            {
              "name": "PK80627",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023723\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
            },
            {
              "name": "RHSA-2009:1649",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
            },
            {
              "name": "TA09-294A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
            },
            {
              "name": "ADV-2009-1909",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1909"
            },
            {
              "name": "ADV-2010-0635",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0635"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.apache.org/viewvc?revision=794013\u0026view=revision"
            },
            {
              "name": "38568",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38568"
            },
            {
              "name": "36180",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36180"
            },
            {
              "name": "FEDORA-2009-8456",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"
            },
            {
              "name": "USN-826-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/826-1/"
            },
            {
              "name": "37841",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37841"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
            },
            {
              "name": "35855",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35855"
            },
            {
              "name": "FEDORA-2009-8473",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"
            },
            {
              "name": "36176",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36176"
            },
            {
              "name": "oval:org.mitre.oval:def:7158",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"
            },
            {
              "name": "ADV-2009-1908",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1908"
            },
            {
              "name": "FEDORA-2009-8337",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg21384925"
            },
            {
              "name": "41818",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41818"
            },
            {
              "name": "1022661",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022661"
            },
            {
              "name": "37300",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37300"
            },
            {
              "name": "ADV-2009-1911",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1911"
            },
            {
              "name": "APPLE-SA-2009-09-03-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
            },
            {
              "name": "SUSE-SA:2009:053",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
            },
            {
              "name": "oval:org.mitre.oval:def:8717",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"
            },
            {
              "name": "RHSA-2009:1201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"
            },
            {
              "name": "TA10-159B",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10186",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"
            },
            {
              "name": "55895",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/55895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.aleksey.com/xmlsec/"
            },
            {
              "name": "MS10-041",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"
            },
            {
              "name": "38921",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38921"
            },
            {
              "name": "RHSA-2009:1650",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2009-0217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2009:1428",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html"
                },
                {
                  "name": "ADV-2009-3122",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3122"
                },
                {
                  "name": "http://www.openoffice.org/security/cves/CVE-2009-0217.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
                },
                {
                  "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"
                },
                {
                  "name": "60799",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60799"
                },
                {
                  "name": "GLSA-201408-19",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
                },
                {
                  "name": "PK80596",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023545\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
                },
                {
                  "name": "RHSA-2009:1200",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
                },
                {
                  "name": "35776",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35776"
                },
                {
                  "name": "36162",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36162"
                },
                {
                  "name": "36494",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36494"
                },
                {
                  "name": "ADV-2009-2543",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/2543"
                },
                {
                  "name": "35858",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35858"
                },
                {
                  "name": "38695",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38695"
                },
                {
                  "name": "269208",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"
                },
                {
                  "name": "DSA-1995",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2010/dsa-1995"
                },
                {
                  "name": "HPSBUX02476",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
                },
                {
                  "name": "35853",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35853"
                },
                {
                  "name": "RHSA-2009:1637",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
                },
                {
                  "name": "RHSA-2009:1694",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
                },
                {
                  "name": "35852",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35852"
                },
                {
                  "name": "35854",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35854"
                },
                {
                  "name": "34461",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34461"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/WDON-7TY529",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/WDON-7TY529"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "1020710",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"
                },
                {
                  "name": "USN-903-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-903-1"
                },
                {
                  "name": "35671",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35671"
                },
                {
                  "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"
                },
                {
                  "name": "ADV-2010-0366",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/0366"
                },
                {
                  "name": "55907",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/55907"
                },
                {
                  "name": "MDVSA-2009:209",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
                },
                {
                  "name": "SUSE-SA:2010:017",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
                },
                {
                  "name": "38567",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38567"
                },
                {
                  "name": "FEDORA-2009-8329",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
                },
                {
                  "name": "263429",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"
                },
                {
                  "name": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"
                },
                {
                  "name": "SSRT090250",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
                },
                {
                  "name": "ADV-2009-1900",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1900"
                },
                {
                  "name": "1022561",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022561"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
                },
                {
                  "name": "37671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37671"
                },
                {
                  "name": "VU#466161",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/466161"
                },
                {
                  "name": "1022567",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022567"
                },
                {
                  "name": "RHSA-2009:1636",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
                },
                {
                  "name": "PK80627",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023723\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
                },
                {
                  "name": "RHSA-2009:1649",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
                },
                {
                  "name": "TA09-294A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
                },
                {
                  "name": "ADV-2009-1909",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1909"
                },
                {
                  "name": "ADV-2010-0635",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/0635"
                },
                {
                  "name": "http://svn.apache.org/viewvc?revision=794013\u0026view=revision",
                  "refsource": "CONFIRM",
                  "url": "http://svn.apache.org/viewvc?revision=794013\u0026view=revision"
                },
                {
                  "name": "38568",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38568"
                },
                {
                  "name": "36180",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36180"
                },
                {
                  "name": "FEDORA-2009-8456",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"
                },
                {
                  "name": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03",
                  "refsource": "CONFIRM",
                  "url": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"
                },
                {
                  "name": "USN-826-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/826-1/"
                },
                {
                  "name": "37841",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37841"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1",
                  "refsource": "CONFIRM",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
                },
                {
                  "name": "35855",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35855"
                },
                {
                  "name": "FEDORA-2009-8473",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"
                },
                {
                  "name": "36176",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36176"
                },
                {
                  "name": "oval:org.mitre.oval:def:7158",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"
                },
                {
                  "name": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html",
                  "refsource": "MISC",
                  "url": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"
                },
                {
                  "name": "ADV-2009-1908",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1908"
                },
                {
                  "name": "FEDORA-2009-8337",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
                },
                {
                  "name": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg21384925",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg21384925"
                },
                {
                  "name": "41818",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/41818"
                },
                {
                  "name": "1022661",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022661"
                },
                {
                  "name": "37300",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37300"
                },
                {
                  "name": "ADV-2009-1911",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1911"
                },
                {
                  "name": "APPLE-SA-2009-09-03-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
                },
                {
                  "name": "SUSE-SA:2009:053",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:8717",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"
                },
                {
                  "name": "RHSA-2009:1201",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
                },
                {
                  "name": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"
                },
                {
                  "name": "TA10-159B",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:10186",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"
                },
                {
                  "name": "55895",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/55895"
                },
                {
                  "name": "http://www.aleksey.com/xmlsec/",
                  "refsource": "CONFIRM",
                  "url": "http://www.aleksey.com/xmlsec/"
                },
                {
                  "name": "MS10-041",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"
                },
                {
                  "name": "38921",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38921"
                },
                {
                  "name": "RHSA-2009:1650",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=511915",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2009-0217",
        "datePublished": "2009-07-14T23:00:00.000Z",
        "dateReserved": "2009-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:24:18.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2581 (GCVE-0-2008-2581)

    Vulnerability from nvd – Published: 2008-07-15 23:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/2115 vdb-entryx_refsource_VUPEN
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2008/2109… vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31087 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31113 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1020498 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:30.233Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
              },
              {
                "name": "ADV-2008-2115",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2115"
              },
              {
                "name": "SSRT061201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "HPSBMA02133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "ADV-2008-2109",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2109/references"
              },
              {
                "name": "oracle-weblogic-uddiexplorer-unauth-access(43824)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43824"
              },
              {
                "name": "31087",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31087"
              },
              {
                "name": "31113",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31113"
              },
              {
                "name": "1020498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020498"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
            },
            {
              "name": "ADV-2008-2115",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2115"
            },
            {
              "name": "SSRT061201",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "HPSBMA02133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "ADV-2008-2109",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2109/references"
            },
            {
              "name": "oracle-weblogic-uddiexplorer-unauth-access(43824)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43824"
            },
            {
              "name": "31087",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31087"
            },
            {
              "name": "31113",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31113"
            },
            {
              "name": "1020498",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020498"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2581",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
                },
                {
                  "name": "ADV-2008-2115",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2115"
                },
                {
                  "name": "SSRT061201",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "HPSBMA02133",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "ADV-2008-2109",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2109/references"
                },
                {
                  "name": "oracle-weblogic-uddiexplorer-unauth-access(43824)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43824"
                },
                {
                  "name": "31087",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31087"
                },
                {
                  "name": "31113",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31113"
                },
                {
                  "name": "1020498",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020498"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2581",
        "datePublished": "2008-07-15T23:00:00.000Z",
        "dateReserved": "2008-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:30.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2580 (GCVE-0-2008-2580)

    Vulnerability from nvd – Published: 2008-07-15 23:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/2115 vdb-entryx_refsource_VUPEN
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2008/2109… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/31087 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31113 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1020498 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:29.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
              },
              {
                "name": "ADV-2008-2115",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2115"
              },
              {
                "name": "SSRT061201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "HPSBMA02133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "ADV-2008-2109",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2109/references"
              },
              {
                "name": "31087",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31087"
              },
              {
                "name": "31113",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31113"
              },
              {
                "name": "oracle-weblogic-jsp-info-disclosure(43829)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43829"
              },
              {
                "name": "1020498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020498"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
            },
            {
              "name": "ADV-2008-2115",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2115"
            },
            {
              "name": "SSRT061201",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "HPSBMA02133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "ADV-2008-2109",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2109/references"
            },
            {
              "name": "31087",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31087"
            },
            {
              "name": "31113",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31113"
            },
            {
              "name": "oracle-weblogic-jsp-info-disclosure(43829)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43829"
            },
            {
              "name": "1020498",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020498"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2580",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
                },
                {
                  "name": "ADV-2008-2115",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2115"
                },
                {
                  "name": "SSRT061201",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "HPSBMA02133",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "ADV-2008-2109",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2109/references"
                },
                {
                  "name": "31087",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31087"
                },
                {
                  "name": "31113",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31113"
                },
                {
                  "name": "oracle-weblogic-jsp-info-disclosure(43829)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43829"
                },
                {
                  "name": "1020498",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020498"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2580",
        "datePublished": "2008-07-15T23:00:00.000Z",
        "dateReserved": "2008-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:29.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2582 (GCVE-0-2008-2582)

    Vulnerability from nvd – Published: 2008-07-15 23:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/2115 vdb-entryx_refsource_VUPEN
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2008/2109… vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31087 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31113 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1020498 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:29.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
              },
              {
                "name": "ADV-2008-2115",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2115"
              },
              {
                "name": "SSRT061201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "HPSBMA02133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "ADV-2008-2109",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2109/references"
              },
              {
                "name": "oracle-weblogic-dos(43825)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43825"
              },
              {
                "name": "31087",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31087"
              },
              {
                "name": "31113",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31113"
              },
              {
                "name": "1020498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020498"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
            },
            {
              "name": "ADV-2008-2115",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2115"
            },
            {
              "name": "SSRT061201",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "HPSBMA02133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "ADV-2008-2109",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2109/references"
            },
            {
              "name": "oracle-weblogic-dos(43825)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43825"
            },
            {
              "name": "31087",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31087"
            },
            {
              "name": "31113",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31113"
            },
            {
              "name": "1020498",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020498"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
                },
                {
                  "name": "ADV-2008-2115",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2115"
                },
                {
                  "name": "SSRT061201",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "HPSBMA02133",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "ADV-2008-2109",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2109/references"
                },
                {
                  "name": "oracle-weblogic-dos(43825)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43825"
                },
                {
                  "name": "31087",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31087"
                },
                {
                  "name": "31113",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31113"
                },
                {
                  "name": "1020498",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020498"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2582",
        "datePublished": "2008-07-15T23:00:00.000Z",
        "dateReserved": "2008-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:29.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0217 (GCVE-0-2009-0217)

    Vulnerability from cvelistv5 – Published: 2009-07-14 23:00 – Updated: 2024-08-07 04:24
    VLAI
    Summary
    The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://rhn.redhat.com/errata/RHSA-2009-1428.html vendor-advisoryx_refsource_REDHAT
    http://www.vupen.com/english/advisories/2009/3122 vdb-entryx_refsource_VUPEN
    http://www.openoffice.org/security/cves/CVE-2009-… x_refsource_CONFIRM
    https://issues.apache.org/bugzilla/show_bug.cgi?i… x_refsource_CONFIRM
    http://secunia.com/advisories/60799 third-party-advisoryx_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-20140… vendor-advisoryx_refsource_GENTOO
    http://www-01.ibm.com/support/docview.wss?rs=180&… vendor-advisoryx_refsource_AIXAPAR
    https://rhn.redhat.com/errata/RHSA-2009-1200.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/35776 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36162 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36494 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/2543 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/35858 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/38695 third-party-advisoryx_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://www.debian.org/security/2010/dsa-1995 vendor-advisoryx_refsource_DEBIAN
    http://marc.info/?l=bugtraq&m=125787273209737&w=2 vendor-advisoryx_refsource_HP
    http://secunia.com/advisories/35853 third-party-advisoryx_refsource_SECUNIA
    https://rhn.redhat.com/errata/RHSA-2009-1637.html vendor-advisoryx_refsource_REDHAT
    http://www.redhat.com/support/errata/RHSA-2009-16… vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/35852 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/35854 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/34461 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/WDON-7TY529 x_refsource_CONFIRM
    http://www.mono-project.com/Vulnerabilities x_refsource_CONFIRM
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://www.ubuntu.com/usn/USN-903-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/35671 vdb-entryx_refsource_BID
    https://issues.apache.org/bugzilla/show_bug.cgi?i… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2010/0366 vdb-entryx_refsource_VUPEN
    http://osvdb.org/55907 vdb-entryx_refsource_OSVDB
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/38567 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://blogs.sun.com/security/entry/cert_vulnerab… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2009/1900 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1022561 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://secunia.com/advisories/37671 third-party-advisoryx_refsource_SECUNIA
    http://www.kb.cert.org/vuls/id/466161 third-party-advisoryx_refsource_CERT-VN
    http://www.securitytracker.com/id?1022567 vdb-entryx_refsource_SECTRACK
    https://rhn.redhat.com/errata/RHSA-2009-1636.html vendor-advisoryx_refsource_REDHAT
    http://www-01.ibm.com/support/docview.wss?rs=180&… vendor-advisoryx_refsource_AIXAPAR
    https://rhn.redhat.com/errata/RHSA-2009-1649.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.us-cert.gov/cas/techalerts/TA09-294A.html third-party-advisoryx_refsource_CERT
    http://www.vupen.com/english/advisories/2009/1909 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2010/0635 vdb-entryx_refsource_VUPEN
    http://svn.apache.org/viewvc?revision=794013&view… x_refsource_CONFIRM
    http://secunia.com/advisories/38568 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/36180 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://www.w3.org/2008/06/xmldsigcore-errata.html#e03 x_refsource_CONFIRM
    https://usn.ubuntu.com/826-1/ vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/37841 third-party-advisoryx_refsource_SECUNIA
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_CONFIRM
    http://secunia.com/advisories/35855 third-party-advisoryx_refsource_SECUNIA
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/36176 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://www.w3.org/QA/2009/07/hmac_truncation_in_x… x_refsource_MISC
    http://www.vupen.com/english/advisories/2009/1908 vdb-entryx_refsource_VUPEN
    https://www.redhat.com/archives/fedora-package-an… vendor-advisoryx_refsource_FEDORA
    http://git.gnome.org/cgit/xmlsec/commit/?id=34b34… x_refsource_CONFIRM
    http://www-01.ibm.com/support/docview.wss?rs=180&… x_refsource_CONFIRM
    http://secunia.com/advisories/41818 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1022661 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/37300 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/1911 vdb-entryx_refsource_VUPEN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://rhn.redhat.com/errata/RHSA-2009-1201.html vendor-advisoryx_refsource_REDHAT
    http://git.gnome.org/cgit/xmlsec/patch/?id=34b349… x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ x_refsource_CONFIRM
    http://www.us-cert.gov/cas/techalerts/TA10-159B.html third-party-advisoryx_refsource_CERT
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://osvdb.org/55895 vdb-entryx_refsource_OSVDB
    http://www.aleksey.com/xmlsec/ x_refsource_CONFIRM
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://secunia.com/advisories/38921 third-party-advisoryx_refsource_SECUNIA
    https://rhn.redhat.com/errata/RHSA-2009-1650.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=511915 x_refsource_CONFIRM
    Date Public
    2009-07-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:24:18.400Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2009:1428",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html"
              },
              {
                "name": "ADV-2009-3122",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3122"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"
              },
              {
                "name": "60799",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60799"
              },
              {
                "name": "GLSA-201408-19",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
              },
              {
                "name": "PK80596",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023545\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
              },
              {
                "name": "RHSA-2009:1200",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
              },
              {
                "name": "35776",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35776"
              },
              {
                "name": "36162",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36162"
              },
              {
                "name": "36494",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36494"
              },
              {
                "name": "ADV-2009-2543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/2543"
              },
              {
                "name": "35858",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35858"
              },
              {
                "name": "38695",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38695"
              },
              {
                "name": "269208",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"
              },
              {
                "name": "DSA-1995",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-1995"
              },
              {
                "name": "HPSBUX02476",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
              },
              {
                "name": "35853",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35853"
              },
              {
                "name": "RHSA-2009:1637",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
              },
              {
                "name": "RHSA-2009:1694",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
              },
              {
                "name": "35852",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35852"
              },
              {
                "name": "35854",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35854"
              },
              {
                "name": "34461",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/34461"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/WDON-7TY529"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.mono-project.com/Vulnerabilities"
              },
              {
                "name": "1020710",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"
              },
              {
                "name": "USN-903-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-903-1"
              },
              {
                "name": "35671",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35671"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"
              },
              {
                "name": "ADV-2010-0366",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0366"
              },
              {
                "name": "55907",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/55907"
              },
              {
                "name": "MDVSA-2009:209",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
              },
              {
                "name": "SUSE-SA:2010:017",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
              },
              {
                "name": "38567",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38567"
              },
              {
                "name": "FEDORA-2009-8329",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
              },
              {
                "name": "263429",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"
              },
              {
                "name": "SSRT090250",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
              },
              {
                "name": "ADV-2009-1900",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1900"
              },
              {
                "name": "1022561",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022561"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
              },
              {
                "name": "37671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37671"
              },
              {
                "name": "VU#466161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/466161"
              },
              {
                "name": "1022567",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022567"
              },
              {
                "name": "RHSA-2009:1636",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
              },
              {
                "name": "PK80627",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_AIXAPAR",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023723\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
              },
              {
                "name": "RHSA-2009:1649",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
              },
              {
                "name": "TA09-294A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
              },
              {
                "name": "ADV-2009-1909",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1909"
              },
              {
                "name": "ADV-2010-0635",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0635"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://svn.apache.org/viewvc?revision=794013\u0026view=revision"
              },
              {
                "name": "38568",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38568"
              },
              {
                "name": "36180",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36180"
              },
              {
                "name": "FEDORA-2009-8456",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"
              },
              {
                "name": "USN-826-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/826-1/"
              },
              {
                "name": "37841",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37841"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
              },
              {
                "name": "35855",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35855"
              },
              {
                "name": "FEDORA-2009-8473",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"
              },
              {
                "name": "36176",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/36176"
              },
              {
                "name": "oval:org.mitre.oval:def:7158",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"
              },
              {
                "name": "ADV-2009-1908",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1908"
              },
              {
                "name": "FEDORA-2009-8337",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg21384925"
              },
              {
                "name": "41818",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41818"
              },
              {
                "name": "1022661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022661"
              },
              {
                "name": "37300",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37300"
              },
              {
                "name": "ADV-2009-1911",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1911"
              },
              {
                "name": "APPLE-SA-2009-09-03-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
              },
              {
                "name": "SUSE-SA:2009:053",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
              },
              {
                "name": "oval:org.mitre.oval:def:8717",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"
              },
              {
                "name": "RHSA-2009:1201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"
              },
              {
                "name": "TA10-159B",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
              },
              {
                "name": "oval:org.mitre.oval:def:10186",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"
              },
              {
                "name": "55895",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/55895"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.aleksey.com/xmlsec/"
              },
              {
                "name": "MS10-041",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"
              },
              {
                "name": "38921",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38921"
              },
              {
                "name": "RHSA-2009:1650",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "RHSA-2009:1428",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html"
            },
            {
              "name": "ADV-2009-3122",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3122"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"
            },
            {
              "name": "60799",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60799"
            },
            {
              "name": "GLSA-201408-19",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
            },
            {
              "name": "PK80596",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023545\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
            },
            {
              "name": "RHSA-2009:1200",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
            },
            {
              "name": "35776",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35776"
            },
            {
              "name": "36162",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36162"
            },
            {
              "name": "36494",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36494"
            },
            {
              "name": "ADV-2009-2543",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/2543"
            },
            {
              "name": "35858",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35858"
            },
            {
              "name": "38695",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38695"
            },
            {
              "name": "269208",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"
            },
            {
              "name": "DSA-1995",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1995"
            },
            {
              "name": "HPSBUX02476",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
            },
            {
              "name": "35853",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35853"
            },
            {
              "name": "RHSA-2009:1637",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
            },
            {
              "name": "RHSA-2009:1694",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
            },
            {
              "name": "35852",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35852"
            },
            {
              "name": "35854",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35854"
            },
            {
              "name": "34461",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/34461"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/WDON-7TY529"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.mono-project.com/Vulnerabilities"
            },
            {
              "name": "1020710",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"
            },
            {
              "name": "USN-903-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-903-1"
            },
            {
              "name": "35671",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35671"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"
            },
            {
              "name": "ADV-2010-0366",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0366"
            },
            {
              "name": "55907",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/55907"
            },
            {
              "name": "MDVSA-2009:209",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
            },
            {
              "name": "SUSE-SA:2010:017",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
            },
            {
              "name": "38567",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38567"
            },
            {
              "name": "FEDORA-2009-8329",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
            },
            {
              "name": "263429",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"
            },
            {
              "name": "SSRT090250",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
            },
            {
              "name": "ADV-2009-1900",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1900"
            },
            {
              "name": "1022561",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022561"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
            },
            {
              "name": "37671",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37671"
            },
            {
              "name": "VU#466161",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/466161"
            },
            {
              "name": "1022567",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022567"
            },
            {
              "name": "RHSA-2009:1636",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
            },
            {
              "name": "PK80627",
              "tags": [
                "vendor-advisory",
                "x_refsource_AIXAPAR"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023723\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
            },
            {
              "name": "RHSA-2009:1649",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
            },
            {
              "name": "TA09-294A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
            },
            {
              "name": "ADV-2009-1909",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1909"
            },
            {
              "name": "ADV-2010-0635",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0635"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://svn.apache.org/viewvc?revision=794013\u0026view=revision"
            },
            {
              "name": "38568",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38568"
            },
            {
              "name": "36180",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36180"
            },
            {
              "name": "FEDORA-2009-8456",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"
            },
            {
              "name": "USN-826-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/826-1/"
            },
            {
              "name": "37841",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37841"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
            },
            {
              "name": "35855",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35855"
            },
            {
              "name": "FEDORA-2009-8473",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"
            },
            {
              "name": "36176",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/36176"
            },
            {
              "name": "oval:org.mitre.oval:def:7158",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"
            },
            {
              "name": "ADV-2009-1908",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1908"
            },
            {
              "name": "FEDORA-2009-8337",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg21384925"
            },
            {
              "name": "41818",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41818"
            },
            {
              "name": "1022661",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022661"
            },
            {
              "name": "37300",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37300"
            },
            {
              "name": "ADV-2009-1911",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1911"
            },
            {
              "name": "APPLE-SA-2009-09-03-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
            },
            {
              "name": "SUSE-SA:2009:053",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
            },
            {
              "name": "oval:org.mitre.oval:def:8717",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"
            },
            {
              "name": "RHSA-2009:1201",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"
            },
            {
              "name": "TA10-159B",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10186",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"
            },
            {
              "name": "55895",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/55895"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.aleksey.com/xmlsec/"
            },
            {
              "name": "MS10-041",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"
            },
            {
              "name": "38921",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38921"
            },
            {
              "name": "RHSA-2009:1650",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2009-0217",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2009:1428",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html"
                },
                {
                  "name": "ADV-2009-3122",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3122"
                },
                {
                  "name": "http://www.openoffice.org/security/cves/CVE-2009-0217.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
                },
                {
                  "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"
                },
                {
                  "name": "60799",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60799"
                },
                {
                  "name": "GLSA-201408-19",
                  "refsource": "GENTOO",
                  "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
                },
                {
                  "name": "PK80596",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023545\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
                },
                {
                  "name": "RHSA-2009:1200",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
                },
                {
                  "name": "35776",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35776"
                },
                {
                  "name": "36162",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36162"
                },
                {
                  "name": "36494",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36494"
                },
                {
                  "name": "ADV-2009-2543",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/2543"
                },
                {
                  "name": "35858",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35858"
                },
                {
                  "name": "38695",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38695"
                },
                {
                  "name": "269208",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"
                },
                {
                  "name": "DSA-1995",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2010/dsa-1995"
                },
                {
                  "name": "HPSBUX02476",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
                },
                {
                  "name": "35853",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35853"
                },
                {
                  "name": "RHSA-2009:1637",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
                },
                {
                  "name": "RHSA-2009:1694",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
                },
                {
                  "name": "35852",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35852"
                },
                {
                  "name": "35854",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35854"
                },
                {
                  "name": "34461",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/34461"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/WDON-7TY529",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/WDON-7TY529"
                },
                {
                  "name": "http://www.mono-project.com/Vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "http://www.mono-project.com/Vulnerabilities"
                },
                {
                  "name": "1020710",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"
                },
                {
                  "name": "USN-903-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-903-1"
                },
                {
                  "name": "35671",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35671"
                },
                {
                  "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527",
                  "refsource": "CONFIRM",
                  "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"
                },
                {
                  "name": "ADV-2010-0366",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/0366"
                },
                {
                  "name": "55907",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/55907"
                },
                {
                  "name": "MDVSA-2009:209",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
                },
                {
                  "name": "SUSE-SA:2010:017",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
                },
                {
                  "name": "38567",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38567"
                },
                {
                  "name": "FEDORA-2009-8329",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
                },
                {
                  "name": "263429",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"
                },
                {
                  "name": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"
                },
                {
                  "name": "SSRT090250",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=125787273209737\u0026w=2"
                },
                {
                  "name": "ADV-2009-1900",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1900"
                },
                {
                  "name": "1022561",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022561"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
                },
                {
                  "name": "37671",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37671"
                },
                {
                  "name": "VU#466161",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/466161"
                },
                {
                  "name": "1022567",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022567"
                },
                {
                  "name": "RHSA-2009:1636",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
                },
                {
                  "name": "PK80627",
                  "refsource": "AIXAPAR",
                  "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026context=SSEQTP\u0026dc=D400\u0026uid=swg24023723\u0026loc=en_US\u0026cs=UTF-8\u0026lang=en\u0026rss=ct180websphere"
                },
                {
                  "name": "RHSA-2009:1649",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
                },
                {
                  "name": "TA09-294A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
                },
                {
                  "name": "ADV-2009-1909",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1909"
                },
                {
                  "name": "ADV-2010-0635",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/0635"
                },
                {
                  "name": "http://svn.apache.org/viewvc?revision=794013\u0026view=revision",
                  "refsource": "CONFIRM",
                  "url": "http://svn.apache.org/viewvc?revision=794013\u0026view=revision"
                },
                {
                  "name": "38568",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38568"
                },
                {
                  "name": "36180",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36180"
                },
                {
                  "name": "FEDORA-2009-8456",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"
                },
                {
                  "name": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03",
                  "refsource": "CONFIRM",
                  "url": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"
                },
                {
                  "name": "USN-826-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/826-1/"
                },
                {
                  "name": "37841",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37841"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1",
                  "refsource": "CONFIRM",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
                },
                {
                  "name": "35855",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35855"
                },
                {
                  "name": "FEDORA-2009-8473",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"
                },
                {
                  "name": "36176",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/36176"
                },
                {
                  "name": "oval:org.mitre.oval:def:7158",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"
                },
                {
                  "name": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html",
                  "refsource": "MISC",
                  "url": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"
                },
                {
                  "name": "ADV-2009-1908",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1908"
                },
                {
                  "name": "FEDORA-2009-8337",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
                },
                {
                  "name": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
                },
                {
                  "name": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg21384925",
                  "refsource": "CONFIRM",
                  "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg21384925"
                },
                {
                  "name": "41818",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/41818"
                },
                {
                  "name": "1022661",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022661"
                },
                {
                  "name": "37300",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37300"
                },
                {
                  "name": "ADV-2009-1911",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1911"
                },
                {
                  "name": "APPLE-SA-2009-09-03-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
                },
                {
                  "name": "SUSE-SA:2009:053",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:8717",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"
                },
                {
                  "name": "RHSA-2009:1201",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
                },
                {
                  "name": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"
                },
                {
                  "name": "TA10-159B",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
                },
                {
                  "name": "oval:org.mitre.oval:def:10186",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"
                },
                {
                  "name": "55895",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/55895"
                },
                {
                  "name": "http://www.aleksey.com/xmlsec/",
                  "refsource": "CONFIRM",
                  "url": "http://www.aleksey.com/xmlsec/"
                },
                {
                  "name": "MS10-041",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"
                },
                {
                  "name": "38921",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38921"
                },
                {
                  "name": "RHSA-2009:1650",
                  "refsource": "REDHAT",
                  "url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=511915",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2009-0217",
        "datePublished": "2009-07-14T23:00:00.000Z",
        "dateReserved": "2009-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:24:18.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2581 (GCVE-0-2008-2581)

    Vulnerability from cvelistv5 – Published: 2008-07-15 23:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/2115 vdb-entryx_refsource_VUPEN
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2008/2109… vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31087 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31113 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1020498 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:30.233Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
              },
              {
                "name": "ADV-2008-2115",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2115"
              },
              {
                "name": "SSRT061201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "HPSBMA02133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "ADV-2008-2109",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2109/references"
              },
              {
                "name": "oracle-weblogic-uddiexplorer-unauth-access(43824)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43824"
              },
              {
                "name": "31087",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31087"
              },
              {
                "name": "31113",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31113"
              },
              {
                "name": "1020498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020498"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
            },
            {
              "name": "ADV-2008-2115",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2115"
            },
            {
              "name": "SSRT061201",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "HPSBMA02133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "ADV-2008-2109",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2109/references"
            },
            {
              "name": "oracle-weblogic-uddiexplorer-unauth-access(43824)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43824"
            },
            {
              "name": "31087",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31087"
            },
            {
              "name": "31113",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31113"
            },
            {
              "name": "1020498",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020498"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2581",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
                },
                {
                  "name": "ADV-2008-2115",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2115"
                },
                {
                  "name": "SSRT061201",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "HPSBMA02133",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "ADV-2008-2109",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2109/references"
                },
                {
                  "name": "oracle-weblogic-uddiexplorer-unauth-access(43824)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43824"
                },
                {
                  "name": "31087",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31087"
                },
                {
                  "name": "31113",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31113"
                },
                {
                  "name": "1020498",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020498"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2581",
        "datePublished": "2008-07-15T23:00:00.000Z",
        "dateReserved": "2008-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:30.233Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2580 (GCVE-0-2008-2580)

    Vulnerability from cvelistv5 – Published: 2008-07-15 23:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/2115 vdb-entryx_refsource_VUPEN
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2008/2109… vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/31087 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31113 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securitytracker.com/id?1020498 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:29.991Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
              },
              {
                "name": "ADV-2008-2115",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2115"
              },
              {
                "name": "SSRT061201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "HPSBMA02133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "ADV-2008-2109",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2109/references"
              },
              {
                "name": "31087",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31087"
              },
              {
                "name": "31113",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31113"
              },
              {
                "name": "oracle-weblogic-jsp-info-disclosure(43829)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43829"
              },
              {
                "name": "1020498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020498"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
            },
            {
              "name": "ADV-2008-2115",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2115"
            },
            {
              "name": "SSRT061201",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "HPSBMA02133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "ADV-2008-2109",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2109/references"
            },
            {
              "name": "31087",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31087"
            },
            {
              "name": "31113",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31113"
            },
            {
              "name": "oracle-weblogic-jsp-info-disclosure(43829)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43829"
            },
            {
              "name": "1020498",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020498"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2580",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
                },
                {
                  "name": "ADV-2008-2115",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2115"
                },
                {
                  "name": "SSRT061201",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "HPSBMA02133",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "ADV-2008-2109",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2109/references"
                },
                {
                  "name": "31087",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31087"
                },
                {
                  "name": "31113",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31113"
                },
                {
                  "name": "oracle-weblogic-jsp-info-disclosure(43829)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43829"
                },
                {
                  "name": "1020498",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020498"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2580",
        "datePublished": "2008-07-15T23:00:00.000Z",
        "dateReserved": "2008-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:29.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2582 (GCVE-0-2008-2582)

    Vulnerability from cvelistv5 – Published: 2008-07-15 23:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2008/2115 vdb-entryx_refsource_VUPEN
    http://h20000.www2.hp.com/bizsupport/TechSupport/… vendor-advisoryx_refsource_HP
    http://www.vupen.com/english/advisories/2008/2109… vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/31087 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/31113 third-party-advisoryx_refsource_SECUNIA
    http://www.securitytracker.com/id?1020498 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-07-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:29.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
              },
              {
                "name": "ADV-2008-2115",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2115"
              },
              {
                "name": "SSRT061201",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "HPSBMA02133",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
              },
              {
                "name": "ADV-2008-2109",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2109/references"
              },
              {
                "name": "oracle-weblogic-dos(43825)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43825"
              },
              {
                "name": "31087",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31087"
              },
              {
                "name": "31113",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31113"
              },
              {
                "name": "1020498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020498"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
            },
            {
              "name": "ADV-2008-2115",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2115"
            },
            {
              "name": "SSRT061201",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "HPSBMA02133",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
            },
            {
              "name": "ADV-2008-2109",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2109/references"
            },
            {
              "name": "oracle-weblogic-dos(43825)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43825"
            },
            {
              "name": "31087",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31087"
            },
            {
              "name": "31113",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31113"
            },
            {
              "name": "1020498",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020498"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
                },
                {
                  "name": "ADV-2008-2115",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2115"
                },
                {
                  "name": "SSRT061201",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "HPSBMA02133",
                  "refsource": "HP",
                  "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
                },
                {
                  "name": "ADV-2008-2109",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2109/references"
                },
                {
                  "name": "oracle-weblogic-dos(43825)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43825"
                },
                {
                  "name": "31087",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31087"
                },
                {
                  "name": "31113",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31113"
                },
                {
                  "name": "1020498",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020498"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2582",
        "datePublished": "2008-07-15T23:00:00.000Z",
        "dateReserved": "2008-06-09T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:29.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }