oval:org.mitre.oval:def:8717

Definition Id: oval:org.mitre.oval:def:8717

Oval ID:	oval:org.mitre.oval:def:8717
Title:	HP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
Description:	The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0217	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
IF HP Release B.11.11 AND HP Release B.11.23 AND HP-UX B.11.31 AND filesets tests Jdk14.JDK14-IPF32 version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF32-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF64 version is less than 1.4.2.23.00 AND Jdk14.JDK14-IPF64 version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA11 version is less than 1.4.2.23.00 AND Jre14.JRE14-COM version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA20 version is less than 1.4.2.23.00 AND Jre14.JRE14-PA11 version is less than 1.4.2.23.00 AND Jdk14.JDK14-PA20W version is less than 1.4.2.23.00 AND Jre14.JRE14-PA11-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20 version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20W version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF64-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-PA20W-HS version is less than 1.4.2.23.00 AND Jre14.JRE14-IPF32 version is less than 1.4.2.23.00 AND Jdk14.JDK14-COM version is less than 1.4.2.23.00 AND Jre15.JRE15-IPF64-HS version is less than 1.5.0.17.00 AND Jdk15.JDK15-IPF32 version is less than 1.5.0.17.00 AND Jdk15.JDK15-PA20 version is less than 1.5.0.17.00 AND Jdk15.JDK15-IPF64 version is less than 1.5.0.17.00 AND Jre15.JRE15-COM version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20 version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20-HS version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20W version is less than 1.5.0.17.00 AND Jre15.JRE15-PA20W-HS version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF32 version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF32-HS version is less than 1.5.0.17.00 AND Jdk15.JDK15-PA20W version is less than 1.5.0.17.00 AND Jre15.JRE15-IPF64 version is less than 1.5.0.17.00 AND Jdk15.JDK15-COM version is less than 1.5.0.17.00 AND Jdk60.JDK60-PA20 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20W-HS version is less than 1.6.0.05.00 AND Jdk60.JDK60-PA20W version is less than 1.6.0.05.00 AND Jdk60.JDK60-COM version is less than 1.6.0.05.00 AND Jre60.JRE60-COM version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF32 version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF32-HS version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF64 version is less than 1.6.0.05.00 AND Jre60.JRE60-IPF64-HS version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20 version is less than 1.6.0.05.00 AND Jdk60.JDK60-IPF32 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20-HS version is less than 1.6.0.05.00 AND Jdk60.JDK60-IPF64 version is less than 1.6.0.05.00 AND Jre60.JRE60-PA20W version is less than 1.6.0.05.00

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0451s

Facebook rss twitter linkedin mail