Executive Summary

Title US-CERT Vulnerability Note VU#466161 - XML signature HMAC truncation authentication bypass
Name SUN-466161 First vendor Publication 2009-07-14
Vendor Sun Last vendor Modification 2009-07-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores


US-CERT Vulnerability Note VU#466161 describes a security vulnerability with verifying HMAC-based XML digital signatures.

The XML Digital Signature implementation included with the Java Runtime Environment is affected and may allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures may be vulnerable to this type of attack. This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

This issue can occur in the following Java SE and Java SE for Business releases for Windows, Solaris, and Linux:

  • JDK and JRE 6 Update 14 and earlier
Note: JDK and JRE 5.0, and SDK and JRE 1.4.2 and 1.3.1 are not affected.

This issue will be addressed with our upcoming Java SE security updates which are targeted to be released in late July 2009.

Original Source

Url : http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-06-28 20:10:40
  • Multiple Updates