Error
  • JFile::read: Unable to open file: 'http://twitter.com/statuses/user_timeline.xml?screen_name=gsogsecur&count=5'
Sun Alert 269208 A Security Vulnerability With Verifying HMAC-based XML Digital Signatures in the XML Digital Signature Implementation Included With the Sun GlassFish Enterprise Server v2.1 may Allow Authentication to be Bypassed
Product: Sun GlassFish Enterprise Server v2.1 A security vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with webservices component of Sun GlassFish Enterprise Server may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this issue. This issue is also described in the following documents: CERT VU#466161 at:http://www.kb.cert.org/vuls/id/466161 CVE-2009-0217 at: ...

Product: Sun GlassFish Enterprise Server v2.1

A security vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with webservices component of Sun GlassFish Enterprise Server may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this issue.

This issue is also described in the following documents:

CERT VU#466161 at:

CVE-2009-0217 at:

Sun acknowledges, with thanks, Thomas Roessler from the W3C for bringing this issue to our attention.

State: Resolved
First released: 29-Oct-2009

Read Full Article
Written on Wednesday, 28 October 2009 19:00 by

Viewed 157 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of Network Security & Hacking News  Network Security & Hacking News / Subscribe to the RSS feed of Global Security News  Global Security News
Like this? Let your friends know now!

Rate this article

Latest articles from

Latest 'tweets' from GovernmentSecurity

  • Blog Update: Main Site Alternate Colors: As many of you have noticed we recently launch.. http://bit.ly/4xdQhh | #Security Link Tuesday, 19 January 2010 08:51
  • New Article: Netgear Router Hack Pt. 1 by Kenny: Hello all Kenny from GSO create this d.. http://bit.ly/5xwvtP | #Security Link Tuesday, 01 December 2009 15:09
  • News Update: Netgear Router Hack Pt. 1 by Kenny: Hello all Kenny from GSO Admin here sh.. http://bit.ly/8fLBD5 | #Security Link Tuesday, 01 December 2009 14:34
  • GovernmentSecurity Forums gets a new look http://bit.ly/3J5Cn2 Link Saturday, 28 November 2009 19:00
  • News Update: Microsoft: Vulnerability in Internet Explorer Could Allow Remote Code Exec.. http://bit.ly/71vXAL | #Security Link Saturday, 28 November 2009 14:35
blog comments powered by Disqus
back to top
 

Our Sponsors

Shoutcast Streams | Internet Radio HOSTINGLitespeed Web HostingIRC | IRCd | Internet Relay Chat HostingEarn Recurring Income

Member Login