Sun Alert 269208 A Security Vulnerability With Verifying HMAC-based XML Digital Signatures in the XML Digital Signature Implementation Included With the Sun GlassFish Enterprise Server v2.1 may Allow Authentication to be Bypassed

Exploits:

font size: decrease font size increase font size
Rate this article
View Comments
Related content

Product: Sun GlassFish Enterprise Server v2.1 A security vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with webservices component of Sun GlassFish Enterprise Server may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this issue. This issue is also described in the following documents: CERT VU#466161 at:http://www.kb.cert.org/vuls/id/466161 CVE-2009-0217 at: ...

Product: Sun GlassFish Enterprise Server v2.1

A security vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with webservices component of Sun GlassFish Enterprise Server may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this issue.

This issue is also described in the following documents:

CERT VU#466161 at:

http://www.kb.cert.org/vuls/id/466161

CVE-2009-0217 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217

Sun acknowledges, with thanks, Thomas Roessler from the W3C for bringing this issue to our attention.

State: Resolved

First released: 29-Oct-2009

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1

Read Full Article

Written on Wednesday, 28 October 2009 19:00 by

Viewed 43 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of Network Security & Hacking News Network Security & Hacking News / Subscribe to the RSS feed of Global Security News Global Security News

Like this? Let your friends know now!

Rate this article

Latest articles from

New York Tests Xbox-Based Emergency Alert System posted on Friday, 20 November 2009 13:07
An interesting concept is currently being tested in New York. Gamers used to confronting invading…
NC Reports Tamiflu Resistant Cases of Swine Flu posted on Friday, 20 November 2009 13:12
Not a good sign in the fight against Swine Flu. Health officials say four people…
Vuln: eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability posted on Friday, 20 November 2009 11:00
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
Fly for $1 or Your Money Back! posted on Friday, 20 November 2009 12:07
It is the time of year to get together with family and friends, and that…
U.S. Reviews Air Defenses to Thwart Terror From Skies posted on Friday, 20 November 2009 12:38
I'm not sure how one can ever place a price tag on preventing another 9/11or…

Latest 'tweets' from GovernmentSecurity

News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38

blog comments powered by Disqus

back to top