A+ R A-

Sun Alert 269208 A Security Vulnerability With Verifying HMAC-based XML Digital Signatures in the XML Digital Signature Implementation Included With the Sun GlassFish Enterprise Server v2.1 may Allow Authentication to be Bypassed

Product: Sun GlassFish Enterprise Server v2.1 A security vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with webservices component of Sun GlassFish Enterprise Server may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this issue. This issue is also described in the following documents: CERT VU#466161 at:http://www.kb.cert.org/vuls/id/466161 CVE-2009-0217 at: ...

Product: Sun GlassFish Enterprise Server v2.1

A security vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with webservices component of Sun GlassFish Enterprise Server may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this issue.

This issue is also described in the following documents:

CERT VU#466161 at:

CVE-2009-0217 at:

Sun acknowledges, with thanks, Thomas Roessler from the W3C for bringing this issue to our attention.

State: Resolved
First released: 29-Oct-2009

Read Full Article

Got News?

Popular

Get email updates