Home

CVE-2009-0217

Description

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.772

Associated Vulnerability

VulnerabilityOS Platform
Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP(KB979909) x86 based systemsWindows
Microsoft .NET Framework 3.5 Security Update for Windows Server 2003 and Windows XP(KB982865) x86 based systemsWindows
.NET Framework 1.1 Service Pack 1 CLR Security Update for Windows 2003 Server x86 and Windows 2003 Server R2 x86(KB979907)Windows
Microsoft .NET Framework 3.5 Security Update for Windows Server 2003 and Windows XP(KB982865) x64 bases systemsWindows
Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP(KB979909) x64 bases systemsWindows
Microsoft .NET Framework 3.5, Windows Vista Service Pack 1, and Windows Server 2008 Security UpdateWindows
Microsoft .NET Framework 3.5 Service Pack 1 Security Update for Windows Vista Service Pack 1 and Windows Server 2008(KB979911) x86 based systemsWindows
Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 Security Update(KB979910) x86 based systemsWindows
Microsoft .NET Framework 3.5, Windows Vista Service Pack 1, and Windows Server 2008 Security Update(KB979913) x64 bases systemsWindows
Microsoft .NET Framework 3.5 Service Pack 1 Security Update for Windows Vista Service Pack 1 and Windows Server 2008(KB979911) x64 bases systemsWindows
Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 Security Update(KB979910) x64 bases systemsWindows
Microsoft .NET Framework 3.5.1 Security Update for Windows 7 and Windows Server 2008 R2(KB979916) x86 based systemsWindows
Microsoft .NET Framework 3.5.1 Security Update for Windows 7 and Windows Server 2008 R2(KB979916)Windows
Microsoft .NET Framework 3.5.1 Security Update for Windows 7 and Windows Server 2008 R2(KB979916) x64 bases systemsWindows
Update websphere_application_server 7.0.0.1 to latest versionWindows
Vulnerabilities CVE-2009-0217 are fixed in Apache - xmlsec 1.4.3Windows
Vulnerabilities CVE-2009-0217 are fixed in Apache - xmlsec for Linux 1.4.3Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-8734Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP
PATCH-8735Microsoft .NET Framework 3.5 Security Update for Windows Server 2003 and Windows XP
PATCH-8737Microsoft .NET Framework 3.5 Security Update for Windows Server 2003 and Windows XP
PATCH-8738Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP
PATCH-8741Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 Security Update
PATCH-8742Microsoft .NET Framework 3.5, Windows Vista Service Pack 1, and Windows Server 2008 Security Update
PATCH-8743Microsoft .NET Framework 3.5 Service Pack 1 Security Update for Windows Vista Service Pack 1 and Windows Server 2008
PATCH-8744Microsoft .NET Framework 3.5 Service Pack 1, Windows Vista Service Pack 2, and Windows Server 2008 Service Pack 2 Security Update
PATCH-8756Microsoft .NET Framework 3.5.1 Security Update for Windows 7 and Windows Server 2008 R2(KB979916)
PATCH-8757Microsoft .NET Framework 3.5.1 Security Update for Windows 7 and Windows Server 2008 R2(KB979916)
PATCH-8758Microsoft .NET Framework 3.5.1 Security Update for Windows 7 and Windows Server 2008 R2(KB979916)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234