Versio.io

CVE-2009-0217

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 14-07-2009 02:00
Last modified: - 14-07-2009 02:00
Total changes: - 121

Description

CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:P/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
None
Confidentiality
Low
Integrity
-
Privileges required
-
Scope
-
User interaction
5.0
Base score
Exploitability score
Impact score
 

Verification logic

OR
AND
product=java-1.6.0-sun-1 AND versionEndExcluding=1.6.0.15-1jpp.1.el4
vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=4
AND
product=java-1.6.0-ibm-1 AND versionEndExcluding=1.6.0.7-1jpp.3.el4
vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=4
AND
product=glassfish-javamail-0 AND versionEndExcluding=1.4.2-0jpp.ep1.5.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=glassfish-jsf-0 AND versionEndExcluding=1.2_13-2.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-1 AND versionEndExcluding=3.2.4-1.SP1_CP09.0jpp.ep1.1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-annotations-0 AND versionEndExcluding=3.3.1-1.11.GA_CP02.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-entitymanager-0 AND versionEndExcluding=3.3.2-2.5.GA_CP01.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jacorb-0 AND versionEndExcluding=2.3.0-1jpp.ep1.9.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jakarta-commons-logging-jboss-0 AND versionEndExcluding=1.1-9.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-aop-0 AND versionEndExcluding=1.5.5-3.CP04.2.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossas-0 AND versionEndExcluding=4.2.0-5.GA_CP08.5.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-common-0 AND versionEndExcluding=1.2.1-0jpp.ep1.3.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-remoting-0 AND versionEndExcluding=2.2.3-3.SP1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-seam-0 AND versionEndExcluding=1.2.1-1.ep1.22.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossts-1 AND versionEndExcluding=4.2.3-1.SP5_CP08.1jpp.ep1.1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossweb-0 AND versionEndExcluding=2.0.0-6.CP12.0jpp.ep1.2.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jcommon-0 AND versionEndExcluding=1.0.16-1.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jfreechart-0 AND versionEndExcluding=1.0.13-2.3.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jgroups-1 AND versionEndExcluding=2.4.7-1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=quartz-0 AND versionEndExcluding=1.5.2-1jpp.patch01.ep1.4.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=rh-eap-docs-0 AND versionEndExcluding=4.2.0-6.GA_CP08.ep1.3.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=xerces-j2-0 AND versionEndExcluding=2.7.1-9jpp.4.patch_02.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=xml-security-0 AND versionEndExcluding=1.3.0-1.3.patch01.ep1.2.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=glassfish-jsf-0 AND versionEndExcluding=1.2_13-2.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-1 AND versionEndExcluding=3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-annotations-0 AND versionEndExcluding=3.3.1-1.11GA_CP02.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=hibernate3-entitymanager-0 AND versionEndExcluding=3.3.2-2.5.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jacorb-0 AND versionEndExcluding=2.3.0-1jpp.ep1.9.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-aop-0 AND versionEndExcluding=1.5.5-3.CP04.2.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossas-0 AND versionEndExcluding=4.2.0-5.GA_CP08.5.2.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-common-0 AND versionEndExcluding=1.2.1-0jpp.ep1.3.el5.1
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-remoting-0 AND versionEndExcluding=2.2.3-3.SP1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jboss-seam-0 AND versionEndExcluding=1.2.1-1.ep1.14.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossts-1 AND versionEndExcluding=4.2.3-1.SP5_CP08.1jpp.ep1.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jbossweb-0 AND versionEndExcluding=2.0.0-6.CP12.0jpp.ep1.2.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jcommon-0 AND versionEndExcluding=1.0.16-1.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jfreechart-0 AND versionEndExcluding=1.0.13-2.3.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=jgroups-1 AND versionEndExcluding=2.4.7-1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=quartz-0 AND versionEndExcluding=1.5.2-1jpp.patch01.ep1.4.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=rh-eap-docs-0 AND versionEndExcluding=4.2.0-6.GA_CP08.ep1.3.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=xml-security-0 AND versionEndExcluding=1.3.0-1.3.patch01.ep1.2.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.2.0
AND
product=xmlsec1-0 AND versionEndExcluding=1.2.6-3.1
vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=4
AND
product=java-1.6.0-openjdk-1 AND versionEndExcluding=1.6.0.0-1.2.b09.el5
vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5
AND
product=xmlsec1-0 AND versionEndExcluding=1.2.9-8.1.1
vendor=Red Hat Enterprise Linux AND product=enterprise_linux AND version=5
AND
product=glassfish-javamail-0 AND versionEndExcluding=1.4.2-0jpp.ep1.5.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=glassfish-jaxb-0 AND versionEndExcluding=2.1.4-1.12.patch03.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=glassfish-jsf-0 AND versionEndExcluding=1.2_13-2.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-1 AND versionEndExcluding=3.2.4-1.SP1_CP09.0jpp.ep1.1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-annotations-0 AND versionEndExcluding=3.3.1-1.11.GA_CP02.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-entitymanager-0 AND versionEndExcluding=3.3.2-2.5.GA_CP01.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jacorb-0 AND versionEndExcluding=2.3.0-1jpp.ep1.9.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jakarta-commons-logging-jboss-0 AND versionEndExcluding=1.1-9.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-aop-0 AND versionEndExcluding=1.5.5-3.CP04.2.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossas-0 AND versionEndExcluding=4.3.0-6.GA_CP07.4.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-common-0 AND versionEndExcluding=1.2.1-0jpp.ep1.3.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-messaging-0 AND versionEndExcluding=1.4.0-3.SP3_CP09.4.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-remoting-0 AND versionEndExcluding=2.2.3-3.SP1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-seam-0 AND versionEndExcluding=1.2.1-3.JBPAPP_4_3_0_GA.ep1.18.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-seam2-0 AND versionEndExcluding=2.0.2.FP-1.ep1.21.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossts-1 AND versionEndExcluding=4.2.3-1.SP5_CP08.1jpp.ep1.1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossweb-0 AND versionEndExcluding=2.0.0-6.CP12.0jpp.ep1.2.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-0 AND versionEndExcluding=2.0.1-4.SP2_CP07.2.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-common-0 AND versionEndExcluding=1.0.0-2.GA_CP05.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-framework-0 AND versionEndExcluding=2.0.1-1.GA_CP05.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jcommon-0 AND versionEndExcluding=1.0.16-1.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jfreechart-0 AND versionEndExcluding=1.0.13-2.3.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jgroups-1 AND versionEndExcluding=2.4.7-1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=quartz-0 AND versionEndExcluding=1.5.2-1jpp.patch01.ep1.4.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=rh-eap-docs-0 AND versionEndExcluding=4.3.0-6.GA_CP07.ep1.3.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=xerces-j2-0 AND versionEndExcluding=2.7.1-9jpp.4.patch_02.1.ep1.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=xml-security-0 AND versionEndExcluding=1.3.0-1.3.patch01.ep1.2.el4
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=glassfish-jaxb-0 AND versionEndExcluding=2.1.4-1.12.patch03.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=glassfish-jsf-0 AND versionEndExcluding=1.2_13-2.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-1 AND versionEndExcluding=3.2.4-1.SP1_CP09.0jpp.ep1.2.4.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-annotations-0 AND versionEndExcluding=3.3.1-1.11GA_CP02.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=hibernate3-entitymanager-0 AND versionEndExcluding=3.3.2-2.5.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jacorb-0 AND versionEndExcluding=2.3.0-1jpp.ep1.9.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-aop-0 AND versionEndExcluding=1.5.5-3.CP04.2.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossas-0 AND versionEndExcluding=4.3.0-6.GA_CP07.4.2.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-common-0 AND versionEndExcluding=1.2.1-0jpp.ep1.3.el5.1
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-messaging-0 AND versionEndExcluding=1.4.0-3.SP3_CP09.4.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-remoting-0 AND versionEndExcluding=2.2.3-3.SP1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-seam-0 AND versionEndExcluding=1.2.1-3.JBPAPP_4_3_0_GA.ep1.12.el5.1
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jboss-seam2-0 AND versionEndExcluding=2.0.2.FP-1.ep1.18.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossts-1 AND versionEndExcluding=4.2.3-1.SP5_CP08.1jpp.ep1.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossweb-0 AND versionEndExcluding=2.0.0-6.CP12.0jpp.ep1.2.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-0 AND versionEndExcluding=2.0.1-4.SP2_CP07.2.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-common-0 AND versionEndExcluding=1.0.0-2.GA_CP05.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jbossws-framework-0 AND versionEndExcluding=2.0.1-1.GA_CP05.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jcommon-0 AND versionEndExcluding=1.0.16-1.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jfreechart-0 AND versionEndExcluding=1.0.13-2.3.1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=jgroups-1 AND versionEndExcluding=2.4.7-1.ep1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=quartz-0 AND versionEndExcluding=1.5.2-1jpp.patch01.ep1.4.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=rh-eap-docs-0 AND versionEndExcluding=4.3.0-6.GA_CP07.ep1.3.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=xml-security-0 AND versionEndExcluding=1.3.0-1.3.patch01.ep1.2.1.el5
vendor=Red Hat Enterprise Linux AND product=jboss_enterprise_application_platform AND version=4.3.0
AND
product=java-1.6.0-ibm-1 AND versionEndExcluding=1.6.0.7-1jpp.2.el5
vendor=Red Hat Enterprise Linux AND product=network_satellite AND version=5.3
AND
product=java-1.6.0-sun-1 AND versionEndExcluding=1.6.0.15-1jpp.1.el5
vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=5
AND
product=java-1.6.0-ibm-1 AND versionEndExcluding=1.6.0.7-1jpp.2.el5
vendor=Red Hat Enterprise Linux AND product=rhel_extras AND version=5
AND
product=xmlsec1 AND version=
vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=4.8
AND
product=java-1.6.0-openjdk AND version=
vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=5.3
AND
product=xmlsec1 AND version=
vendor=Red Hat Enterprise Linux AND product=rhel_eus AND version=5.3
 

Reference

 


Keywords

REDHAT

 

CVE-2009-0217

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.