« Sun Alert 258808... | Main | Sun Alert 260951 A... »
14 Jul 2009 US-CERT Vulnerability Note VU#466161 - XML signature HMAC truncation authentication bypass
posted by chokpoh in News
US-CERT Vulnerability Note VU#466161 describes a security vulnerability with verifying HMAC-based XML digital signatures.

The XML Digital Signature implementation included with the Java Runtime Environment is affected and may allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures may be vulnerable to this type of attack. This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

This issue can occur in the following Java SE and Java SE for Business releases for Windows, Solaris, and Linux:
  • JDK and JRE 6 Update 14 and earlier
Note: JDK and JRE 5.0, and SDK and JRE 1.4.2 and 1.3.1 are not affected.

This issue will be addressed with our upcoming Java SE security updates which are targeted to be released in late July 2009.

tags:

Permalink |
Comments:

Post a Comment:

Comments are closed for this entry.

« Sun Alert 258808... | Main | Sun Alert 260951 A... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.