« Sun Alert 270969 A... | Main | Advance notification... »
29 Oct 2009 Sun Alert 269208 A Security Vulnerability With Verifying HMAC-based XML Digital Signatures in the XML Digital Signature Implementation Included With the Sun GlassFish Enterprise Server v2.1 may Allow Authentication to be Bypassed
posted by chandan in Alerts
Product: Sun GlassFish Enterprise Server v2.1

A security vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with webservices component of Sun GlassFish Enterprise Server may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this issue.

This issue is also described in the following documents:

CERT VU#466161 at:

CVE-2009-0217 at:

Sun acknowledges, with thanks, Thomas Roessler from the W3C for bringing this issue to our attention.

State: Resolved
First released: 29-Oct-2009
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1
Permalink |
Comments:

Post a Comment:

Comments are closed for this entry.

« Sun Alert 270969 A... | Main | Advance notification... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.