- Home
- CVEs with oval.description==The+design+of+the+W3C+XML+Signature+Syntax+and+Processing+%28XMLDsig%29+recommendation%2C+as+implemented+in+products+including+%281%29+the+Oracle+Security+Developer+Tools+component+in+Oracle+Application+Server+10.1.2.3%2C+10.1.3.4%2C+and+10.1.4.3IM%3B+%282%29+the+WebLogic+Server+component+in+BEA+Product+Suite+10.3%2C+10.0+MP1%2C+9.2+MP3%2C+9.1%2C+9.0%2C+and+8.1+SP6%3B+%283%29+Mono+before+2.4.2.2%3B+%284%29+XML+Security+Library+before+1.2.12%3B+%285%29+IBM+WebSphere+Application+Server+Versions+6.0+through+6.0.2.33%2C+6.1+through+6.1.0.23%2C+and+7.0+through+7.0.0.1%3B+%286%29+Sun+JDK+and+JRE+Update+14+and+earlier%3B+%287%29+Microsoft+.NET+Framework+3.0+through+3.0+SP2%2C+3.5%2C+and+4.0%3B+and+other+products+uses+a+parameter+that+defines+an+HMAC+truncation+length+%28HMACOutputLength%29+but+does+not+require+a+minimum+for+this+length%2C+which+allows+attackers+to+spoof+HMAC-based+signatures+and+bypass+authentication+by+specifying+a+truncation+length+with+a+small+number+of+bits.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top