Thinking OPEN

Posts Tagged ‘application_server’

Application Server 10.3 and prior [Medium]

By Security Team • Jul 14th, 2009 • Category: Security Notifications

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits….

CVE Identifier: CVE-2009-0217
Vulnerability Type(s):
Severity: Medium


Application Server 10.3 and prior [Medium]

By Security Team • Jul 14th, 2009 • Category: Security Notifications

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits….

CVE Identifier: CVE-2009-0217
Vulnerability Type(s):
Severity: Medium


Application Server 10.3 and prior [Medium]

By Security Team • Jul 14th, 2009 • Category: Security Notifications

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits….

CVE Identifier: CVE-2009-0217
Vulnerability Type(s):
Severity: Medium


Application Server 8.3.0 and prior [Medium]

By Security Team • Apr 15th, 2009 • Category: Security Notifications

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML….

CVE Identifier: CVE-2009-1011
Vulnerability Type(s):
Severity: Medium


Application Server 8.3.0 and prior [Medium]

By Security Team • Apr 15th, 2009 • Category: Security Notifications

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML…

CVE Identifier: CVE-2009-1011
Vulnerability Type(s):
Severity: Medium


Application Server 10.1.3.3.3 and prior [Medium]

By Security Team • Apr 15th, 2009 • Category: Security Notifications

Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors….

CVE Identifier: CVE-2009-0989
Vulnerability Type(s):
Severity: Medium


Application Server 10.1.3.4 and prior [Medium]

By Security Team • Apr 15th, 2009 • Category: Security Notifications

Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors….

CVE Identifier: CVE-2009-0994
Vulnerability Type(s):
Severity: Medium


Application Server 8.3.0 and prior [Medium]

By Security Team • Apr 15th, 2009 • Category: Security Notifications

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML….

CVE Identifier: CVE-2009-1008
Vulnerability Type(s):
Severity: Medium


Application Server 8.1.9 [Medium]

By Security Team • Apr 15th, 2009 • Category: Security Notifications

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML….

CVE Identifier: CVE-2009-1009
Vulnerability Type(s):
Severity: Medium


Application Server 8.3.0 and prior [Medium]

By Security Team • Apr 15th, 2009 • Category: Security Notifications

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML….

CVE Identifier: CVE-2009-1010
Vulnerability Type(s):
Severity: Medium


« Older Entries
Newer Entries »