CVE-2009-0217

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

El diseño de la recomendación de W3C XML Signature Syntax and Processing (XMLDsig), tal y como es implementado en productos que incluyen (1) el componente Oracle Security Developer Tools de Application Server de Oracle en versiones 10.1.2.3, 10.1.3.4 y 10.1.4.3IM; (2) el componente WebLogic Server de Product Suite de BEA en las versiones 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0 y 8.1 SP6; (3) Mono anterior a versión 2.4.2.2; (4) XML Security Library anterior a versión 1.2.12; (5) WebSphere Application Server de IBM versiones 6.0 hasta 6.0.2.33, versiones 6.1 hasta 6.1.0.23 y versiones 7.0 hasta 7.0.0.1; (6) JDK y JRE de Sun Update 14 y versiones anteriores; (7) .NET Framework de Microsoft versiones 3.0 hasta 3.0 SP2, versiones 3.5 y 4.0; y otros productos utilizan un parámetro que define una longitud de truncamiento HMAC (HMACOutputLength) pero no requiere un mínimo para esta longitud, lo que permite a los atacantes suplantar firmas basadas en HMAC y omitir la autenticación mediante la especificación de una longitud de truncamiento con un pequeño número de bits.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-01-20 CVE Reserved
2009-07-14 CVE Published
2024-08-07 CVE Updated
2024-11-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (87)

URL	Tag	Source
http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161	X_refsource_confirm
http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7	X_refsource_confirm
http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7	X_refsource_confirm
http://osvdb.org/55895	Vdb Entry
http://osvdb.org/55907	Vdb Entry
http://secunia.com/advisories/34461	Third Party Advisory
http://secunia.com/advisories/37300	Third Party Advisory
http://secunia.com/advisories/37671	Third Party Advisory
http://secunia.com/advisories/37841	Third Party Advisory
http://secunia.com/advisories/38567	Third Party Advisory
http://secunia.com/advisories/38568	Third Party Advisory
http://secunia.com/advisories/38695	Third Party Advisory
http://secunia.com/advisories/38921	Third Party Advisory
http://secunia.com/advisories/41818	Third Party Advisory
http://secunia.com/advisories/60799	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1	X_refsource_confirm
http://svn.apache.org/viewvc?revision=794013&view=revision	X_refsource_confirm
http://www.aleksey.com/xmlsec	X_refsource_confirm
http://www.kb.cert.org/vuls/id/466161	Third Party Advisory
http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ	X_refsource_confirm
http://www.kb.cert.org/vuls/id/WDON-7TY529	X_refsource_confirm
http://www.openoffice.org/security/cves/CVE-2009-0217.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html	X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	X_refsource_confirm
http://www.securitytracker.com/id?1022561	Vdb Entry
http://www.securitytracker.com/id?1022567	Vdb Entry
http://www.securitytracker.com/id?1022661	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-294A.html	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-159B.html	Third Party Advisory
http://www.vupen.com/english/advisories/2009/2543	Vdb Entry
http://www.vupen.com/english/advisories/2009/3122	Vdb Entry
http://www.vupen.com/english/advisories/2010/0366	Vdb Entry
http://www.vupen.com/english/advisories/2010/0635	Vdb Entry
https://issues.apache.org/bugzilla/show_bug.cgi?id=47526	X_refsource_confirm
https://issues.apache.org/bugzilla/show_bug.cgi?id=47527	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717	Signature

URL	Date	SRC

URL	Date	SRC
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere	2018-10-12
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere	2018-10-12
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925	2018-10-12
http://www.securityfocus.com/bid/35671	2018-10-12
http://www.vupen.com/english/advisories/2009/1900	2018-10-12
http://www.vupen.com/english/advisories/2009/1908	2018-10-12
http://www.vupen.com/english/advisories/2009/1909	2018-10-12
http://www.vupen.com/english/advisories/2009/1911	2018-10-12

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html	2018-10-12
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	2018-10-12
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html	2018-10-12
http://marc.info/?l=bugtraq&m=125787273209737&w=2	2018-10-12
http://secunia.com/advisories/35776	2018-10-12
http://secunia.com/advisories/35852	2018-10-12
http://secunia.com/advisories/35853	2018-10-12
http://secunia.com/advisories/35854	2018-10-12
http://secunia.com/advisories/35855	2018-10-12
http://secunia.com/advisories/35858	2018-10-12
http://secunia.com/advisories/36162	2018-10-12
http://secunia.com/advisories/36176	2018-10-12
http://secunia.com/advisories/36180	2018-10-12
http://secunia.com/advisories/36494	2018-10-12
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1	2018-10-12
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1	2018-10-12
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1	2018-10-12
http://www.debian.org/security/2010/dsa-1995	2018-10-12
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	2018-10-12
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209	2018-10-12
http://www.mono-project.com/Vulnerabilities	2018-10-12
http://www.redhat.com/support/errata/RHSA-2009-1694.html	2018-10-12
http://www.ubuntu.com/usn/USN-903-1	2018-10-12
http://www.w3.org/2008/06/xmldsigcore-errata.html#e03	2018-10-12
http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html	2018-10-12
https://bugzilla.redhat.com/show_bug.cgi?id=511915	2010-01-14
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041	2018-10-12
https://rhn.redhat.com/errata/RHSA-2009-1200.html	2018-10-12
https://rhn.redhat.com/errata/RHSA-2009-1201.html	2018-10-12
https://rhn.redhat.com/errata/RHSA-2009-1428.html	2018-10-12
https://rhn.redhat.com/errata/RHSA-2009-1636.html	2018-10-12
https://rhn.redhat.com/errata/RHSA-2009-1637.html	2018-10-12
https://rhn.redhat.com/errata/RHSA-2009-1649.html	2018-10-12
https://rhn.redhat.com/errata/RHSA-2009-1650.html	2018-10-12
https://usn.ubuntu.com/826-1	2018-10-12
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html	2018-10-12
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html	2018-10-12
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html	2018-10-12
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html	2018-10-12
https://access.redhat.com/security/cve/CVE-2009-0217	2010-01-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.0.1 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.0.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.0.2 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.0.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.0.3 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.0.3"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.1 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.2 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.3 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.3"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.5 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.5"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.7 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.7"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.9 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.9"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.11 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.11"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.13 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.13"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.15 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.15"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.1.17 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.1.17"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2"		fp17		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.1 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.2 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.3 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.3"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.10 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.10"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.11 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.11"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.12 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.12"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.13 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.13"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.14 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.14"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.15 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.15"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.16 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.16"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.17 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.17"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.18 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.18"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.19 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.19"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.20 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.20"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.21 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.21"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.22 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.22"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.23 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.23"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.24 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.24"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.25 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.25"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.28 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.28"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.29 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.29"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.30 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.30"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.31 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.31"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.32 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.32"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.0.2.33 Search vendor "Ibm" for product "Websphere Application Server" and version "6.0.2.33"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.0 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.1 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.1"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.2 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.2"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.3 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.3"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.4 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.4"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.5 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.5"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.6 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.6"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.7 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.7"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.8 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.8"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.9 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.9"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.10 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.10"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.11 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.11"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.12 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.12"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.13 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.13"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.14 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.14"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.15 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.15"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.16 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.16"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.17 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.17"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.18 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.18"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.19 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.19"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.20 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.20"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.21 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.21"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.22 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.22"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				6.1.0.23 Search vendor "Ibm" for product "Websphere Application Server" and version "6.1.0.23"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				7.0 Search vendor "Ibm" for product "Websphere Application Server" and version "7.0"		-		Affected
Ibm Search vendor "Ibm"		Websphere Application Server Search vendor "Ibm" for product "Websphere Application Server"				7.0.0.1 Search vendor "Ibm" for product "Websphere Application Server" and version "7.0.0.1"		-		Affected
Mono Project Search vendor "Mono Project"		Mono Search vendor "Mono Project" for product "Mono"				1.2.1 Search vendor "Mono Project" for product "Mono" and version "1.2.1"		-		Affected
Mono Project Search vendor "Mono Project"		Mono Search vendor "Mono Project" for product "Mono"				1.2.2 Search vendor "Mono Project" for product "Mono" and version "1.2.2"		-		Affected
Mono Project Search vendor "Mono Project"		Mono Search vendor "Mono Project" for product "Mono"				1.2.3 Search vendor "Mono Project" for product "Mono" and version "1.2.3"		-		Affected
Mono Project Search vendor "Mono Project"		Mono Search vendor "Mono Project" for product "Mono"				1.2.4 Search vendor "Mono Project" for product "Mono" and version "1.2.4"		-		Affected
Mono Project Search vendor "Mono Project"		Mono Search vendor "Mono Project" for product "Mono"				1.2.5 Search vendor "Mono Project" for product "Mono" and version "1.2.5"		-		Affected
Mono Project Search vendor "Mono Project"		Mono Search vendor "Mono Project" for product "Mono"				1.2.6 Search vendor "Mono Project" for product "Mono" and version "1.2.6"		-		Affected
Mono Project Search vendor "Mono Project"		Mono Search vendor "Mono Project" for product "Mono"				1.9 Search vendor "Mono Project" for product "Mono" and version "1.9"		-		Affected
Mono Project Search vendor "Mono Project"		Mono Search vendor "Mono Project" for product "Mono"				2.0 Search vendor "Mono Project" for product "Mono" and version "2.0"		-		Affected
Oracle Search vendor "Oracle"		Application Server Search vendor "Oracle" for product "Application Server"				10.1.2.3 Search vendor "Oracle" for product "Application Server" and version "10.1.2.3"		-		Affected
Oracle Search vendor "Oracle"		Application Server Search vendor "Oracle" for product "Application Server"				10.1.3.4 Search vendor "Oracle" for product "Application Server" and version "10.1.3.4"		-		Affected
Oracle Search vendor "Oracle"		Application Server Search vendor "Oracle" for product "Application Server"				10.1.4.3im Search vendor "Oracle" for product "Application Server" and version "10.1.4.3im"		-		Affected
Oracle Search vendor "Oracle"		Bea Product Suite Search vendor "Oracle" for product "Bea Product Suite"				8.1 Search vendor "Oracle" for product "Bea Product Suite" and version "8.1"		sp6		Affected
Oracle Search vendor "Oracle"		Bea Product Suite Search vendor "Oracle" for product "Bea Product Suite"				9.0 Search vendor "Oracle" for product "Bea Product Suite" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Bea Product Suite Search vendor "Oracle" for product "Bea Product Suite"				9.1 Search vendor "Oracle" for product "Bea Product Suite" and version "9.1"		-		Affected
Oracle Search vendor "Oracle"		Bea Product Suite Search vendor "Oracle" for product "Bea Product Suite"				9.2 Search vendor "Oracle" for product "Bea Product Suite" and version "9.2"		mp3		Affected
Oracle Search vendor "Oracle"		Bea Product Suite Search vendor "Oracle" for product "Bea Product Suite"				10.0 Search vendor "Oracle" for product "Bea Product Suite" and version "10.0"		mp1		Affected
Oracle Search vendor "Oracle"		Bea Product Suite Search vendor "Oracle" for product "Bea Product Suite"				10.3 Search vendor "Oracle" for product "Bea Product Suite" and version "10.3"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Component Search vendor "Oracle" for product "Weblogic Server Component"				8.1 Search vendor "Oracle" for product "Weblogic Server Component" and version "8.1"		sp6		Affected
Oracle Search vendor "Oracle"		Weblogic Server Component Search vendor "Oracle" for product "Weblogic Server Component"				9.0 Search vendor "Oracle" for product "Weblogic Server Component" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Component Search vendor "Oracle" for product "Weblogic Server Component"				9.1 Search vendor "Oracle" for product "Weblogic Server Component" and version "9.1"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Component Search vendor "Oracle" for product "Weblogic Server Component"				9.2 Search vendor "Oracle" for product "Weblogic Server Component" and version "9.2"		mp3		Affected
Oracle Search vendor "Oracle"		Weblogic Server Component Search vendor "Oracle" for product "Weblogic Server Component"				10.0 Search vendor "Oracle" for product "Weblogic Server Component" and version "10.0"		mp1		Affected
Oracle Search vendor "Oracle"		Weblogic Server Component Search vendor "Oracle" for product "Weblogic Server Component"				10.3 Search vendor "Oracle" for product "Weblogic Server Component" and version "10.3"		-		Affected