HTTP: XML Signature HMAC Truncation Bypass Vulnerability
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. An attacker can create a malicious Web site with Web pages containing dangerous XML content, which if accessed by a victim, allows the attacker bypass authentication of certain content.
Extended Description
The IETF and W3C XML Digital Signature Specification is prone to an authentication-bypass vulnerability. Attackers may exploit this issue to forge signatures to arbitrary XML data. This may lead to further attacks. Note that the specification doesn't require implementations to accept all truncation length values. As a result, not all implementations of the XML Digital Signature Specification will be affected by this issue.
Affected Products
Avaya messaging_application_server,Red_hat enterprise_linux_as_extras
References
BugTraq: 35671
CVE: CVE-2009-0217
URL: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
Short Name
HTTP:STC:IE:XML-HMAC-BYPASS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Bypass CVE-2009-0217 HMAC Signature Truncation Vulnerability XML bid:35671
Release Date
06/08/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Apache_software_foundation
Suse
Apple
Gentoo
Xml_security_library
Mono
Hp
Ubuntu
Avaya
Microsoft
Oracle
Openoffice
Bea_systems
Pardus
Sun
Mandriva
Rsa_security
Debian
Ibm
CVSS Score
5.0