Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Sun Microsystems, Inc. Information for VU#466161

Date Notified:2009-07-09
Date Updated:2009-08-05
Statement Date:2009-07-13
Status Summary:Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The XML Digital Signature implementation included with the Java Runtime Environment is affected and may allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures may be vulnerable to this type of attack. This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

This issue can occur in the following Java SE and Java SE for Business releases for Windows, Solaris, and Linux:

JDK and JRE 6 Update 14 and earlier

Note: JDK and JRE 5.0, and SDK and JRE 1.4.2 and 1.3.1 are not affected.

This issue will be addressed with Sun's upcoming Java SE security updates which are targeted to be released in late July 2009.

Addendum

Please see Sun Alert 263429 for details and updated JRE versions.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information