499 matches found
[SECURITY] Fedora 11 Update: xmlsec1-1.2.12-1.fc11
XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...
[SECURITY] Fedora 10 Update: xmlsec1-1.2.12-1.fc10
XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...
[Backports-security-announce] Security Update for xml-security-c
Russ Allbery uploaded new packages for xml-security-c which fixed the following security problems: CVE-2009-0217 CERT VU466161 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed...
DSA-1849-1 xml-security-c - signature forgery
Bulletin has no description...
Fedora 10 : xml-security-c-1.5.1-1.fc10 (2009-8121)
Fixes CVE-2009-0217 511915 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenab...
[SECURITY] Fedora 11 Update: xml-security-c-1.5.1-1.fc11
The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...
[SECURITY] Fedora 10 Update: xml-security-c-1.5.1-1.fc10
The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...
Authentication flaw
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0120
The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service device reboot by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data...
CVE-2009-0120
The CVE-2009-0120 entry affects IBM WebSphere DataPower XML Security Gateway XS40 firmware 3.6.1.5. It allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection (demonstrated using the string abc\r\n\r\n). The NVD entry lists a high im...
IBM WebSphere DataPower XML Security Gateway XS40远程拒绝服务漏洞
BUGTRAQ ID: 33169 CNCAN ID:CNCAN-2009010903 IBM WebSphere DataPower XML Security Gateway XS40是一款XML安全网关。 通过已经建立的SSL连接,发送简单的random?字符串给IBM DataPower XS40安全网关设备,可导致设备重启,造成拒绝服务攻击。 IBM WebSphere DataPower XML Security Gateway XS40 3.6.1 .5 厂商解决方案 目前没有解决方案提供:...
IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service
IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service source: https://www.securityfocus.com/bid/33169/info IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Remote...
IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service
source: https://www.securityfocus.com/bid/33169/info IBM WebSphere DataPower XML Security Gateway XS40 is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Remote attackers can exploit this issue to cause the device to reboot, denying service to...
CVE-2007-5379
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.fromxml Hashfromxml method, which uses XmlSimple XML::Simple unsafely, as demonstrated by reading passwords fro...
CVE-2007-5379
CVE-2007-5379 affects Ruby on Rails installations using Rails prior to 1.2.4. The vulnerability stems from Hash.from_xml (Hash#from_xml) using XmlSimple unsafely, enabling remote attackers to determine the existence of arbitrary files and read arbitrary XML files (e.g., passwords from Pidgin .pur...