[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 193826 Download | Alert*

It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.

The xml-security-c library is a C++ implementation of the XML Digital Signature specification. The library makes use of the Apache XML project"s Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms.

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption".

The host is installed with Oracle Java SE 5 before Update 20 or 6 before Update 15 and is prone to information disclosure vulnerability. A flaw is present in the applications, which fails to properly handle vectors involving static variables. Successful exploitation might allow context-dependent attackers to obtain sensitive information.

The host is installed with Oracle Java SE 6 before Update 15 and is prone to security bypass vulnerability. A flaw is present in the applications, which does not properly enforce OpenType checks. Successful exploitation allows context-dependent attackers to bypass intended access restrictions.

The host is installed with Oracle Java SE 5.0 before Update 20 or 6 before Update 15 and is prone to information disclosure vulnerability. A flaw is present in the applications, which does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications. Successful exploitation allows context-dependent attackers to obtain sensitive information by readi ...

The host is installed with Oracle Java SE 5.0 before Update 20 or 6 before Update 15 and is prone to security bypass vulnerability. A flaw is present in the applications, which fails to properly handle unspecified vectors. Successful exploitation allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application.

The host is installed with Oracle Java SE 5.0 before Update 20 or 6 before Update 15 and is prone to security bypass vulnerability. A flaw is present in the applications, which fails to properly handle unspecified vectors. Successful exploitation allows remote attackers to hijack web session.

The host is installed with Oracle Java SE 5.0 before Update 20 or 6 before Update 15 and is prone to security bypass vulnerability. A flaw is present in the applications, which fails to properly handle unspecified vectors, related to a declaration that lacks the final keyword. Successful exploitation allows remote attackers to bypass intended access restrictions.

The host is installed with Oracle Java SE 6 before Update 15 or 5 before Update 20 and is prone to integer overflow vulnerability. A flaw is present in the applications, which fails to properly handle a crafted JPEG image. Successful exploitation allows context-dependent attackers to execute arbitrary code .


Pages:      Start    10156    10157    10158    10159    10160    10161    10162    10163    10164    10165    10166    10167    10168    10169    ..   19382

© SecPod Technologies