A security issue has been reported in Mono, which can be
exploited by malicious people to conduct spoofing attacks.
The security issue is caused due to an error when processing
certain XML signatures.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchmono< 2.4.2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	mono	< 2.4.2.2	UNKNOWN

References

secunia.com/advisories/35852/

www.kb.cert.org/vuls/id/466161

checkpoint_advisories 2

openvas 67

redhat 5

ubuntucve 2

securityvulns 6

nessus 70

prion 2

veracode 1

debian 7

cvelist 2

github 1

fedora 6

cve 2

osv 2

mskb 1

cert 1

centos 2

debiancve 2

nvd 2

oraclelinux 2

ubuntu 3

ibm 3

suse 3

threatpost 1

freebsd 1

gentoo 2

oracle 1

checkpoint_advisories

Microsoft XML Signature HMAC Truncation Bypass (MS10-041; CVE-2009-0217)

2010-06-08 00:00:00

Microsoft XML Signature HMAC Truncation Bypass (MS10-041) - Ver2 (CVE-2009-0217)

2015-03-26 00:00:00

openvas

Mandrake Security Advisory MDVSA-2009:269 (mono)

2009-10-19 00:00:00

FreeBSD Ports: mono

2009-08-17 00:00:00

Mandrake Security Advisory MDVSA-2009:269 (mono)

2009-10-19 00:00:00

redhat

(RHSA-2009:1428) Moderate: xmlsec1 security update

2009-09-08 00:00:00

(RHSA-2009:1649) Moderate: JBoss Enterprise Application Platform 4.3.0.CP07 update

2009-12-09 00:00:00

(RHSA-2009:1201) Important: java-1.6.0-openjdk security and bug fix update

2009-08-06 00:00:00

ubuntucve

CVE-2009-0217

2009-07-14 00:00:00

CVE-2013-2155

2013-08-20 00:00:00

securityvulns

Microsoft Security Bulletin MS10-041 - Important Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

2010-06-09 00:00:00

Microsoft .Net XML signing protection bypass

2010-06-09 00:00:00

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability

2013-07-01 00:00:00

nessus

Solaris 10 (x86) : 141710-03

2018-03-12 00:00:00

Fedora 10 : xml-security-c-1.5.1-1.fc10 (2009-8121)

2009-08-01 00:00:00

Mandriva Linux Security Advisory : mono (MDVSA-2009:269)

2010-07-30 00:00:00

prion

Authentication flaw

2009-07-14 23:30:00

Design/Logic Flaw

2013-08-20 22:55:00

veracode

Authentication Bypass

2020-04-10 00:35:27

debian

[Backports-security-announce] Security Update for xml-security-c

2009-08-06 08:37:46

[SECURITY] [DSA 1849-1] New xml-security-c packages fix signature forgery

2009-08-02 13:48:02

[Backports-security-announce] Security Update for xml-security-c

2009-08-06 08:38:10

cvelist

CVE-2009-0217

2009-07-14 23:00:00

CVE-2013-2155

2013-08-20 22:00:00

github

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

2022-05-02 03:13:38

fedora

[SECURITY] Fedora 11 Update: xml-security-c-1.5.1-1.fc11

2009-07-31 18:04:52

[SECURITY] Fedora 11 Update: xmlsec1-1.2.12-1.fc11

2009-08-11 22:33:07

[SECURITY] Fedora 10 Update: xml-security-c-1.5.1-1.fc10

2009-07-31 17:59:26

cve

CVE-2009-0217

2009-07-14 23:30:00

CVE-2013-2155

2013-08-20 22:55:03

osv

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

2022-05-02 03:13:38

openoffice.org - several

2010-02-12 00:00:00

mskb

MS10-041: Vulnerabilities in the Microsoft .NET Framework that could allow tampering

2012-05-08 22:34:55

cert

XML signature HMAC truncation authentication bypass

2009-07-14 00:00:00

centos

xmlsec1 security update

2009-09-09 00:48:06

java security update

2009-08-09 04:11:10

debiancve

CVE-2009-0217

2009-07-14 23:30:00

CVE-2013-2155

2013-08-20 22:55:03

nvd

CVE-2009-0217

2009-07-14 23:30:00

CVE-2013-2155

2013-08-20 22:55:03

oraclelinux

xmlsec1 security update

2009-09-09 00:00:00

java-1.6.0-openjdk security and bug fix update

2009-08-06 00:00:00

ubuntu

Mono vulnerabilities

2009-08-26 00:00:00

OpenOffice.org vulnerabilities

2010-02-24 00:00:00

OpenJDK vulnerabilities

2009-08-11 00:00:00

ibm

Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)

2022-10-06 04:39:35

Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server

2022-10-14 22:24:44

Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ

2020-02-20 12:42:12

suse

remote code execution in OpenOffice_org

2010-03-16 16:11:32

remote code execution in java-1_6_0-ibm

2009-11-04 15:26:34

remote code execution in java-1_6_0-ibm

2010-01-12 17:47:21

threatpost

OpenOffice Zaps Six Security Bugs

2010-02-18 15:09:26

freebsd

openoffice.org -- multiple vulnerabilities

2006-08-24 00:00:00

gentoo

Mono: Multiple vulnerabilities

2012-06-21 00:00:00

OpenOffice, LibreOffice: Multiple vulnerabilities

2014-08-31 00:00:00

oracle

09-07 CPU Advisory

2009-07-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.973

Percentile

99.9%

JSON

Related for 708C65A5-7C58-11DE-A994-0030843D3802