NVD脆弱性詳細

CVE-2009-0217

概要	The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
公表日	2009年7月15日8:30
登録日	2021年1月29日13:13
最終更新日	2018年10月13日6:49

CVSS2.0 : MEDIUM
スコア	5.0
ベクター	AV:N/AC:L/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:ibm:websphere_application_server:6.0:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2::fp17:::::
cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.33:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.10:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.14:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.16:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.18:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.20:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.22:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:::::::*
cpe:2.3:a:ibm:websphere_application_server:7.0:::::::*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:::::::*
cpe:2.3:a:mono_project:mono:1.2.1:::::::*
cpe:2.3:a:mono_project:mono:1.2.2:::::::*
cpe:2.3:a:mono_project:mono:1.2.3:::::::*
cpe:2.3:a:mono_project:mono:1.2.4:::::::*
cpe:2.3:a:mono_project:mono:1.2.5:::::::*
cpe:2.3:a:mono_project:mono:1.2.6:::::::*
cpe:2.3:a:mono_project:mono:1.9:::::::*
cpe:2.3:a:mono_project:mono:2.0:::::::*
cpe:2.3:a:oracle:application_server:10.1.2.3:::::::*
cpe:2.3:a:oracle:application_server:10.1.3.4:::::::*
cpe:2.3:a:oracle:application_server:10.1.4.3im:::::::*
cpe:2.3:a:oracle:bea_product_suite:8.1:sp6::::::
cpe:2.3:a:oracle:bea_product_suite:9.0:::::::*
cpe:2.3:a:oracle:bea_product_suite:9.1:::::::*
cpe:2.3:a:oracle:bea_product_suite:9.2:mp3::::::
cpe:2.3:a:oracle:bea_product_suite:10.0:mp1::::::
cpe:2.3:a:oracle:bea_product_suite:10.3:::::::*
cpe:2.3:a:oracle:weblogic_server_component:8.1:sp6::::::
cpe:2.3:a:oracle:weblogic_server_component:9.0:::::::*
cpe:2.3:a:oracle:weblogic_server_component:9.1:::::::*
cpe:2.3:a:oracle:weblogic_server_component:9.2:mp3::::::
cpe:2.3:a:oracle:weblogic_server_component:10.0:mp1::::::
cpe:2.3:a:oracle:weblogic_server_component:10.3:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161	CONFIRM
2	http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7	CONFIRM
3	http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7	CONFIRM
4	http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html	APPLE
5	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html	SUSE
6	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html	SUSE
7	http://marc.info/?l=bugtraq&m=125787273209737&w=2	HP
8	http://osvdb.org/55895	OSVDB
9	http://osvdb.org/55907	OSVDB
10	http://secunia.com/advisories/34461	SECUNIA
11	http://secunia.com/advisories/35776	SECUNIA	Vendor Advisory
12	http://secunia.com/advisories/35852	SECUNIA	Vendor Advisory
13	http://secunia.com/advisories/35853	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/35854	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/35855	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/35858	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/36162	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/36176	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/36180	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/36494	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/37300	SECUNIA
22	http://secunia.com/advisories/37671	SECUNIA
23	http://secunia.com/advisories/37841	SECUNIA
24	http://secunia.com/advisories/38567	SECUNIA
25	http://secunia.com/advisories/38568	SECUNIA
26	http://secunia.com/advisories/38695	SECUNIA
27	http://secunia.com/advisories/38921	SECUNIA
28	http://secunia.com/advisories/41818	SECUNIA
29	http://secunia.com/advisories/60799	SECUNIA
30	http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1	CONFIRM
31	http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1	SUNALERT
32	http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1	SUNALERT
33	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1	SUNALERT
34	http://svn.apache.org/viewvc?revision=794013&view=revision	CONFIRM
35	http://www.aleksey.com/xmlsec/	CONFIRM
36	http://www.debian.org/security/2010/dsa-1995	DEBIAN
37	http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	GENTOO
38	http://www.kb.cert.org/vuls/id/466161	CERT-VN	US Government Resource
39	http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ	CONFIRM
40	http://www.kb.cert.org/vuls/id/WDON-7TY529	CONFIRM
41	http://www.mandriva.com/security/advisories?name=MDVSA-2009:209	MANDRIVA
42	http://www.mono-project.com/Vulnerabilities	CONFIRM	Vendor Advisory
43	http://www.openoffice.org/security/cves/CVE-2009-0217.html	CONFIRM
44	http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html	CONFIRM
45	http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html	CONFIRM
46	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	CONFIRM
47	http://www.redhat.com/support/errata/RHSA-2009-1694.html	REDHAT
48	http://www.securityfocus.com/bid/35671	BID	Patch
49	http://www.securitytracker.com/id?1022561	SECTRACK
50	http://www.securitytracker.com/id?1022567	SECTRACK
51	http://www.securitytracker.com/id?1022661	SECTRACK
52	http://www.ubuntu.com/usn/USN-903-1	UBUNTU
53	http://www.us-cert.gov/cas/techalerts/TA09-294A.html	CERT	US Government Resource
54	http://www.us-cert.gov/cas/techalerts/TA10-159B.html	CERT	US Government Resource
55	http://www.vupen.com/english/advisories/2009/1900	VUPEN	Patch Vendor Advisory
56	http://www.vupen.com/english/advisories/2009/1908	VUPEN	Patch Vendor Advisory
57	http://www.vupen.com/english/advisories/2009/1909	VUPEN	Patch Vendor Advisory
58	http://www.vupen.com/english/advisories/2009/1911	VUPEN	Patch Vendor Advisory
59	http://www.vupen.com/english/advisories/2009/2543	VUPEN
60	http://www.vupen.com/english/advisories/2009/3122	VUPEN
61	http://www.vupen.com/english/advisories/2010/0366	VUPEN
62	http://www.vupen.com/english/advisories/2010/0635	VUPEN
63	http://www.w3.org/2008/06/xmldsigcore-errata.html#e03	CONFIRM	Vendor Advisory
64	http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html	MISC	Vendor Advisory
65	http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere	AIXAPAR	Patch Vendor Advisory
66	http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere	AIXAPAR	Patch Vendor Advisory
67	http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925	CONFIRM	Patch Vendor Advisory
68	https://bugzilla.redhat.com/show_bug.cgi?id=511915	CONFIRM
69	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041	MS
70	https://issues.apache.org/bugzilla/show_bug.cgi?id=47526	CONFIRM
71	https://issues.apache.org/bugzilla/show_bug.cgi?id=47527	CONFIRM
72	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186	OVAL
73	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158	OVAL
74	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717	OVAL
75	https://rhn.redhat.com/errata/RHSA-2009-1200.html	REDHAT
76	https://rhn.redhat.com/errata/RHSA-2009-1201.html	REDHAT
77	https://rhn.redhat.com/errata/RHSA-2009-1428.html	REDHAT
78	https://rhn.redhat.com/errata/RHSA-2009-1636.html	REDHAT
79	https://rhn.redhat.com/errata/RHSA-2009-1637.html	REDHAT
80	https://rhn.redhat.com/errata/RHSA-2009-1649.html	REDHAT
81	https://rhn.redhat.com/errata/RHSA-2009-1650.html	REDHAT
82	https://usn.ubuntu.com/826-1/	UBUNTU
83	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html	FEDORA
84	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html	FEDORA
85	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html	FEDORA
86	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html	FEDORA

共通脆弱性一覧

JVN脆弱性情報

XML 署名の検証において認証回避が可能な問題

タイトル	XML 署名の検証において認証回避が可能な問題
概要	XML 署名 (XMLDsig) で規定されている HMAC truncation に起因する認証回避が可能な問題が存在します。 XMLDsig は、デジタル署名のための XML 構文を規定する W3C 勧告の一つです。XMLDsig は SOAP などのウェブサービスで使用されています。XMLDsig は RFC 2104 で規定されている HMAC truncation をサポートしています。RFC2104 ではハッシュ値の半分あるいは 80 bit 以上使用することを推奨しています。しかしながら、XMLDsig ではハッシュ値の出力長に対する制限が設けられていません。HMAC truncation が攻撃者によって操作された場合、結果として認証回避が起きる可能性があります。
想定される影響	XMLDsig で定められている認証メカニズムを攻撃者によって回避される可能性があります。
対策	W3C より XMLDsig の勧告が更新されました。詳しくは Errata for XML Signature 2nd Edidtion をご確認ください。 [アップデートする] ベンダが本問題に対応するアップデートを提供している場合、それを適用してください。
公表日	2009年7月15日0:00
登録日	2009年8月20日11:22
最終更新日	2010年7月22日17:52

影響を受けるシステム

サン・マイクロシステムズ

JDK 6 Update 14 およびそれ以前

JRE 6 Update 14 およびそれ以前

マイクロソフト

Microsoft .NET Framework 1.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5.1

Microsoft Windows 2000

Microsoft Windows 7 (x32)

Microsoft Windows 7 (x64)

Microsoft Windows Server 2003

Microsoft Windows Server 2003 (itanium)

Microsoft Windows Server 2003 (x64)

Microsoft Windows Server 2008 (itanium)

Microsoft Windows Server 2008 (x64)

Microsoft Windows Server 2008 (x86)

Microsoft Windows Server 2008 r2(itanium)

Microsoft Windows Server 2008 r2(x64)

Microsoft Windows Vista

Microsoft Windows Vista (x64)

Microsoft Windows XP

Microsoft Windows XP (x64)

Microsoft Windows XP sp3

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.3.z (server)

Red Hat Enterprise Linux EUS 5.4.z (server)

Red Hat Enterprise Linux Extras 4 extras

Red Hat Enterprise Linux Extras 4.8.z extras

RHEL Desktop Supplementary 5 (client)

RHEL Desktop Workstation 5 (client)

RHEL Supplementary 5 (server)

RHEL Supplementary EUS 5.3.z (server)

RHEL Supplementary EUS 5.4.z (server)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

オラクル

BEA Product Suite 9.1

BEA Product Suite 9.2 MP3

BEA Product Suite 10.0 MP1

BEA Product Suite 10.3

BEA Product Suite 8.1 SP6

BEA Product Suite 9.0

OpenSSO Enterprise 8.0

Oracle Application Server 10.1.2.3

Oracle Application Server 10.1.3.4

Oracle Application Server 10.1.4.3IM

IBM

IBM WebSphere Application Server 6.0 から 6.0.2.33

IBM WebSphere Application Server 6.1 から 6.1.0.23

IBM WebSphere Application Server 7.0 から 7.0.0.1

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

アップル

Apple Mac OS X v10.5.8

Apple Mac OS X Server v10.5.8

OpenOffice.org Project

OpenOffice.org 2

OpenOffice.org 3.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0217	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
National Vulnerability Database (NVD)
2	CVE-2009-0217	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0217
OpenOffice.org
3	CVE-2009-0217	http://www.openoffice.org/security/cves/CVE-2009-0217.html

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-DesignError	https://www.ipa.go.jp/security/vuln/CWE.html#CWEDesignError

ベンダー情報

No	名前	URL
Apple Security Updates
1	HT3851	http://support.apple.com/kb/HT3851
Apple セキュリティアップデート
2	HT3851	http://support.apple.com/kb/HT3851?viewlocale=ja_JP
Asianux Technical Support Network
3	jdk-1.6.0_15	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=729
Critical Patch Updates and Security Alerts
4	cpujul2009	http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
5	cpujul2010	http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html
HP Security Bulletin
6	HPSBUX02476	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01925304
IBM
7	1384925	http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925
Microsoft Security Bulletin
8	MS10-041	http://www.microsoft.com/technet/security/bulletin/MS10-041.mspx
Red Hat Security Advisory
9	RHSA-2009:1200	https://rhn.redhat.com/errata/RHSA-2009-1200.html
10	RHSA-2009:1201	https://rhn.redhat.com/errata/RHSA-2009-1201.html
11	RHSA-2009:1428	https://rhn.redhat.com/errata/RHSA-2009-1428.html
12	RHSA-2009:1694	https://rhn.redhat.com/errata/RHSA-2009-1694.html
Sun
13	cert_vulnerability_note_vu_466161	http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161
Sun Alert Notification
14	263429	http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1
オラクル・セキュリティ・アラート
15	090717_87	http://www.oracle.com/technology/global/jp/security/090717_87/top.html
16	100716_91	http://www.oracle.com/technology/global/jp/security/100716_91/top.html
マイクロソフトセキュリティ情報
17	MS10-041	http://www.microsoft.com/japan/technet/security/bulletin/ms10-041.mspx
レッドハットセキュリティーアップデート
18	RHSA-2009:1200	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1200J.html
19	RHSA-2009:1201	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1201J.html
20	RHSA-2009:1428	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1428J.html
富士通セキュリティ情報
21	TA10-159B	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-159b.html
絵でみるセキュリティ情報
22	MS10-041e	http://www.microsoft.com/japan/security/bulletins/MS10-041e.mspx

その他

No	名前	URL
IETF
1	RFC 2104	http://tools.ietf.org/html/rfc2104
JPCERT 緊急報告
2	JPCERT-AT-2010-0014	http://www.jpcert.or.jp/at/2010/at100014.txt
JVN
3	JVNTA10-159B	http://jvn.jp/cert/JVNTA10-159B/index.html
4	JVNVU#466161	http://jvn.jp/cert/JVNVU466161/
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
5	55895	http://osvdb.org/55895
6	55907	http://osvdb.org/55907
Secunia Advisory
7	SA34461	http://secunia.com/advisories/34461
8	SA35776	http://secunia.com/advisories/35776
9	SA35853	http://secunia.com/advisories/35853
10	SA35854	http://secunia.com/advisories/35854
11	SA36176	http://secunia.com/advisories/36176
12	SA36180	http://secunia.com/advisories/36180
13	SA40080	http://secunia.com/advisories/40080
SecurityFocus
14	35671	http://www.securityfocus.com/bid/35671
SecurityTracker
15	1022561	http://www.securitytracker.com/id?1022561
16	1022567	http://www.securitytracker.com/id?1022567
17	1022661	http://www.securitytracker.com/id?1022661
US-CERT Cyber Security Alerts
18	SA10-159B	http://www.us-cert.gov/cas/alerts/SA10-159B.html
US-CERT Technical Cyber Security Alert
19	TA10-159B	http://www.us-cert.gov/cas/techalerts/TA10-159B.html
US-CERT Vulnerability Note
20	VU#466161	http://www.kb.cert.org/vuls/id/466161
VUPEN Security
21	VUPEN/ADV-2009-1900	http://www.vupen.com/english/advisories/2009/1900
22	VUPEN/ADV-2009-1912	http://www.vupen.com/english/advisories/2009/1912
23	VUPEN/ADV-2010-1398	http://www.vupen.com/english/advisories/2010/1398
W3C
24	Errata for XML Signature 2nd Edidtion	http://www.w3.org/2008/06/xmldsigcore-errata.html#e03
25	W3C - Questions & Answers Blog	http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
26	W3C Recommendation	http://www.w3.org/TR/xmldsig-core/#sec-SignatureMethod
警察庁 @police
27	マイクロソフト社のセキュリティ修正プログラムについて(MS10-032,033,034,035,036,037,038,039,040,041)	http://www.npa.go.jp/cyberpolice/#topics

変更履歴

No	変更内容	変更日
0	[2009年08月20日] 掲載 [2009年09月29日] 影響を受けるシステム：アップル (HT3851) の情報を追加影響を受けるシステム：ミラクル・リナックス (jdk-1.6.0_15) の情報を追加影響を受けるシステム：レッドハット (RHSA-2009:1428) の情報を追加ベンダ情報：アップル (HT3851) を追加ベンダ情報：ミラクル・リナックス (jdk-1.6.0_15) を追加ベンダ情報：レッドハット (RHSA-2009:1428) を追加 [2009年12月21日] 影響を受けるシステム：ヒューレット・パッカード (HPSBUX02476) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02476) を追加 [2010年01月26日] 影響を受けるシステム：レッドハット (RHSA-2009:1694) の情報を追加ベンダ情報：レッドハット (RHSA-2009:1694) を追加 [2010年02月26日] 影響を受けるシステム：OpenOffice.org (CVE-2009-0217) の情報を追加ベンダ情報：OpenOffice.org (CVE-2009-0217) を追加 [2010年07月01日] 影響を受けるシステム：マイクロソフト (MS10-035) の情報を追加ベンダ情報：マイクロソフト (MS10-035) を追加ベンダ情報：マイクロソフト (MS10-035e) を追加ベンダ情報：富士通 (TA10-159B) を追加 [2010年07月22日] 影響を受けるシステム：オラクル (cpujul2010) の情報を追加ベンダ情報：オラクル (cpujul2010) を追加ベンダ情報：オラクル (100716_91) を追加	2018年2月17日10:37

構成1	以上	以下	より上	未満
cpe:2.3:a:ibm:websphere_application_server:6.0:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.9:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.11:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.13:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.15:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.1.17:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2::fp17:::::
cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.33:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.8:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.10:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.14:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.16:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.18:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.20:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.22:::::::*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:::::::*
cpe:2.3:a:ibm:websphere_application_server:7.0:::::::*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:::::::*
cpe:2.3:a:mono_project:mono:1.2.1:::::::*
cpe:2.3:a:mono_project:mono:1.2.2:::::::*
cpe:2.3:a:mono_project:mono:1.2.3:::::::*
cpe:2.3:a:mono_project:mono:1.2.4:::::::*
cpe:2.3:a:mono_project:mono:1.2.5:::::::*
cpe:2.3:a:mono_project:mono:1.2.6:::::::*
cpe:2.3:a:mono_project:mono:1.9:::::::*
cpe:2.3:a:mono_project:mono:2.0:::::::*
cpe:2.3:a:oracle:application_server:10.1.2.3:::::::*
cpe:2.3:a:oracle:application_server:10.1.3.4:::::::*
cpe:2.3:a:oracle:application_server:10.1.4.3im:::::::*
cpe:2.3:a:oracle:bea_product_suite:8.1:sp6::::::
cpe:2.3:a:oracle:bea_product_suite:9.0:::::::*
cpe:2.3:a:oracle:bea_product_suite:9.1:::::::*
cpe:2.3:a:oracle:bea_product_suite:9.2:mp3::::::
cpe:2.3:a:oracle:bea_product_suite:10.0:mp1::::::
cpe:2.3:a:oracle:bea_product_suite:10.3:::::::*
cpe:2.3:a:oracle:weblogic_server_component:8.1:sp6::::::
cpe:2.3:a:oracle:weblogic_server_component:9.0:::::::*
cpe:2.3:a:oracle:weblogic_server_component:9.1:::::::*
cpe:2.3:a:oracle:weblogic_server_component:9.2:mp3::::::
cpe:2.3:a:oracle:weblogic_server_component:10.0:mp1::::::
cpe:2.3:a:oracle:weblogic_server_component:10.3:::::::*