Apache XML Security Information for VU#466161
XML signature HMAC truncation authentication bypass
- Vendor Information Help Date Notified:
- Statement Date: 10 Jul 2009
- Date Updated: 14 Jul 2009
No statement is currently available from the vendor regarding this vulnerability.
The Apache XML Security Java implementation (http://santuario.apache.org) is affected. The vulnerability will be fixed in version 1.4.3. The final release of version 1.4.3 is targeted for mid-late July. Please subscribe to the mailing
list (http://santuario.apache.org/mail-lists.html) for more details.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.