<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">

</head>

<body text="#000000" bgcolor="#ffffff">

Is this something that requires our attention?<br>

<br>

-------- Original Message --------

<table class="moz-email-headers-table" cellpadding="0" cellspacing="0"

 border="0">

  <tbody>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">Subject: </th>

      <td>JSF security issue</td>

    </tr>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">Date: </th>

      <td>Wed, 09 Jun 2010 06:52:04 -0400</td>

    </tr>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">From: </th>

      <td>Chris Bredesen <a class="moz-txt-link-rfc2396E" href="mailto:cbredesen@redhat.com">&lt;cbredesen@redhat.com&gt;</a></td>

    </tr>

    <tr>

      <th nowrap="nowrap" valign="BASELINE" align="RIGHT">To: </th>

      <td><a class="moz-txt-link-abbreviated" href="mailto:jboss-support-jsf@redhat.com">jboss-support-jsf@redhat.com</a></td>

    </tr>

  </tbody>

</table>

<br>

<br>

<pre>Y'all see this yet?

-------- Original Message --------

Subject: FYI: JSF Known Issue

Date: Tue, 8 Jun 2010 11:35:41 -0400

From: Steve 'Ashcrow' Milner <a class="moz-txt-link-rfc2396E" href="mailto:smilner@redhat.com">&lt;smilner@redhat.com&gt;</a>

To: Chris Bredesen <a class="moz-txt-link-rfc2396E" href="mailto:cbredesen@redhat.com">&lt;cbredesen@redhat.com&gt;</a>

<a class="moz-txt-link-freetext" href="http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/">http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/</a>

"The researchers tested the attack in JavaServer Faces implemented

into the Apache webserver, as well as Sun's Mojarra. They said many

other implementations are also likely to be vulnerable."

-- 

kthxbye!

Steve 'Ashcrow' Milner

Agent of Infosec

RHCE: 

<a class="moz-txt-link-freetext" href="https://www.redhat.com/training/certification/verify/?certno=805009277242449">https://www.redhat.com/training/certification/verify/?certno=805009277242449</a>

ITIL Foundation: c.721843

IRC: ashcrow

GnuPG ID: 28DFD4BE

-----BEGIN GEEK CODE BLOCK-----

Version: 3.1

GCS/IT/MU/O d-- s:+&gt; a- C+++$ UBL+++$ P++@ L+++$&gt;++++ !E--&gt; W+++$ !N-

!o K--? !w-- !O- M- !V- PS PE+ Y+ PGP+++ t+ !5 !X R tv+ b+&gt;++ DI+ !D-

G e h !r&gt;+++ y?

------END GEEK CODE BLOCK------

"In the heat of conversation I may have said certain things I believe

to be untrue. The alleged lie that you might have heard me saying

allegedly moments ago ... that's a parasite that lives in my neck."

      -- Tad Ghostal

</pre>

</body>

</html>