<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><br></div><div>It looks like this only affects apps that use encrypted client side state saving? </div><div><br></div><div>Stuart</div><br><div><div>On 09/06/2010, at 9:03 PM, Shane Bryzak wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<div text="#000000" bgcolor="#ffffff">
Is this something that requires our attention?<br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">Subject: </th>
<td>JSF security issue</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">Date: </th>
<td>Wed, 09 Jun 2010 06:52:04 -0400</td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">From: </th>
<td>Chris Bredesen <a class="moz-txt-link-rfc2396E" href="mailto:cbredesen@redhat.com"><cbredesen@redhat.com></a></td>
</tr>
<tr>
<th nowrap="nowrap" valign="BASELINE" align="RIGHT">To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:jboss-support-jsf@redhat.com">jboss-support-jsf@redhat.com</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<pre>Y'all see this yet?
-------- Original Message --------
Subject: FYI: JSF Known Issue
Date: Tue, 8 Jun 2010 11:35:41 -0400
From: Steve 'Ashcrow' Milner <a class="moz-txt-link-rfc2396E" href="mailto:smilner@redhat.com"><smilner@redhat.com></a>
To: Chris Bredesen <a class="moz-txt-link-rfc2396E" href="mailto:cbredesen@redhat.com"><cbredesen@redhat.com></a>
<a class="moz-txt-link-freetext" href="http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/">http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/</a>
"The researchers tested the attack in JavaServer Faces implemented
into the Apache webserver, as well as Sun's Mojarra. They said many
other implementations are also likely to be vulnerable."
--
kthxbye!
Steve 'Ashcrow' Milner
Agent of Infosec
RHCE:
<a class="moz-txt-link-freetext" href="https://www.redhat.com/training/certification/verify/?certno=805009277242449">https://www.redhat.com/training/certification/verify/?certno=805009277242449</a>
ITIL Foundation: c.721843
IRC: ashcrow
GnuPG ID: 28DFD4BE
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT/MU/O d-- s:+> a- C+++$ UBL+++$ P++@ L+++$>++++ !E--> W+++$ !N-
!o K--? !w-- !O- M- !V- PS PE+ Y+ PGP+++ t+ !5 !X R tv+ b+>++ DI+ !D-
G e h !r>+++ y?
------END GEEK CODE BLOCK------
"In the heat of conversation I may have said certain things I believe
to be untrue. The alleged lie that you might have heard me saying
allegedly moments ago ... that's a parasite that lives in my neck."
-- Tad Ghostal
</pre>
</div>
<span><Attached Message Part></span>_______________________________________________<br>seam-dev mailing list<br><a href="mailto:seam-dev@lists.jboss.org">seam-dev@lists.jboss.org</a><br>https://lists.jboss.org/mailman/listinfo/seam-dev<br></blockquote></div><br></body></html>