[seam-dev] Fwd: JSF security issue
Shane Bryzak
sbryzak at redhat.com
Wed Jun 9 07:03:22 EDT 2010
Is this something that requires our attention?
-------- Original Message --------
Subject: JSF security issue
Date: Wed, 09 Jun 2010 06:52:04 -0400
From: Chris Bredesen <cbredesen at redhat.com>
To: jboss-support-jsf at redhat.com
Y'all see this yet?
-------- Original Message --------
Subject: FYI: JSF Known Issue
Date: Tue, 8 Jun 2010 11:35:41 -0400
From: Steve 'Ashcrow' Milner<smilner at redhat.com>
To: Chris Bredesen<cbredesen at redhat.com>
http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/
"The researchers tested the attack in JavaServer Faces implemented
into the Apache webserver, as well as Sun's Mojarra. They said many
other implementations are also likely to be vulnerable."
--
kthxbye!
Steve 'Ashcrow' Milner
Agent of Infosec
RHCE:
https://www.redhat.com/training/certification/verify/?certno=805009277242449
ITIL Foundation: c.721843
IRC: ashcrow
GnuPG ID: 28DFD4BE
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT/MU/O d-- s:+> a- C+++$ UBL+++$ P++@ L+++$>++++ !E--> W+++$ !N-
!o K--? !w-- !O- M- !V- PS PE+ Y+ PGP+++ t+ !5 !X R tv+ b+>++ DI+ !D-
G e h !r>+++ y?
------END GEEK CODE BLOCK------
"In the heat of conversation I may have said certain things I believe
to be untrue. The alleged lie that you might have heard me saying
allegedly moments ago ... that's a parasite that lives in my neck."
-- Tad Ghostal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/seam-dev/attachments/20100609/643bd189/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Attached Message Part
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/seam-dev/attachments/20100609/643bd189/attachment.bin
More information about the seam-dev
mailing list