oss-sec mailing list archives
CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi
From: Thomas Biege <thomas () suse de>
Date: Tue, 14 Sep 2010 17:23:40 +0200
Hi, the paper [1], about practical padding oracle attacks mentions some programming frameworks as vulnerable (section 5): - Ruby On ails 2.3 - OWASP ESAPI I think they both need a CVE-ID. Thanks. Cheers Thomas [1] http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Current thread:
- CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 14)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Josh Bressers (Sep 14)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Michael Koziarski (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Steven M. Christey (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Michael Koziarski (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Josh Bressers (Sep 14)