oss-sec mailing list archives

CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi

From: Thomas Biege <thomas () suse de>
Date: Tue, 14 Sep 2010 17:23:40 +0200

Hi,
the paper [1], about practical padding oracle attacks
mentions some programming frameworks as vulnerable (section 5):
- Ruby On ails 2.3
- OWASP ESAPI

I think they both need a CVE-ID. Thanks.

Cheers
Thomas

[1] http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf


-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

Current thread:

CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 14)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Josh Bressers (Sep 14)
  - Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 21)
    - Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Michael Koziarski (Sep 21)
    - Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Steven M. Christey (Sep 21)
    - Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Michael Koziarski (Sep 21)