oss-sec mailing list archives
Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi
From: Josh Bressers <bressers () redhat com>
Date: Tue, 14 Sep 2010 15:36:53 -0400 (EDT)
I've assgiend two. The details are quite vague unfortunately. CVE-2010-3299 padding oracle attack: ruby on rails 2.3 CVE-2010-3300 padding oracle attack: owasp esapi Thanks. -- JB ----- "Thomas Biege" <thomas () suse de> wrote:
Hi, the paper [1], about practical padding oracle attacks mentions some programming frameworks as vulnerable (section 5): - Ruby On ails 2.3 - OWASP ESAPI I think they both need a CVE-ID. Thanks. Cheers Thomas [1] http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Current thread:
- CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 14)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Josh Bressers (Sep 14)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Michael Koziarski (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Steven M. Christey (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Michael Koziarski (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Josh Bressers (Sep 14)