oss-sec mailing list archives
Re: SSL BREACH
From: cve-assign () mitre org
Date: Tue, 6 Aug 2013 20:11:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I assume this will get handled like CVE-2009-3555? http://threatpost.com/breach-compression-attack-steals-https-secrets-in-under-30-seconds/101579 http://it.slashdot.org/story/13/08/05/233216 https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
MITRE has looked at this in some depth but has not yet decided whether this can be treated as a vulnerability in a protocol, with one CVE shared across every product. We do realize that http://www.kb.cert.org/vuls/id/987798 currently contains one CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (SunOS) iQEcBAEBAgAGBQJSAY/9AAoJEGvefgSNfHMd2k0IAKtQ4ZLWL5JfnOF0VW3qJroT kzQjFCI+MNWkw6TcyXpyq36ZKJSZ9C1ANudGPPnaPT2XbMRgd4T5yQUKextCYf01 getOOJZkY1vp5A52ujG7pcYNB2a+DP1O/LinPQvdp3TGrbWdOuRixzQ/AMKcbKrp AXTajRsLJmMbtjJ95n9XF3ie+fT1QdW02YyzDMmT5UiRJtDJQV9RbFAW+9J+iuw9 OP43uxwXtf50zFsU6OffNSlQNHoGQqD9NB17YFxjZvL4swg1P1YyQn6IIsOXzze3 gPNmL/PT27x4d/zr001idedzZtAsfpN60WudPZggQRvmzZyTC2E2Nct5Fy4P6Xg= =yr5Z -----END PGP SIGNATURE-----
Current thread:
- SSL BREACH Kurt Seifried (Aug 06)
- Re: SSL BREACH cve-assign (Aug 06)
- Re: SSL BREACH Stefan Fritsch (Aug 16)
- Re: SSL BREACH cve-assign (Sep 23)
- Re: SSL BREACH cve-assign (Aug 06)