It looks like this only affects apps that use encrypted client side state saving?
Stuart On 09/06/2010, at 9:03 PM, Shane Bryzak wrote: > Is this something that requires our attention? > > -------- Original Message -------- > Subject: JSF security issue > Date: Wed, 09 Jun 2010 06:52:04 -0400 > From: Chris Bredesen <[email protected]> > To: [email protected] > > Y'all see this yet? > > -------- Original Message -------- > Subject: FYI: JSF Known Issue > Date: Tue, 8 Jun 2010 11:35:41 -0400 > From: Steve 'Ashcrow' Milner <[email protected]> > To: Chris Bredesen <[email protected]> > > http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/ > > "The researchers tested the attack in JavaServer Faces implemented > into the Apache webserver, as well as Sun's Mojarra. They said many > other implementations are also likely to be vulnerable." > > -- > kthxbye! > Steve 'Ashcrow' Milner > Agent of Infosec > RHCE: > https://www.redhat.com/training/certification/verify/?certno=805009277242449 > ITIL Foundation: c.721843 > IRC: ashcrow > GnuPG ID: 28DFD4BE > > -----BEGIN GEEK CODE BLOCK----- > Version: 3.1 > GCS/IT/MU/O d-- s:+> a- C+++$ UBL+++$ P++@ L+++$>++++ !E--> W+++$ !N- > !o K--? !w-- !O- M- !V- PS PE+ Y+ PGP+++ t+ !5 !X R tv+ b+>++ DI+ !D- > G e h !r>+++ y? > ------END GEEK CODE BLOCK------ > > "In the heat of conversation I may have said certain things I believe > to be untrue. The alleged lie that you might have heard me saying > allegedly moments ago ... that's a parasite that lives in my neck." > -- Tad Ghostal > > > <Attached Message Part>_______________________________________________ > seam-dev mailing list > [email protected] > https://lists.jboss.org/mailman/listinfo/seam-dev
_______________________________________________ seam-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/seam-dev
