TinySSL Vendor Statement: Basic Constraints Vulnerability

From: Adam Megacz (adamat_private)
Date: Sat Aug 10 2002 - 20:28:25 PDT

Next message: TAKAGI, Hiromitsu: "CERN Proxy Server: Cross-Site Scripting Vulnerability"

Previous message: aleph1at_private: "Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TinySSL is an open source, compact (125k jar), SSLv3 client
implementation written in Java (1.1+). Version 1.02 and earlier is
vulnerable to the attack posted last week by Mike Benham:

    http://online.securityfocus.com/archive/1/286290

An updated version (1.03) has been posted which fixes this
vulnerability; it is currently available from the XWT project's CVS
repository, which is the official distribution point for TinySSL.

More information can be found at http://www.xwt.org/tinyssl/

  - a

-- 
Sick of HTML user interfaces?
www.xwt.org

Amendment XXVIII: "thou shalt maximize thy stock price at all costs"

Next message: TAKAGI, Hiromitsu: "CERN Proxy Server: Cross-Site Scripting Vulnerability"
Previous message: aleph1at_private: "Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 16:49:59 PDT