[Bug 54324] New: Support is required to disable TLS compression to prevent against CRIME attacks

bugzilla Tue, 18 Dec 2012 13:51:38 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=54324


            Bug ID: 54324
           Summary: Support is required to disable TLS compression to
                    prevent against CRIME attacks
           Product: Tomcat Native
           Version: 1.1.24
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Library
          Assignee: dev@tomcat.apache.org
          Reporter: hemani.ma...@gmail.com
    Classification: Unclassified

Support is required to disable TLS compression to prevent against CRIME
attacks. 

Please see:
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls

This security issue is flagged for Tomcat during PCI compliance scan.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 54324] New: Support is required to disable TLS compression to prevent against CRIME attacks

Reply via email to