[26641] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

TinySSL Vendor Statement: Basic Constraints Vulnerability

daemon@ATHENA.MIT.EDU (Adam Megacz)
Mon Aug 12 19:50:20 2002

To: bugtraq@securityfocus.com
From: Adam Megacz <adam@xwt.org>
Date: 10 Aug 2002 20:28:25 -0700
Message-ID: <86sn1m6ply.fsf@megacz.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

TinySSL is an open source, compact (125k jar), SSLv3 client
implementation written in Java (1.1+). Version 1.02 and earlier is
vulnerable to the attack posted last week by Mike Benham:

    http://online.securityfocus.com/archive/1/286290

An updated version (1.03) has been posted which fixes this
vulnerability; it is currently available from the XWT project's CVS
repository, which is the official distribution point for TinySSL.

More information can be found at http://www.xwt.org/tinyssl/

  - a

-- 
Sick of HTML user interfaces?
www.xwt.org

Amendment XXVIII: "thou shalt maximize thy stock price at all costs"


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[26641] in bugtraq

TinySSL Vendor Statement: Basic Constraints Vulnerability

daemon@ATHENA.MIT.EDU (Adam Megacz)Mon Aug 12 19:50:20 2002

daemon@ATHENA.MIT.EDU (Adam Megacz)
Mon Aug 12 19:50:20 2002