We have published an accompanying blog post to this technical advisory with further information: German version with less technical details as an overview: http://ift.tt/2tsPaJc English version containing more detailed attack scenario descriptions: http://ift.tt/2uqz8N6 SEC Consult Vulnerability Lab Security Advisory < 20170630-0 > ======================================================================= title: Multiple critical vulnerabilities product: OSCI-Transport library 1.2 for German e-Government vulnerable version: 1.6.1 fixed version: 1.7.1 CVE number: CVE-2017-10668 (Padding Oracle) CVE-2017-10669 (Signature Wrapping) CVE-2017-10670 (XXE) impact: Critical homepage: http://www.xoev.de found: 01/2017 by: Wolfgang Ettlinger (Office Vienna) Marc Nimmerrichter (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich http://ift.tt/1mGHMNR ======================================================================= Vendor description:
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment