Summary: | bugzilla server is vulnerable to critical HTTPS protocol attacks | ||
---|---|---|---|
Product: | Infrastructure | Reporter: | Konstantin A Lepikhov (L.A. Kostis) <lakostis> |
Component: | bugzilla.altlinux.org | Assignee: | Andrey Cherepanov <cas> |
Status: | CLOSED FIXED | QA Contact: | Andrey Cherepanov <cas> |
Severity: | blocker | ||
Priority: | P3 | CC: | glebfm, ldv, mike |
Version: | unspecified | ||
Hardware: | all | ||
OS: | Linux | ||
URL: | https://www.ssllabs.com/ssltest/analyze.html?d=bugzilla.altlinux.org |
Description
Konstantin A Lepikhov (L.A. Kostis)
2015-08-06 01:44:07 MSK
bugzilla server чему только не vulnerable. Вынес https:// в отдельный контейнер от греха подальше. "Кэширую" текущий ответ по ссылке (т.к. тест небыстрый): Overall Rating: T If trust issues are ignored: B This server's certificate is not trusted, see below for details. This server's certificate chain is incomplete. Grade capped to B. This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. This server supports HTTP Strict Transport Security with long duration. |