Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-11-03 23:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Downgrade BREACH attack to MEDIUM severity (as it depends on many things)

Browse Source
This commit is contained in:
Ondřej Surý
2017-04-25 16:17:43 +02:00
parent 3fe0975f27
commit 3d2666ab79
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
testssl.sh
View File

@@ -9548,7 +9548,7 @@ run_breach() {
pr_svrty_high "potentially NOT ok, uses $result HTTP compression." pr_svrty_high "potentially NOT ok, uses $result HTTP compression."
outln "$disclaimer" outln "$disclaimer"
outln "$spaces$when_makesense" outln "$spaces$when_makesense"
fileout "breach" "HIGH" "BREACH: potentially VULNERABLE, uses $result HTTP compression. $disclaimer ($when_makesense)" "$cve" "$cwe" "$hint" fileout "breach" "MEDIUM" "BREACH: potentially VULNERABLE, uses $result HTTP compression. $disclaimer ($when_makesense)" "$cve" "$cwe" "$hint"
ret=1 ret=1
fi fi
# Any URL can be vulnerable. I am testing now only the given URL! # Any URL can be vulnerable. I am testing now only the given URL!