Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 09:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revised risk for BREACH --> medium

Browse Source
This commit is contained in:
Dirk 2020-07-10 19:56:18 +02:00
parent e1b0f2d55f
commit d9866d875a
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
testssl.sh
View File

@ -14628,14 +14628,14 @@ run_breach() {
prln_warning ") "
ret=1
elif [[ -z $result ]]; then
pr_svrty_best "no HTTP compression (OK) "
pr_svrty_good "no HTTP compression (OK) "
outln "$disclaimer"
fileout "$jsonID" "OK" "not vulnerable, no HTTP compression $disclaimer" "$cve" "$cwe"
else
pr_svrty_high "potentially NOT ok, \"$result\" HTTP compression detected."
pr_svrty_medium "potentially NOT ok, \"$result\" HTTP compression detected."
outln "$disclaimer"
outln "$spaces$when_makesense"
fileout "$jsonID" "HIGH" "potentially VULNERABLE, $result HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
fileout "$jsonID" "MEDIUM" "potentially VULNERABLE, $result HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
fi
# Any URL can be vulnerable. I am testing now only the given URL!