Statements (101)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:currency
|
| gptkbp:bfsLayer |
3
|
| gptkbp:bfsParent |
gptkb:public_transportation_system
gptkb:SSL/_TLS |
| gptkbp:affects |
TLS 1.0
|
| gptkbp:can_lead_to |
data theft
|
| gptkbp:discovered_by |
gptkb:Ralf-Philipp_Weinmann
Thai Duong |
| gptkbp:first_introduced |
gptkb:2011
|
| https://www.w3.org/2000/01/rdf-schema#label |
BEAST attack
|
| gptkbp:involves |
cipher block chaining (CBC) mode
|
| gptkbp:is_a |
gptkb:historical_event
gptkb:software gptkb:terrorist_attack web security vulnerability web security community web security strategy web security landscape active attack web security advocacy security exploit web application vulnerability SSL/ TLS vulnerability cryptographic vulnerability data authenticity attack data confidentiality attack data integrity attack encryption attack encryption vulnerability information security threat internet security threat man-in-the-browser attack network security threat passive attack protocol attack session hijacking attack transport layer security vulnerability session fixation attack session management vulnerability session replay attack web application security issue web security analysis web security architecture web security assessment web security attack web security audit web security awareness web security breach web security certification web security challenge web security collaboration web security compliance web security concern web security context web security danger web security development web security ecosystem web security education web security environment web security evaluation web security exploit web security flaw web security framework web security guideline web security incident web security innovation web security measure web security monitoring web security network web security outreach web security partnership web security practice web security problem web security reporting web security research web security review web security risk web security solution web security standard web security technology web security testing web security threat web security threat model web security tool web security training |
| gptkbp:is_considered |
a serious vulnerability
|
| gptkbp:is_effective_against |
TLS 1.2
|
| gptkbp:is_part_of |
web security vulnerabilities
|
| gptkbp:is_protected_by |
HTTP Strict Transport Security (HSTS)
using TLS 1.1 or higher using secure coding practices |
| gptkbp:is_related_to |
padding oracle attack
|
| gptkbp:is_similar_to |
CRIME attack
|
| gptkbp:is_used_in |
attacking HTTPS connections
|
| gptkbp:is_vulnerable_to |
gptkb:currency
|
| gptkbp:presented_by |
gptkb:Black_Hat_USA_2011
|
| gptkbp:requires |
Java Script execution
|
| gptkbp:skills |
session cookies
|
| gptkbp:targets |
secure web communications
|
| gptkbp:type_of |
man-in-the-middle attack
|
| gptkbp:uses |
chosen-plaintext attack
|