re: #29 darthstar
I went to our IT department, was told it didn’t affect us. I checked three of our customer facing secure applications, and one of them was, in fact, vulnerable.
Make that two out of four sites - just remembered a pay gateway…but nobody would want to hack a site with ‘pay’ in the url.