Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
23 Mar 2003 Closed High
Some Blue Coat Products use versions of OpenSSL that are vulnerable to an attack where unknown message types are not handled properly. The attacks can be aimed at any service on the appliance that is terminating (acting as a host for) an SSL connection.
A successful attack will result in a restart of CA/SA and SG appliances, which can lead to a denial of service situation.
Restricting access to the secure management console port to trusted IP addresses may reduce exposure.