SA12 : OpenSSL Vulnerability

SA12 : OpenSSL Vulnerability

SYMSA1029 September 30th, 2003 https://www.symantec.com/docs/SYMSA1029
Support / SA12 : OpenSSL Vulnerability
Was this article helpful?

Thank you for your feedback!

Provide feedback on this article

Thank you for your feedback!
Print Article
Related Products
Subscribe to this Article
Manage your Subscriptions
Search Again
Security Advisory ID SYMSA1029

Initial Publication Date:
Advisory Status:
Advisory Severity:
Legacy ID

30 Sep 2003
Closed
High

SA12

Summary

Some Blue Coat Products use versions of OpenSSL that are vulnerable to an attack based on malformed client certificates. The attacks can be aimed at any service on the appliance that is terminating (acting as a host for) an SSL connection. The vulnerabilities are such that disabling client certificates does not prevent the attack.

Issues

A successful attack will result in a restart of CA/SA and SG appliances, which can lead to a denial of service situation.

Mitigation

Restricting access to the secure management console port to trusted IP addresses may reduce exposure.

References

https://www.openssl.org/news/secadv/20030930.txt

Legacy ID

SA12

Terms of use for this information are found in Legal Notices.

Translated Content

This is machine translated content

Didn't find the article you were looking for? Try these resources.

Supported Products A-Z

Get support for your product, with downloads, knowledge base articles, documentation, and more.

Education Services

Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.

Submit a Threat

Submit a suspected infected file to Symantec.

Submit a False Positive

Report a suspected erroneous detection (false positive).

Need Help with Endpoint Protection?

Set default language

Do you wish to save this as your future site?