SYMSA1029

SA12 : OpenSSL Vulnerability

Last Updated September 30, 2003

Initial Publication Date September 30, 2003

Status: Closed
Severity: High
CVSS Base Score:

Some Blue Coat Products use versions of OpenSSL that are vulnerable to an attack based on malformed client certificates. The attacks can be aimed at any service on the appliance that is terminating (acting as a host for) an SSL connection. The vulnerabilities are such that disabling client certificates does not prevent the attack.

A successful attack will result in a restart of CA/SA and SG appliances, which can lead to a denial of service situation.

Restricting access to the secure management console port to trusted IP addresses may reduce exposure.

https://www.openssl.org/news/secadv/20030930.txt

SA12

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

SA12 : OpenSSL Vulnerability

Summary

Issues

Mitigation

References

Legacy ID

Was this Article Helpful?

SA12 : OpenSSL Vulnerability

Summary

Issues

Mitigation

References

Legacy ID

Subscribe To This Article

Related Products

Was this Article Helpful?