CVE-2011-3389 - SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST) (4250554)

Chatta subito con l'assistenza

Restituisci

Feedback inviato

Questo articolo ti è servito per risolvere il problema?

Seleziona valutazione

Titolo

CVE-2011-3389 - SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)
Descrizione

CVE-2011-3389 - SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)

Is TPAM susceptible to the BEAST vulnerability?
Risoluzione

A BEAST attack is a client-side (web browser) attack based on rendering Web pages and executing JavaScript on them. The issue should be mitigated client side by using up an up to date browser.

The only known mitigation from the Web server side is to use RC4 or allow only TLS 1.1/1.2. Due to weaknesses in RC4, this is not a valid mitigation and RC4 ciphers are disabled from 2.5.915.

CVE-2013-2566 RC4 - Plaintext-Recovery Issue (135497)
https://support.quest.com/kb/135497

The ability to only allow TLS 1.1 & 1.2 has been added in 2.5.920 and above, more information can be found in KB 212744
Richiesta di modifica

BFER 7896

Feedback inviato

Questo articolo ti è servito per risolvere il problema?

Seleziona valutazione

Contenuti consigliati

Cronologia articoli:: Data di creazione: 2/23/2016
Ultimo aggiornamento: 5/7/2023

Titolo