반품
-
제목
CVE-2011-3389 - SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST) -
설명
CVE-2011-3389 - SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)
Is TPAM susceptible to the BEAST vulnerability? -
해결 방안
A BEAST attack is a client-side (web browser) attack based on rendering Web pages and executing JavaScript on them. The issue should be mitigated client side by using up an up to date browser.
The only known mitigation from the Web server side is to use RC4 or allow only TLS 1.1/1.2. Due to weaknesses in RC4, this is not a valid mitigation and RC4 ciphers are disabled from 2.5.915.CVE-2013-2566 RC4 - Plaintext-Recovery Issue (135497)
The ability to only allow TLS 1.1 & 1.2 has been added in 2.5.920 and above, more information can be found in KB 212744 -
변경 요청
BFER 7896