CVE-2011-3389 - SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST) (4250554)

Converse agora com nosso suporte

Voltar

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Título

CVE-2011-3389 - SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)
Descrição

CVE-2011-3389 - SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)

Is TPAM susceptible to the BEAST vulnerability?
Resolução

A BEAST attack is a client-side (web browser) attack based on rendering Web pages and executing JavaScript on them. The issue should be mitigated client side by using up an up to date browser.

The only known mitigation from the Web server side is to use RC4 or allow only TLS 1.1/1.2. Due to weaknesses in RC4, this is not a valid mitigation and RC4 ciphers are disabled from 2.5.915.

CVE-2013-2566 RC4 - Plaintext-Recovery Issue (135497)
https://support.quest.com/kb/135497

The ability to only allow TLS 1.1 & 1.2 has been added in 2.5.920 and above, more information can be found in KB 212744
Solicitação de alteração

BFER 7896

Feedback enviado

Este artigo resolveu um problema para você?

Selecione a classificação

Conteúdo recomendado

Título