SYMC: SSL BEAST vulnerability

Bug #1476432 reported by Varun Lodaya
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R2.0
Fix Committed
Medium
Varun Lodaya
R2.1
Fix Committed
Medium
Varun Lodaya
R2.20
Fix Committed
Medium
Varun Lodaya
R3.0
Fix Committed
Medium
Varun Lodaya
R3.1
Fix Committed
Medium
Varun Lodaya
Trunk
Fix Committed
Medium
Varun Lodaya
OpenContrail
Fix Committed
Medium
Varun Lodaya

Bug Description

Cigital observed that the application server is vulnerable to BEAST attack. Publicized on 2011-09-23. BEAST is a vulnerability in TLS 1.0 and SSL 3.0 which allows attackers who are able to inject JavaScript code into a browser to decrypt HTTPS traffic

Already disabled SSL 3.0 as a part of Bug #1475392. Need to disable TLSV1.0 too.

Tags: lbaas
Changed in opencontrail:
assignee: nobody → Varun Lodaya (varun-lodaya)
importance: Undecided → Medium
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/12499
Submitter: Varun Lodaya (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.1

Review in progress for https://review.opencontrail.org/12501
Submitter: Varun Lodaya (<email address hidden>)

tags: added: lbaas
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.0

Review in progress for https://review.opencontrail.org/12517
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.1

Review in progress for https://review.opencontrail.org/12518
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.0

Review in progress for https://review.opencontrail.org/12517
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/12517
Committed: http://github.org/Juniper/contrail-controller/commit/87bc56e017798040074f0dcc7812df0e585e4339
Submitter: Zuul
Branch: R2.0

commit 87bc56e017798040074f0dcc7812df0e585e4339
Author: Rudra Rugge <email address hidden>
Date: Tue Jul 21 11:29:51 2015 -0700

SSL Poodle and Beast vulnerabilities

Fix for SSL Poodle and SSL Beast vulnerabilities

Change-Id: I2d90559c12be0b619a844ebb112709ebb0eddcdd
Closes-Bug: #1476432

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.20

Review in progress for https://review.opencontrail.org/12519
Submitter: Rudra Rugge (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/12519
Committed: http://github.org/Juniper/contrail-controller/commit/5cbcd185c371e68811aad27bb9b2f43af8de7cd9
Submitter: Zuul
Branch: R2.20

commit 5cbcd185c371e68811aad27bb9b2f43af8de7cd9
Author: Rudra Rugge <email address hidden>
Date: Tue Jul 21 11:29:51 2015 -0700

SSL Poodle and Beast vulnerabilities

Fix for SSL Poodle and SSL Beast vulnerabilities

Change-Id: I2d90559c12be0b619a844ebb112709ebb0eddcdd
Closes-Bug: #1476432

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/12518
Committed: http://github.org/Juniper/contrail-controller/commit/b1d45f1eef8959fbee91680d222ef15c7defe343
Submitter: Zuul
Branch: R2.1

commit b1d45f1eef8959fbee91680d222ef15c7defe343
Author: Rudra Rugge <email address hidden>
Date: Tue Jul 21 11:29:51 2015 -0700

SSL Poodle and Beast vulnerabilities

Fix for SSL Poodle and SSL Beast vulnerabilities

Change-Id: I2d90559c12be0b619a844ebb112709ebb0eddcdd
Closes-Bug: #1476432

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.22-dev

Review in progress for https://review.opencontrail.org/13927
Submitter: Vinay Vithal Mahuli (<email address hidden>)

summary: - SSL BEAST vulnerability
+ SYMC: SSL BEAST vulnerability
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Bug update]

bug update...

Rudra Rugge (rrugge)
Changed in opencontrail:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.