SYMC: SSL BEAST vulnerability
Bug #1476432 reported by
Varun Lodaya
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R2.0 |
Fix Committed
|
Medium
|
Varun Lodaya | |||
R2.1 |
Fix Committed
|
Medium
|
Varun Lodaya | |||
R2.20 |
Fix Committed
|
Medium
|
Varun Lodaya | |||
R3.0 |
Fix Committed
|
Medium
|
Varun Lodaya | |||
R3.1 |
Fix Committed
|
Medium
|
Varun Lodaya | |||
Trunk |
Fix Committed
|
Medium
|
Varun Lodaya | |||
OpenContrail |
Fix Committed
|
Medium
|
Varun Lodaya |
Bug Description
Cigital observed that the application server is vulnerable to BEAST attack. Publicized on 2011-09-23. BEAST is a vulnerability in TLS 1.0 and SSL 3.0 which allows attackers who are able to inject JavaScript code into a browser to decrypt HTTPS traffic
Already disabled SSL 3.0 as a part of Bug #1475392. Need to disable TLSV1.0 too.
Changed in opencontrail: | |
assignee: | nobody → Varun Lodaya (varun-lodaya) |
importance: | Undecided → Medium |
tags: | added: lbaas |
summary: |
- SSL BEAST vulnerability + SYMC: SSL BEAST vulnerability |
Changed in opencontrail: | |
status: | New → Fix Committed |
To post a comment you must log in.
Review in progress for https:/ /review. opencontrail. org/12499
Submitter: Varun Lodaya (<email address hidden>)