Cisco content switch SSL vulnerability

Published: 2005-09-08
Last Updated: 2005-09-09 12:39:33 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
Cisco announced a vulnerability in the 11500 and 11501 content switches with the optional SSL module.

The scope appears to be limited. You must be using certificate authentication and the CSS must be the SSL server. In the affected cases if ssl fails to renegotiate a session at the appropriate time it may be possible to bypass authentication. Those using SSL are strongly encouraged to upgrade as soon as possible.
0 comment(s)


Diary Archives