Cisco content switch SSL vulnerability

Published: 2005-09-08
Last Updated: 2005-09-09 12:39:33 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
Cisco announced a vulnerability in the 11500 and 11501 content switches with the optional SSL module.
http://www.cisco.com/warp/public/707/cisco-sn-20050908-css.shtml

The scope appears to be limited. You must be using certificate authentication and the CSS must be the SSL server. In the affected cases if ssl fails to renegotiate a session at the appropriate time it may be possible to bypass authentication. Those using SSL are strongly encouraged to upgrade as soon as possible.
Keywords:
0 comment(s)

Comments


Diary Archives