Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.105400 |
Categoría: | F5 Local Security Checks |
Título: | F5 BIG-IP - OpenSSL vulnerability CVE-2010-4252 |
Resumen: | The remote host is missing a security patch. |
Descripción: | Summary: The remote host is missing a security patch. Vulnerability Insight: OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. (CVE-2010-4252) Vulnerability Impact: F5 products do not use J-PAKE in supported configurations. Solution: See the referenced vendor advisory for a solution. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4252 BugTraq ID: 45163 http://www.securityfocus.com/bid/45163 HPdes Security Advisory: HPSBOV02670 http://marc.info/?l=bugtraq&m=130497251507577&w=2 HPdes Security Advisory: HPSBUX02638 http://marc.info/?l=bugtraq&m=129916880600544&w=2 HPdes Security Advisory: SSRT100339 HPdes Security Advisory: SSRT100475 http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf https://github.com/seb-m/jpake https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19039 http://securitytracker.com/id?1024823 http://secunia.com/advisories/42469 http://secunia.com/advisories/57353 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 http://www.vupen.com/english/advisories/2010/3120 http://www.vupen.com/english/advisories/2010/3122 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |