Is the LoadMaster vulnerable to CVE-2011-1473 and CVE-2011-5094
Information
Summary: |
CVE-2011-1473 and CVE-2011-5094 are openssl vulnerabilities that can utilizes openssl's SSL renegotiation feature to cause a Denial-of-Service attack (DDoS) |
Environment: |
Product: LoadMaster Version: Any Platform: Any Application: Any |
Question/Problem Description: |
Is the LoadMaster exposed to vulnerabilities CVE-2011-1473 and CVE-2011-5094 for openssl. |
Steps to Reproduce: |
Run a security scan against a HTTP/HTTPS virtual service that is hosted on the LoadMaster with SSL renegotiation enabled. |
Error Message: | |
Defect Number: | |
Enhancement Number: | |
Cause: | |
Resolution: |
For a list of known vulnerabilities and whether the LoadMaster is affected by them please refer to the following link.
CVE-2011-1473: For more in information about this vulnerability please see this link.
CVE-2011-5094: For more in information about this vulnerability please see this link.
LoadMaster in relation to CVE-2011-1473 (listed as disputed in the CVE):
If you enable renegotiation on LM, you may need to configure your back-end servers properly to limit renegotiation.
SSL Renegotiation can be enabled/disabled by going to: Certificates & Security --> SSL Options --> Enable/Disable SSL Renegotiate
|
Workaround: | |
Notes: |