Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Is the LoadMaster vulnerable to CVE-2011-1473 and CVE-2011-5094

 

Information

 

Summary:

CVE-2011-1473 and CVE-2011-5094 are openssl vulnerabilities that can utilizes openssl's SSL renegotiation feature to cause a Denial-of-Service attack (DDoS) 

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

Is the LoadMaster exposed to vulnerabilities CVE-2011-1473 and CVE-2011-5094 for openssl.

Steps to Reproduce:

Run a security scan against a HTTP/HTTPS virtual service that is hosted on the LoadMaster with SSL renegotiation enabled.

Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

For a list of known vulnerabilities and whether the LoadMaster is affected by them please refer to the following link.

 

CVE-2011-1473:

For more in information about this vulnerability please see this link.

 

CVE-2011-5094:

For more in information about this vulnerability please see this link.

 

LoadMaster in relation to CVE-2011-1473 (listed as disputed in the CVE):
By default, the LoadMaster is not vulnerable to this exploit since renegotiation is disabled by default in firmware versions 7.2.55 and above.

 

If you enable renegotiation on LM, you may need to configure your back-end servers properly to limit renegotiation.

 

SSL Renegotiation can be enabled/disabled by going to:

Certificates & Security --> SSL Options --> Enable/Disable SSL Renegotiate


LoadMaster in relation to CVE-2011-5094 (listed as disputed in the CVE):
The LoadMaster is not vulnerable because it does not utilize Mozilla NSS.

 

Workaround:  
Notes:

LoadMaster Vulnerabilities page

CVE-2011-1473

CVE-2011-5094


Comments