• Description of Fix
    		•

    Ibm® Sterling Connect: Direct




    Download 84,26 Kb.
    bet19/47
    Sana24.03.2021
    Hajmi84,26 Kb.
    #13516
    1   ...   15   16   17   18   19   20   21   22   ...   47
    Fix Availability Date: 26 March 2015

    High Impact: N

    Reported Severity: 5
    4.7.0.3_iFix004: RTC462325 / APAR IT08243 / CVE-2015-2808, CVE-2011-3389

    Description of Issue: CBC ciphers are vulnerable to CVE-2011-3389 (BEAST Attack). Previous recommendation to mitigate CVE-2011-3389 was to not use CBC ciphers. RC4 ciphers are vulnerable to CVE-2015-2808 (Bar Mitzvah Attack). Current recommendation to mitigate CVE-2015-2808 is to discontinue use of RC4 ciphers. However, the remaining available ciphers are generally CBC ciphers.

    Description of Fix: Fixed code to mitigate CVE-2011-3389 (BEAST Attack).

    Recommendation: Sterling Connect:Direct for Microsoft Windows by default disables the RC4 stream cipher. If you enabled the RC4 stream cipher you are exposed to the RC4 “Bar Mitzvah” Attack for SSL/TLS. IBM recommends that you review your entire environment to identify other areas where you have enabled the RC4 stream cipher and take appropriate mitigation and remediation actions.


    Download 84,26 Kb.
    1   ...   15   16   17   18   19   20   21   22   ...   47




    Download 84,26 Kb.