Consulter notre FAQ
{"searchBar":{"inputPlaceholder":"Rechercher par mot-clé ou poser une question","searchBtn":"Rechercher","error":"Veuillez saisir un mot-clé pour effectuer une recherche"}}Is PowerChute Vulnerable to CVE-2011-3389?
Issue:
PowerChute is being flagged as Vulnerable to BEAST SSL security issue.
Products:
PowerChute Business Edition 9.1.0, 9.1.1
PowerChute Network Shutdown versions 3.0.0, 3.0.1, 3.1
Environment:
All supported OS
Cause:
**The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Solution:
Upgrade PowerChute Business Edition to version 9.5 or above
Upgrade PowerChute Network Shutdown to version 4.x
Or
Upgrade browser to use a version that allows for TLS 1.2 support - disable SSL 2.0/3.0 and TLS 1.0/1.1 when accessing PowerChute UI.
** Information provided by National Vulnerability Database http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
PowerChute is being flagged as Vulnerable to BEAST SSL security issue.
Products:
PowerChute Business Edition 9.1.0, 9.1.1
PowerChute Network Shutdown versions 3.0.0, 3.0.1, 3.1
Environment:
All supported OS
Cause:
**The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Solution:
Upgrade PowerChute Business Edition to version 9.5 or above
Upgrade PowerChute Network Shutdown to version 4.x
Or
Upgrade browser to use a version that allows for TLS 1.2 support - disable SSL 2.0/3.0 and TLS 1.0/1.1 when accessing PowerChute UI.
** Information provided by National Vulnerability Database http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
Published for:APC France
Cela vous a-t-il été utile ?
En savoir plus
Catégorie :
En savoir plus
Catégorie :