Cyberoam UTM自签名证书漏洞


发布日期:2012-07-11
更新日期:2012-07-12

受影响系统:
cyberoam Cyberoam UTM
描述:
--------------------------------------------------------------------------------
CVE ID: CVE-2012-3372

Cyberoam Unified Threat Management可为家庭办公和远程分支办公提供的网络安全诊断操作。

Cyberoam UTM在多个设备上使用了同一个自签名和密钥的证书,中间人攻击者通过欺骗另一个 Cyberoam UTM设备截取和泄露加密的流量。

<*来源:Runa A
 
  链接:http://secunia.com/advisories/49799/
        https://media.torproject.org/misc/2012-07-03-cyberoam-CVE-2012-3372.txt
        http://blog.cyberoam.com/2012/07/cyberoam%E2%80%99s-proactive-steps-in-https-deep-scan-inspection/
        http://blog.cyberoam.com/2012/07/ssl-bridging-cyberoam-approach/
*>

建议:
--------------------------------------------------------------------------------
厂商补丁:

cyberoam
--------
cyberoam已经为此发布了一个安全公告
(cyberoam’s-proactive-steps-in-https-deep-scan-inspection)
以及相应补丁:
cyberoam’s-proactive-steps-in-https-deep-scan-inspection:Cyberoam’s Proactive Steps in HTTPS Deep Scan Inspection

链接:http://blog.cyberoam.com/2012/07/cyberoam%E2%80%99s-proactive-steps-in-https-deep-scan-inspection/

相关内容

    暂无相关文章