10 Replies Latest reply on Feb 2, 2018 10:05 AM by mvw

    Return Of Bleichenbacher's Oracle Threat (ROBOT) Information Disclosure

    jmmd

      Our security scan identified this issue on our SAM server.  The scan uses port 5671. Is there an update/patch for this issue or is there a way to resolve this on the SAM server?

       

      Additional information:

      The remote host is affected by an information disclosure vulnerability. The SSL/TLS service supports RSA key exchanges, and incorrectly leaks whether or not the RSA key exchange sent by a client was correctly formatted. This information can allow an attacker to decrypt previous SSL/TLS sessions or impersonate the server.

       

      CVE-2012-5081

      CVE-2017-6168

      CVE-2017-1000385

      CVE-2017-17382

      CVE-2017-17427

      CVE-2017-17428

      CVE-2017-12373

      CVE-2017-13098

      CVE-2017-13099

      CVE-2016-6883