Guest

Preview Tool

Cisco Bug: CSCuq75488 - OpenSSL vulnerabilities found in CDN

Last Modified

Feb 10, 2017

Products (1)

  • Cisco Content Delivery Engine Series

Known Affected Releases

4.0(0)

Description (partial)

Symptom:
Below OpenSSL vulnerabilities issues are found in CDN.


1, Open SSL multiple remote sec vulnerabilities.
QID 38602
CVE-2014-0224 , 0221, 0195, 0198, 0076

This exists on port 8089 when enabling splunk export function.

2, SSL/TLS compression algorithm leakage
QID 38599
CVE-2012-4929

This exists on port 8089 when enabling splunk export function.
This also exists on port 443.

3, SSL SSLv2 enabled vulnerability
QID 38139

This exists on port 8089 when enabling splunk export function.

Conditions:
When enabling Splunk Export function, #1, #2, #3 vulnerabilities issues exist on port 8089.
#2 issue always exist on port 443.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.