Preview Tool

Cisco Bug: CSCus76808 - Fix usage of SSL in JAVA to address poodle vulnerability - RTMT

Last Modified

Dec 21, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(2.10000.5) 9.1(2.10000.28)

Description (partial)

Poodle vulnerability needs to be fixed on the CUCM Java applications using SSLSocket and SSLSocketFactory

The instances of usage of SSLSockets leading to usage of SSLv3  , specific to the alert-coll-report component code.

SSLSockets and SSLSocket Factory can use SSLv3 protocol which is enabled by default . alert-coll-report client code has instances of  this. So, usage of these in the code could result in usage of this protocol . It is advised to restrict the use of SSLV3 protocol to address the poodle vulnerability.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.