• Support
  • Forums
  • Blogs

Security Advisory, AlienVault v4.12.1 addresses (1) vulnerability


AlienVault Employee
One important vulnerability was discovered and confirmed on all AlienVault v4.12 and lower devices.  AlienVault recommends that you install the v4.12.1 patch to resolve this vulnerability.

See the v4.12.1 patch release notice for details on the patch release.

Debian Security Update (DSA-3053-1)

AlienVault ID: ENG-97667
Description: A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
Debian Package: openssl
CVE ID: CVE-2014-3566
CVSS v2 Base Score: 4.3
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Additional Details: This vulnerability impacts only AlienVault's built-in Apache server and OpenVAS.

See the Debian Security Advisory DSA-3053-1 for more information.

Share post:

This discussion has been closed.