[jira] [Updated] (KARAF-4057) karaf2.4.0 of rmiServerPort = 2098 is not secure, will get attacked by BIAS, BEAST, NO_PFS.

Achim Nierbeck (JIRA) Sun, 18 Oct 2015 00:09:30 -0700

     [ 
https://issues.apache.org/jira/browse/KARAF-4057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Achim Nierbeck updated KARAF-4057:
----------------------------------
    Priority: Trivial  (was: Critical)

>  karaf2.4.0 of rmiServerPort = 2098 is not secure, will get attacked by  
> BIAS, BEAST, NO_PFS.
> ---------------------------------------------------------------------------------------------
>
>                 Key: KARAF-4057
>                 URL: https://issues.apache.org/jira/browse/KARAF-4057
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 2.4.3
>         Environment: OS:centos6.7
> jdk：1.8 
>            Reporter: holmovie
>            Priority: Trivial
>         Attachments: uc2.7_result.txt
>
>
> We use script “ssl-cipher-suite-enum.pl ” (version1.0.0)  scanning our  RMI 
> server which port is 2098, please check attachment for details.
> I have several questions to consult:
> 1. How these  attack(BEAST, BIAS...) can be avoided in the karaf2.4.3?
>  if yes, what is the solution?
> 2. if we use the latest  karaf version,  could these loopholes be solved or 
> not?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KARAF-4057) karaf2.4.0 of rmiServerPort = 2098 is not secure, will get attacked by BIAS, BEAST, NO_PFS.

Reply via email to