karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "holmovie (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-4057) karaf2.4.0 of rmiServerPort = 2098 is not secure, will get attacked by BIAS, BEAST, NO_PFS.
Date Mon, 12 Oct 2015 02:25:05 GMT
holmovie created KARAF-4057:
-------------------------------

             Summary:  karaf2.4.0 of rmiServerPort = 2098 is not secure, will get attacked
by  BIAS, BEAST, NO_PFS.
                 Key: KARAF-4057
                 URL: https://issues.apache.org/jira/browse/KARAF-4057
             Project: Karaf
          Issue Type: Bug
          Components: karaf-security
    Affects Versions: 2.4.3
         Environment: OS:centos6.7
jdk:1.8 
            Reporter: holmovie
            Priority: Critical


We use script “ssl-cipher-suite-enum.pl ” (version1.0.0)  scanning our  RMI server which
port is 2098, please check attachment for details.

I have several questions to consult:

1. How these  attack(BEAST, BIAS...) can be avoided in the karaf2.4.3?
 if yes, what is the solution?
2. if we use the latest  karaf version,  could these loopholes be solved or not?






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message