Anonymous_User Absent Member.
Absent Member.
1155 views

CVE-2011-3389 Vulnerability


I recently had a customer run some security scans on SLES 11 SP1 servers
running eDir 8.8.6 (latest patches). They identified a vulnerability,
CVE-2011-3389, in the DHost HTTP Server. I believe this is commonly
referred to as the "Beast" attack. It can be mitigated in Apache and
Tomcat by altering the preferred ciphers used for SSL/TLS. However,
DHost HTTP Server is, as far as I know, it's own stand alone HTTP stack.
So I opened an SR about it, and the support engineer told me to install
this:

http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5128094&sliceId=&docTypeID=DT_SUSESDB_PSDB_1_1&dialogID=3274809&stateId=0%200%203280449

Which is an IBM Java 1.4.2 patch. That patch does specifically address
CVE-2011-3389. But here is what I don't understand. What the heck does
this have to do with DHost HTTP Server? The servers in question don't
even have IBM Java installed on them (some have no Java installed at
all). I know that eDir lays down a JVM for it's own purposes, but would
this IBM Java patch affect that?

I asked for clarification/confirmation, but I'm having trouble getting
that. Can anyone shed any light here? Has anyone dealt with this
vulnerability in the DHost HTTP Server?

Thanks.

Matt


--
matt
------------------------------------------------------------------------
matt's Profile: http://forums.novell.com/member.php?userid=1582
View this thread: http://forums.novell.com/showthread.php?t=454040

Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: CVE-2011-3389 Vulnerability

On Wed, 28 Mar 2012 21:46:01 +0000, matt wrote:

> So I opened an SR about it, and the support engineer told me to install


What's the SR number?


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: CVE-2011-3389 Vulnerability


10756053441


dgersic;2185990 Wrote:
> On Wed, 28 Mar 2012 21:46:01 +0000, matt wrote:
>
> > So I opened an SR about it, and the support engineer told me to

> install
>
> What's the SR number?
>
>
> --
> --------------------------------------------------------------------------
> David Gersic
> dgersic_@_niu.edu
> Knowledge Partner
> http://forums.novell.com
>
> Please post questions in the forums. No support provided via
> email.



--
matt
------------------------------------------------------------------------
matt's Profile: http://forums.novell.com/member.php?userid=1582
View this thread: http://forums.novell.com/showthread.php?t=454040

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: CVE-2011-3389 Vulnerability

On Thu, 29 Mar 2012 12:56:02 +0000, matt wrote:

> 10756053441


Thanks. Let me see what I can find out.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: CVE-2011-3389 Vulnerability

On Wed, 28 Mar 2012 21:46:01 +0000, matt wrote:

> So I opened an SR about it, and the support engineer told me to install
> this:


Yeah, ok, so ignore that. What should have happened by now is that your
frontline engineer is supposed to have asked you to provide details of
the vulnerability. If you haven't yet, please do. Then it's supposed to
go to somebody else, who my contact says is "awesome", and she's supposed
to work on fixing the vulnerability.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.