Japan Vulnerability NotesJVN:91438377JVN#91438377: SSL Visibility Appliance may generate illegal RST packets
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
70.6%
SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management.
It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web server behind the appliance fails to treat these incorrect RST packets, it keeps the encrypted session indefinitely.
This behavior may be used to cause a denial-of-service (DoS) condition on the server side.
According to the developer, this issue does not affect the appliance.
Impact
A denial-of-service (DoS) attack to a server may be conducted by an unauthenticated remote attacker.
Solution
Update the Appliance
Update to the latest version according to the information provided by the developer.
Products Affected
- SSL Visibility Appliance 3.8.4FC, 3.9, 3.10, and 3.11 prior to 3.11.3.1
SSL Visibility Appliance 4.0 is not affected.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
70.6%