TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730) PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Michael Felt   

Security Bulletin

TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730)

Summary

Transport Layer Security (TLS) padding vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack affects IBM HTTP Server.

Workarounds and Mitigations

For all versions and releases of Apache based IBM HTTP server, IBM recommends enabling strict CBC padding enforcement. Add the following directive to the httpd.conf file to disable SSLv3 and SSLv2 for each context that contains "SSLEnable":

# Enable strict CBC padding
SSLAttributeSet 471 1
The original full-text report
 
< Prev   Next >