search cancel

Is Symantec Protection Engine (SPE) for CS/NAS affected by CVE-2016-0800 (DROWN) vulnerability?

book

Article ID: 150337

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

 

Resolution

Symantec Protection Engine (SPE) for CS/NAS is not affected by CVE-2016-0800 (DROWN) vulnerability. 

With the new SSL/TLS vulnerability (CVE-2016-0800), attackers can force a web server to use an old, insecure version of SSL/TLS known as SSLv2. SPE does not support SSLv2 protocol for UI communication.

 

For more information about the vulnerability, visit the following page: 
http://www.symantec.com/connect/blogs/drown-vulnerability-could-sink-secure-internet-connections 

 

Note: Though SPE for CS/NAS is not affected by CVE-2016-0800 vulnerability, we recommend that you upgrade to the latest SPE 7.0.x or 7.5.x versions as they support only TLS based UI communication.