AXA 17.x - Vulnerability - Secure Client-Initiated Renegotiation - DoS thread attack

book

Article ID: 212084

calendar_today

Updated On:

Products

CA App Experience Analytics

Issue/Introduction

VA scan show a high risk in relation to possible dos attacks that could render the system on functional.

Threat Level High
Description
Exploiting the fact that, when a new SSL connection is being 
negotiated, the server will typically spend significantly more CPU 
resources than the client. Thus, if you are requesting many new SSL 
connections per second, you may end up using all of the server’s CPU.

Recommendations
The sensible thing to do is to check for client-initiated renegotiation 
support in your servers, and disable it where possible. Although that 
won’t substantially help you overall (defending against DoS attacks is 
notoriously difficult and expensive), it will harden your defences 
against this particular technique.

Cause

Vulnerability issue

Environment

Release : 17.3.2

Component : APP EXPERIENCE ANALYTICS ENGINE

Resolution

There is no fix or workaround available

Solution : upgrade to 20.x or higher version

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/app-experience-analytics/20-2/release-notes/release-comparison.html

Attachments