search cancel

Cloud Proxy flagged for new Security Vulnerability -TLS ROBOT Vulnerability Detected

book

Article ID: 241488

calendar_today

Updated On:

Products

DX Application Performance Management

Issue/Introduction

The Cloud Proxy is being flagged on the HTTPS (8444) and SLS Isengard port (5443)

TLS ROBOT Vulnerability Detected

CVE-2017-6168, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-12373, CVE-2017-13098, CVE-2017-1000385, CVE-2017-13099, CVE-2016-6883, CVE-2012-5081

 

The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. To detect this, the vulnerable ciphers should be disabled. 

Steps for disabling the vulnerable ciphers (https://qualys.secure.force.com/articles/How_To/000002963 )

 

Environment

Release : 21.3

Component : Introscope

Resolution

Provided https://knowledge.broadcom.com/external/article?articleId=230019

Looks like some may be at “apmservices.cloudproxy-21.11.0.25.jar” and those are the ones that flagged. I thought I had upgraded everything to “apmservices.cloudproxy-2022.1.0.25.jar”.  I have patched the cloud proxies, waiting on the scan. You can close out the case if you want. If scan comes back with an issue, I will open another case.

Additional Information

Do you have detailed breakout of the fixes in all the 2022 releases? I want to see what changed between apmservices.cloudproxy-2022.1.0.25.jar & apmservices.cloudproxy-2022.3.0.21.tar and if I should grab the latest.

Doc defect submitted  DE535149 to provide this going forward.