Is CVE-2004-0230 a security threat for SpanVA
search cancel

Is CVE-2004-0230 a security threat for SpanVA

book

Article ID: 246595

calendar_today

Updated On:

Products

CASB Audit CASB Security Advanced CASB Security Premium CASB Security Standard

Issue/Introduction

You would like to know if CASB SpanVA is vulnerable to CVE- 2004-0230.

Environment

SpanVA

Resolution

Broadcom Security Engineering reviewed this issue and has determined that this is not a security threat to the SpanVA appliances for the following reasons:

Modern operating systems like Amazon Linux use a random sequence number, which is difficult to guess, and hence crafting an RST packet is not easy,

Port 80/TCP on which the issue was flagged is not a "long lived" connection, and an attacker has no chance to guess the RST packet sequence number,

This reset functionality is a part of the TCP/IP protocol, and in the case of SpanVA, it will reset the connection (if it ever happens). This is normal behavior and not a security threat.

 

There is nothing that  Broadcom can do to remedy the situation.  Any fixes, if at all, must come from Amazon Linux for the TCP/IP network stack.