This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG/UTM and BEAST attacks

Does anyone know if Astaro ASG V8 is susceptible to BEAST (Browser Exploit Against SSL/TLS) style attacks? A recent security scan of our site flagged this vulnerability on port 465 of our box, which I think is used by the mail proxy.

From my limited understanding of BEAST, this vulnerability can only be exploited in very restricted circumstances in HTTPS sessions, so this security scan result is most likely a false positive - but does anyone know of a definitive statement of some sort that I could show to my superiors?

If this really is an issue, has it been addressed in UTM9?

Thanks for any light anyone can shine on this.

Ifor

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

Yes, please let us know what Support tells you. Since this port is opened by the SMTP Proxy, and the malware works with HTML or Java, I imagine the security scan only saw that the port was open, and that their scan isn't very good.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

Yes, please let us know what Support tells you. Since this port is opened by the SMTP Proxy, and the malware works with HTML or Java, I imagine the security scan only saw that the port was open, and that their scan isn't very good.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data