ePolicy Orchestrator 维持声明 (SS821066) - ePO 和 Blockwise Chosen-边界攻击 (BCBA)
Last Modified: 2022-03-18 15:28:54 Etc/GMT
Disclaimer
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
ePolicy Orchestrator 维持声明 (SS821066) - ePO 和 Blockwise Chosen-边界攻击 (BCBA)
Technical Articles ID:
KB85248
Last Modified: 2022-03-18 15:28:54 Etc/GMT EnvironmentMcAfee ePolicy Orchestrator (ePO) 5.x
Summary本文档介绍了与 McAfee 应用程序保持工程相关的支持位置。
概述 本文档解决了对 ePO 和 Blockwise Chosen-Boundary Attack (BCBA) 漏洞的关注,该漏洞允许通过纯文本或纯文本标题进行中间人HTTP攻击。 CVE-2011-3389: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389 描述 Microsoft Windows 和 Microsoft Internet Explorer、Mozilla Firefox、Google Chrome、Opera 和其他浏览器中使用的安全套接字层 (SSL) 协议通过加密-块链接 (CBC) 模式和链式初始化媒介加密数据。 这样,中间人攻击者可以通过 HTTPS 会话上的 Blockwise Chosen-Boundary Attack (BCBA) 在HTTP标头获得纯文本攻击。 它与使用JavaScript之一的系统代码结合使用:
系统ePO 服务器上述三项中的任一项目,无法使该漏洞成功。 因此,该漏洞不是问题。
研究和结论 此问题不会影响 ePO 。 免责声明 该声明中提到的任何以后产品发行日期旨在概述我们的一般产品方向,在做出购买决定时不应依赖该日期:
DisclaimerThe content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.
Affected ProductsLanguages:This article is available in the following languages: |
|