[STORM-640] Storm UI vulnerable to poodle attack - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.10.0
Component/s: storm-core
Labels:
None

Description

More info on this page http://en.wikipedia.org/wiki/POODLE .
Steps to verify
1 Enable storm ui or logviewer to listen in SSL
2. openssl s_client -connect host:port | grep Protocol
3. If SSLv3 shows up you have the vulnerability, TLS protocol versions are OK.

Attachments

Activity

People

Assignee:: Harsha

Reporter:: Harsha

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 30/Jan/15 18:49

Updated:: 05/Oct/15 01:08

Resolved:: 23/Feb/15 17:55