Uploaded image for project: 'Apache Storm'
  1. Apache Storm
  2. STORM-640

Storm UI vulnerable to poodle attack

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.10.0
    • Component/s: storm-core
    • Labels:
      None

      Description

      More info on this page http://en.wikipedia.org/wiki/POODLE .
      Steps to verify
      1 Enable storm ui or logviewer to listen in SSL
      2. openssl s_client -connect host:port | grep Protocol
      3. If SSLv3 shows up you have the vulnerability, TLS protocol versions are OK.

        Attachments

          Activity

            People

            • Assignee:
              sriharsha Sriharsha Chintalapani
              Reporter:
              sriharsha Sriharsha Chintalapani
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: