SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability for Smart Switch SG200-26 26 Port

Hi,
I am having a SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability on my Smart Switch SG200-26 26Port. Does anyone know how to solve this vulnerability?

Quick-link to the PSIRT verified Email Security (ESA) vulnerability information as well as workaround:-
https://tools.cisco.com/bugsearch/bug/CSCur27131

Similar Messages

  • [CVE-2014-3566] SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

    Cisco is aware of the reported vulnerability and is currently investigating this report.  Cisco is evaluating products to determine their exposure to this vulnerability.
    Cisco has issued an official PSIRT notice for the SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
    Please refer to the following information, as provided from our Product Security Incident Response Team (PSIRT):
    SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
    Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:
    http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html 
    This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:
    http://www.cisco.com/go/psirt

    Quick-link to the PSIRT verified Email Security (ESA) vulnerability information as well as workaround:-
    https://tools.cisco.com/bugsearch/bug/CSCur27131

  • Use TLS instead of SSL in Oracle AS WebCache 10g (10.1.2)

    Hi,
    We use Oracle AS Webcache as a reverse proxy for all our OAS/ADF web applications.
    Our sysadmin blocked SSL v3 icw POODLE vulnerability. Is there any way we can use TLS (1.2) instead of SSL in the Oracle Webcache 10g?
    Many thanks,
    Abraham

    We are having the same issue on production environment.
    Since Thursday 20th november 2014, Google Chrome does not allow connections to websites using SSLv3. This is because the POODLE vulnerability as described here: https://www.us-cert.gov/ncas/alerts/TA14-290A
    I've already followed the configuration on My Oracle Support (Doc ID 1936300.1) without success. But i didn't applied the Critical Patchs Updates yet as the presented note Doc ID 405972.1.
    I'm wondering if you found any workarround for this problem or if we can help each other. I believe we are not alone.
    Thanks,
    Jeison.

  • How do I disable SSLV3 in Oracle HTTP SERVER to prevent POODLE attacks?

    How do I disable SSLV3 in Oracle HTTP SERVER to prevent POODLE attacks?
    I see the line in the ssl.conf file:
    SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5:SSL_RSA_WITH_RC4_128_SHA:SSL_RSA_WITH_3DES_EDE_CBC_SHA:SSL_RSA_WITH_DES_CBC_SHA:SSL_RSA_EXPORT_WITH_RC4_40_MD5:SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
    but I'm not sure which ciphers are SSLV3.
    Thanks,
    Andy

    Hi Andy,
    For this, we highly recommend you to open a SR with Oracle support and Security team would be assisting you on how to get this fixed.
    Thanks,
    Sharmela

  • How to Setup SSL on Oracle Application Server 10g Release 2 (10.1..2)

    Hi All,
    Can anybody tell me How to setup the SSL on Oracle Application Server 10g Release 2 (10.1.2).
    I have all the required documents like
    1. Oracle Application Server Portal Server Configuration Guide.
    2. Oracle Application Server Web Cache Configuration Guide.
    3. Oracle Application Server SSO Administration Guide.
    I tried to follow all this documents but still i am not able to set SSL for Oracle Portal Server.

    The Portal Configuration Guide, available on OTN at http://www.oracle.com/technology/documentation/appserver1012.html does provide some very specific information on how to set up OracleAS Portal.
    Section 6.3.2.1 Configuring SSL for OracleAS Portal describes various configurations, such as:
    SSL to OracleAS Single Sign-On
    SSL to OracleAS Web Cache
    SSL Throughout OracleAS Portal
    External SSL with Non-SSL Within Oracle Application Server
    For larger enterprise configurations, you can refer to the Enterprise Deployment Guide.
    Can you give a bit more background on what you are trying to set up? Which scenario, what sort of hardware, software versions, and so on.
    Regards,
    Pete

  • Enabling SSL in oracle EBS 12.0.6

    Dear All,
    I want to enable SSL (secure socket layer). in oracle ebs R12,
    Application is 12.0.6
    Web/Apache server is 10.1.3
    Form and reports server 10.1.2
    Database server 10.2.0.4.0
    there is required any upgrade patch before enable ssl ?
    Thanks & Regards
    Ravi Kumar

    Hi Ravi,
    This is a duplicated thread, and you have raised a similar thread before..
    Enabling SSL in oracle EBS 12.0.6
    there is required any upgrade patch before enable ssl ?
    You environment will support configuring SSL.
    Please see note:
    Enabling SSL in Oracle E-Business Suite Release 12 (Doc ID 376700.1)
    Best Regards,

  • Configuring SSL in Oracle Apps 11.5.10.2

    Hi,
    I am in the process of configuring SSL in oracle apps 11.5.10.2.
    I am a bit confused with the Note ID: 123718.1. Could you please clarify me on the below things?
    1. SSL can be implemented at three levels,
    (a) Oracle Web/Apache Server Level
    (b) Oracle Form Server Level
    (c) Oracle Database Level
    Can Implement SSL on any one or any two component levels? As per Note:123718.1, we MUST configure SSL for both the Oracle HTTP Server and Oracle Forms Level and these cannot be configured independently.
    2. As per the Note ID: 123718.1, Option 2.1. Certificate Provisioning for Oracle HTTP Server
    Point b in point 2 says to execute "$OPENSSL_TOP/bin/openssl sha1 or* > $HOME/.rnd"
    But which will be the OPENSSL_TOP?
    Please advise on these above two queries.
    Thanks in advance
    Regards,
    Sravan

    Thanks Hussien,
    I have completed SSL configuration at all level including database. Forms are not getting launched. I am getting below error in the Java Console.
    Java Plug-in 1.6.0_23
    Using JRE version 1.6.0_23-b05 Java HotSpot(TM) Client VM
    User home directory = C:\Documents and Settings\sdalav
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    o: trigger logging
    q: hide console
    r: reload policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    x: clear classloader cache
    0-5: set trace level to <n>
    proxyHost=null
    proxyPort=0
    connectMode=HTTPS
    Exception in thread "thread applet-oracle.forms.engine.Main-2" java.lang.NoClassDefFoundError: oracle/security/ssl/OracleSSLSocketFactory
         at oracle.forms.net.HTTPSStream.<init>(Unknown Source)
         at oracle.forms.net.HTTPConnection.connect(Unknown Source)
         at oracle.forms.engine.Runform.initConnection(Unknown Source)
         at oracle.forms.engine.Runform.startRunform(Unknown Source)
         at oracle.forms.engine.Main.createRunform(Unknown Source)
         at oracle.forms.engine.Main.start(Unknown Source)
         at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    Caused by: java.lang.ClassNotFoundException: oracle.security.ssl.OracleSSLSocketFactory
         at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
         at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
         at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
         at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         ... 8 more
    Caused by: java.io.IOException: open HTTP connection failed:https://sandispa.bp.com:8443/OA_JAVA/oracle/security/ssl/OracleSSLSocketFactory.class
         at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
         at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
         at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         ... 13 more
    Thanks,
    Sravan

  • How to enable SSL in oracle 11i

    HI
    1)How to enable SSL in oracle 11i
    2)How do I make an oralce 11i instance available on the internet
    can some one suggest the procedure and the metalink doc or forums that can be referred to for better understanding and using the applcaitons
    Regrads

    Refer to the following notes:
    Note: 123718.1 - 11i: A Guide to Understanding and Implementing SSL for Oracle Applications
    https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=123718.1
    Note: 217368.1 - Advanced Configurations and Topologies for Enterprise Deployments of E-Business Suite 11i
    https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=217368.1
    Note: 229335.1 - Best Practices For Securing Oracle E-Business Suite 11i For Internet Access
    https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=229335.1

  • How to Implement SSL with Oracle Applications R12 without using Load Balanc

    How to Implement SSL with Oracle Applications R12.1.3 without using Load Balancer

    Please refer to (Enabling SSL in Release 12 [ID 376700.1]).
    Thanks,
    Hussein

  • SSL on Oracle Apps 11

    Hi All,
    I am trying to configure SSL on Oracle Apps 11i. I am referring the Metalink Doc 123718.1. I did not use Third party for certificates.
    I have used self signed certificate with Applications genereted by OpenSSL for WebSever and configured SSL with HTTP Server. I am able to login to application using url https://<hostname>:4479 .
    I have enabled FormsLsnrServlet using txkrun.pl -script=SetAdvCfg -appsuser=apps -appspass=apps -enable=FormsLsnrServlet.
    I am able to access http://hostname.domain:port/dev60cgi/f60cgi but below its showing the error java.lang.ClassNotFoundException:oracle.forms.engine.Main
    But i am not able to open forms. Its not giving any error. I ran Autoconfig. Do i need to do any other configuration steps?
    Please let me know a solution for this.
    Thanks,
    Manikandan
    Edited by: Manikandan on Nov 16, 2010 5:33 AM

    Hi Haswan,
    I am able to access http://hostname.domain:port/dev60cgi/f60cgi but below its showing the error java.lang.ClassNotFoundException:oracle.forms.engine.Main.
    error_log says
    [Tue Nov 16 17:52:54 2010] [error] mod_ssl: SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [Tue Nov 16 17:52:54 2010] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [Tue Nov 16 17:52:55 2010] [error] mod_ssl: SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [Tue Nov 16 17:52:55 2010] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [Tue Nov 16 17:52:56 2010] [error] mod_ssl: SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [Tue Nov 16 17:52:56 2010] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [Tue Nov 16 17:52:57 2010] [error] mod_ssl: SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [Tue Nov 16 17:52:57 2010] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [Tue Nov 16 17:52:58 2010] [error] mod_ssl: SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [Tue Nov 16 17:52:58 2010] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [Tue Nov 16 17:52:58 2010] [error] mod_ssl: SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [Tue Nov 16 17:52:58 2010] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [Tue Nov 16 17:52:59 2010] [error] mod_ssl: SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [Tue Nov 16 17:52:59 2010] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [Tue Nov 16 17:53:19 2010] [error] [client 192.168.0.12] File does not exist: /u01/applmgr/estrhi7comn/portal/ESTRHI7_rihand7/favicon.ico
    [Tue Nov 16 17:53:21 2010] [error] [client 192.168.0.12] File does not exist: /u01/applmgr/estrhi7comn/portal/ESTRHI7_rihand7/favicon.ico
    [Tue Nov 16 17:54:02 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:03 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:03 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:03 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:03 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:03 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:03 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:03 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:03 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:04 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:05 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:05 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:06 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:06 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:06 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 17:54:06 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 18:56:01 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 18:59:11 2010] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
    [Tue Nov 16 18:59:11 2010] [error] System: Connection reset by peer (errno: 104)
    [Tue Nov 16 19:01:27 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 19:01:27 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 19:01:27 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 19:01:27 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 19:01:27 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [Tue Nov 16 19:01:28 2010] [error] mod_ssl: SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    ssl_engine_log says
    rver name or identical to CA!?]
    [16/Nov/2010 17:52:54 17711] [error] SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [16/Nov/2010 17:52:54 17711] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [16/Nov/2010 17:52:55 17716] [error] SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [16/Nov/2010 17:52:55 17716] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [16/Nov/2010 17:52:56 17713] [error] SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [16/Nov/2010 17:52:56 17713] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [16/Nov/2010 17:52:57 17712] [error] SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [16/Nov/2010 17:52:57 17712] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [16/Nov/2010 17:52:58 17714] [error] SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [16/Nov/2010 17:52:58 17714] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [16/Nov/2010 17:52:58 17715] [error] SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [16/Nov/2010 17:52:58 17715] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [16/Nov/2010 17:52:59 17717] [error] SSL handshake failed (server rihand7.estuate:4479, client 192.168.0.12) (OpenSSL library error follows)
    [16/Nov/2010 17:52:59 17717] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?]
    [16/Nov/2010 17:54:02 16535] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:03 16528] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:03 16534] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:03 16554] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:03 16605] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:03 16639] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:03 16640] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:03 16645] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:03 16529] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:04 17695] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:05 17700] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:05 17701] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:06 17702] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:06 17704] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:06 17705] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 17:54:06 17703] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 18:56:01 16646] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 18:59:11 16529] [error] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
    [16/Nov/2010 18:59:11 16529] [error] System: Connection reset by peer (errno: 104)
    [16/Nov/2010 19:01:27 16534] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 19:01:27 16554] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 19:01:27 16639] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 19:01:27 16640] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 19:01:27 16645] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    [16/Nov/2010 19:01:28 16535] [error] SSL handshake timed out (client 192.168.0.231, server rihand7.estuate:4479)
    access_log.1289865600 says
    192.168.0.12 - - [16/Nov/2010:17:54:29 +0530] "GET /OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE&akRegionApplicationId=0&navRespId=20420&navRespAppId=1&navSecGrpId=0&transactionid=1552263075&oapc=2&oas=VDB71pm6pAWm1JwiWz3yxQ.. HTTP/1.1" 200 91352
    192.168.0.12 - - [16/Nov/2010:17:54:30 +0530] "GET /OA_HTML/RF.jsp?function_id=95&resp_id=20420&resp_appl_id=1&security_group_id=0&lang_code=US&oas=9BQH1hcOWQm0YN53s3oAfQ..&formsLink=yes HTTP/1.1" 302 376
    192.168.0.12 - - [16/Nov/2010:17:54:31 +0530] "GET /pls/ESTRHI7/fnd_icx_launch.launch?resp_app=SYSADMIN&resp_key=SYSTEM_ADMINISTRATOR&secgrp_key=STANDARD&start_func=FND_FNDCPDCQ&other_params= HTTP/1.1" 302 5
    192.168.0.12 - - [16/Nov/2010:17:54:31 +0530] "GET /dev60cgi/f60cgi?&appletmode=nonforms&HTMLpageTitle=&HTMLpreApplet=&code=oracle/apps/fnd/formsClient/FormsLauncher.class&width=400&height=100&archive=/OA_JAVA/oracle/apps/fnd/jar/fndforms.jar,/OA_JAVA/oracle/apps/fnd/jar/fndformsi18n.jar,/OA_JAVA/oracle/apps/fnd/jar/fndewt.jar,/OA_JAVA/oracle/apps/fnd/jar/fndswing.jar,/OA_JAVA/oracle/apps/fnd/jar/fndbalishare.jar,/OA_JAVA/oracle/apps/fnd/jar/fndaol.jar,/OA_JAVA/oracle/apps/fnd/jar/fndctx.jar,/OA_JAVA/oracle/apps/fnd/jar/fndlist.jar&gp14=jinit_appletcache&gv14=offjinit_appletcache=off&gp2=resp_app&gv2=SYSADMIN&gp3=resp&gv3=SYSTEM_ADMINISTRATOR&gp4=sec_group&gv4=STANDARD&gp5=function&gv5=FND_FNDCPDCQ&gp6=other_params&gv6=&gp7=forms_url&gv7=https%3A%2F%2Frihand7.estuate%3A4479%2Fpls%2FESTRHI7%2Ffnd_icx_launch.runforms%3FICX_TICKET%3D%26resp_app%3DSYSADMIN%26resp_key%3DSYSTEM_ADMINISTRATOR%26secgrp_key%3DSTANDARD%26start_func%3DFND_FNDCPDCQ%26other_params%3D&encoding=UTF-8&gp8=error_url&gv8=https%3A%2F%2Frihand7.estuate%3A4479%2FOA_HTML%2Fjsp%2Ffnd%2Ffnderror.jsp%3Fdbc%3Destrhi7&gp12=port&gv12=6945&gp13=dbc&gv13=estrhi7&gp15=icx_ticket&gv15=1651410630 HTTP/1.1" 200 40795
    192.168.0.12 - - [16/Nov/2010:17:54:41 +0530] "GET /OA_HTML/OA.jsp?OAFunc=OAHOMEPAGE&akRegionApplicationId=0&navRespId=20420&navRespAppId=1&navSecGrpId=0&transactionid=1552263075&oapc=2&oas=VDB71pm6pAWm1JwiWz3yxQ.. HTTP/1.1" 200 91352
    192.168.0.12 - - [16/Nov/2010:17:54:43 +0530] "GET /OA_HTML/RF.jsp?function_id=90&resp_id=20420&resp_appl_id=1&security_group_id=0&lang_code=US&oas=1ZXm4khw_sIFVj5oz4FIIg..&formsLink=yes HTTP/1.1" 302 380
    192.168.0.12 - - [16/Nov/2010:17:54:43 +0530] "GET /pls/ESTRHI7/fnd_icx_launch.launch?resp_app=SYSADMIN&resp_key=SYSTEM_ADMINISTRATOR&secgrp_key=STANDARD&start_func=FND_FNDCPQCR_SYS&other_params= HTTP/1.1" 302 5
    192.168.0.12 - - [16/Nov/2010:17:54:43 +0530] "GET /dev60cgi/f60cgi?&appletmode=nonforms&HTMLpageTitle=&HTMLpreApplet=&code=oracle/apps/fnd/formsClient/FormsLauncher.class&width=400&height=100&archive=/OA_JAVA/oracle/apps/fnd/jar/fndforms.jar,/OA_JAVA/oracle/apps/fnd/jar/fndformsi18n.jar,/OA_JAVA/oracle/apps/fnd/jar/fndewt.jar,/OA_JAVA/oracle/apps/fnd/jar/fndswing.jar,/OA_JAVA/oracle/apps/fnd/jar/fndbalishare.jar,/OA_JAVA/oracle/apps/fnd/jar/fndaol.jar,/OA_JAVA/oracle/apps/fnd/jar/fndctx.jar,/OA_JAVA/oracle/apps/fnd/jar/fndlist.jar&gp14=jinit_appletcache&gv14=offjinit_appletcache=off&gp2=resp_app&gv2=SYSADMIN&gp3=resp&gv3=SYSTEM_ADMINISTRATOR&gp4=sec_group&gv4=STANDARD&gp5=function&gv5=FND_FNDCPQCR_SYS&gp6=other_params&gv6=&gp7=forms_url&gv7=https%3A%2F%2Frihand7.estuate%3A4479%2Fpls%2FESTRHI7%2Ffnd_icx_launch.runforms%3FICX_TICKET%3D%26resp_app%3DSYSADMIN%26resp_key%3DSYSTEM_ADMINISTRATOR%26secgrp_key%3DSTANDARD%26start_func%3DFND_FNDCPQCR_SYS%26other_params%3D&encoding=UTF-8&gp8=error_url&gv8=https%3A%2F%2Frihand7.estuate%3A4479%2FOA_HTML%2Fjsp%2Ffnd%2Ffnderror.jsp%3Fdbc%3Destrhi7&gp12=port&gv12=6945&gp13=dbc&gv13=estrhi7&gp15=icx_ticket&gv15=1984433721 HTTP/1.1" 200 40803
    192.168.0.231 - - [16/Nov/2010:18:56:01 +0530] "GET /dev60cgi/f60cgi HTTP/1.1" 200 40607
    192.168.0.231 - - [16/Nov/2010:18:56:01 +0530] "GET /OA_JAVA/oracle/apps/media/forms_logo.gif HTTP/1.1" 200 54200
    192.168.0.231 - - [16/Nov/2010:18:56:24 +0530] "GET /dev60cgi/f60cgi HTTP/1.1" 200 40607
    Thanks,
    Manikandan

  • Disabling SSL v3 in OAS10gR1 (9.0.4) to address Poodle vulnerability?

    Has anyone been able to get OAS10gR1 (9.0.4) to recognize a protocol other than SSLv3 – such as TLS? We know that this version of the OAS supports SSLv3 primarily – but we are attempting to address the SSLv3 Poodle Vulnerability. Any advice where this is concerned would be appreciated.

    Hi ,
    The version OAS10gR1(9.0.4) is de-supported since 31st-Dec-2008 and as this relates to security we would require you to upgrade to the latest version which is 11g and the apply the latest CPU patches.
    If the same issue still exists even after upgrade and applying the latest CPU patches request you Open and SR with Support.
    Regards,
    Prakash.

  • POODLE vulnerability

    Hi,
    I'm getting this threatening message from our admin (see below). I know this is being investigated (http://www.blackberry.com/btsc/KB36397), but they will throw my phone off the network in two days. Are there know workarounds? Why is the port 443 open anyway?
    anze
    System Name/IP : XX
    MAC Address : a4e4b80ef72b
    Owner/Admin : XX
    Last Scanned : 2014-11-04 09:58:07
    You are being contacted because you are listed as the admin/owner
    of the above system.
    ** At least one high or medium risk vulnerability remains on this system,
    and must accounted for before 2014-11-12! **
    Remediation will generally involve a combination of two approaches:
    1) Addressing the problem directly (e.g. apply vendor patches,
    disabling unnecessary services, etc.). Or,
    2) If a vulnerability cannot be remediated for any reason, an
    exception will have to be made. When you mark an exception
    you will have to provide a justification as well as a category
    (false positive, operational need, not correctable, etc.)
    ** Note that all exceptions/justifications will be audited! **
    Note that you will need to re-scan the system after you take any
    of the above remediation actions, to confirm the results.
    If nothing is done, this system will be queued to be blocked at
    9 am on 2014-11-12. Once queued, the only way to release the
    system will be to call the ITD Help Desk at x5522.
    This is the 2nd notice (the original notice was sent on 2014-11-05).
    [1] Service: www (443/tcp), Risk: MEDIUM, ID: 78479
    Synopsis :
    It is possible to obtain sensitive information from the remote host with SSL/TLS-enabled services.
    Description :
    The remote host is affected by a man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
    As long as a client and service both support SSLv3, a connection can be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the client and service.
    The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients
    however, it can only protect connections when the client and service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.
    This is a vulnerability in the SSLv3 specification, not in any particular SSL implementation. Disabling SSLv3 is the only way to completely mitigate the vulnerability.
    See also :
    https://www.imperialviolet.org/2014/10/14/poodle.html
    https://www.openssl.org/~bodo/ssl-poodle.pdf
    https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
    Solution :
    Disable SSLv3.
    Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be disabled.
    Risk factor :
    Medium / CVSS Base Score : 4.3
    (CVSS2#AV:N/AC:M/Au:N/C/I:N/A:N)
    Plugin output :
    Nessus determined that the remote server supports SSLv3 with at least one CBC
    cipher suite, indicating that this server is vulnerable.
    It appears that TLSv1 or newer is supported on the server. However, the
    Fallback SCSV mechanism is not supported, allowing connections to be "rolled
    back" to SSLv3.
    CVE : CVE-2014-3566
    BID : 70574
    Other references : OSVDB:113251,CERT:577193,IAVA:2014-A-0166

    Mitigations are existing conditions that a potential attacker would need to overcome to mount a successful attack or that would limit the severity of an attack. Examples of such conditions include default settings, common configurations and general best practices.
    TLS 1.0, TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. BlackBerry products use TLS 1.0 or better by default when connecting to websites. 
    Each encrypted connection uses a different key and recovering the plain text of one session does not compromise other sessions.
    This issue is mitigated for all customers by the requirement that an attacker would need to force the server and client to downgrade to the legacy SSLv3 protocol. This would require that the attacker successfully simulate a network or request failure. The attacker would also need to force the encrypted data to contain known plain text unless the attacker can reliably guess a part or all of the plain text. Any attempt to guess plain text data would rely on the data being in the exact same position within the network packets each time and in practice it is unlikely that this will be possible.
    This issue is mitigated for BlackBerry smartphone customers by the requirement that an attacker must first gain at least partial control of the network and of the server. The browser would then need to communicate with the attacker-controlled server over an attacker-controlled network on a repeated basis. If the connection is not compromised or the server is not under the control of the attacker, or if the attacker is unable to cause known data to be sent repeatedly between the server and the client, the SSLv3 weakness cannot be used to recover unencrypted data. The attacker has no way of forcing such a connection to occur.
    Click here to Backup the data on your BlackBerry Device! It's important, and FREE!
    Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
    Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals
    BESAdmin's, please make a signature with your BES environment info.
    SIM Free BlackBerry Unlocking FAQ
    Follow me on Twitter @knottyrope
    Want to thank me? Buy my KnottyRope App here
    BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V

  • How can I encrypt my data links between switch uplink ports ? I'm unable to use "cts Manual" command in C3560X switch.suggest me

    How can I encrypt my data uplinks between switch trunk ports ? I'm unable to use "cts Manual" command in C3560X switch.suggest me as I want to encrypt my switch-to-switch link with Cisco TrustSec.

    Hi 
    Login to switch & go to interface..
    There you can give tags.. (ISL & DONT1Q)
    Command switch-port mode trunk
    Switch-port trunk encapsulation ssl or dot1Q

  • Java encryption/decryption coding for database records

    i need some help in developing a source code in java that can encrypt and decrypt database records in Oracle 9i and MYsQL.
    urgent help needed!

    its a grade report system, where i put in the college id and a course id as the password. to retreve the grade from the database. The user IDs and grades have to be encrypted before requesting for the grades.This database stores for each student the user ID, the course ID, name and grades.The grades from the database are encrypted before being sent to the user.

  • POODLE Vulnerability and AMS configuration in Adapator.xml

    Hi,
    I am looking for some recommendation and guidance on how to ban AMS from using SSlV3 in with RTMPS clients. I know about that there's a configuration in Adaptor.xml called
    "SSLCipherSuite" which should be able to somehow prevent a specific protocol, but the Adobe documentation recommends contacting with Adobe before changing that configuration.
    So I was wondering if Adobe has any official recommendation to prevent RTMPS client from using SSLV3. Could someone please point me to the right direction?
    Thanks
    -Irtiza

    When will it be released?
    I can not comment on that...
    How will it support older browsers?
    Well most likely it will disable SSLv3 support from within the application. So you will not need to change anything in AMS ocnfiguration.
    All browsers which work on TLS 1.0 and higher will continue to work as they were working till now.
    Note that even in current release, if your browsers support TLS then TLS would be preferred mode of connection  and you will not be exposed to SSLv3 attack.
    Even today, POODLE vulnerability exists only if you are working on those browsers which do not support TLS.
    That said, you must upgrade your openssl to 1.0.1j, because prior to that a hacker could exploit a hack in openssl so that even if your endpoints supports TLS, it can hack and make the connection protocol get downgraded to SSLv3...openssl to 1.0.1j fixes this downgrade protocol attack..
    The steps to compile openssl for AMS are available in public domain..please google and compile openssl for yourself and drop that openssl in your AMS installation.
    Openssl consists of two files libeay32.dll and ssleay32.dll on windows  AND libssl.so.1.0.0 and libcrypto.so.1.0.0 on Linux...

Maybe you are looking for

  • How to add new fields in CRMD_CUSTOMER_H in CRM 3.0 ?

    Hi, I I have a requirement in CRM 3.0  to add a new field to crm structure CUSTOMER_H but not sure how to do this. I know in 7.0 we have transaction EEWB to do this but in 3.0 i have no clue. Please help how to do this. Thanks in advance! Regards, Bh

  • HELP! macbook killed my external drive!

    I have a maxtor drive plugged into my macbook via usb. I unplugged the headphones with itunes open and a got a kernal panic. so i held down the power button and turned the computer off. when i turned it back on, the maxtor wouldn't mount, it says i i

  • How to Use ADF Region With Data Bound Controls in JDeveloper 10g

    I want to use Data Bound ADF Components in Region. Is there any way to acheive this. I want to get Employee Information from a View Object and display it in a region and use this region on different pages.

  • Shared Hyperlink Destinations Unpleasantness

    Where I work, we've upgraded from CS1 to CS6. We've created many newsletters in InDesign (40+ pages each; 1 per month) that have hyperlinks. Working with the Hyperlinks and Hyperlink Destinations, while rather cumbersome before, was manageable. Howev

  • Index search returns duplicate entries

    When I double-click on an index entry in the compiled .chm to open it, the Topics Found window opens with 2 duplicate entries -- even though the topics are only entered in the index once. Any ideas?