Applies To
- Zenoss Resource Manager 4.x
- Cisco UCS Performance Manager 1.x
Summary
Recently, a vulnerability named POODLE (Padding Oracle On Downgraded Legacy Encryption) has been found in OpenSSL, a popular crypotography library. The vulnerability is described here: https://www.openssl.org/~bodo/ssl-poodle.pdf.
If configured to use SSL, Resource Manager and UCS Performance Manager use OpenSSL. As such, the OpenSSL vulnerability would affect any such deployments.
Procedure
SSL is not configured by default in either Resource Manager or UCS Performance Manager. However, if SSL has been configured, the system administrator can follow the procedures detailed by their operating system distribution to mitigate the vulnerability. The Centos and Red Hat procedures for doing so can be found at the following sites:
Comments