JVN#91438377
SSL Visibility Appliance may generate illegal RST packets
Overview
SSL Visibility Appliance may generate illegal RST packets in some situation, and the web server behind the appliance fails to drop the session. This behavior may be utilized to mount a denial-of-service (DoS) attack.
Products Affected
- SSL Visibility Appliance 3.8.4FC, 3.9, 3.10, and 3.11 prior to 3.11.3.1
Description
SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management.
It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web server behind the appliance fails to treat these incorrect RST packets, it keeps the encrypted session indefinitely.
This behavior may be used to cause a denial-of-service (DoS) condition on the server side.
According to the developer, this issue does not affect the appliance.
Impact
A denial-of-service (DoS) attack to a server may be conducted by an unauthenticated remote attacker.
Solution
Update the Appliance
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Blue Coat Systems Inc. | SA142: Invalid TCP Packet Generation DoS in SSL Visibility |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
NTT-ME CORPORATION Cyber Security Center reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2016-10259 |
| JVN iPedia |
JVNDB-2017-000099 |
Update History
- 2017/05/29
- Information under the section "Vendor Status" was updated.