|Check Point Reference:||CPAI-2012-164|
|Date Published:||10 May 2012|
|Last Updated:||8 Apr 2019|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||A use-after-free vulnerability has been reported in OpenSSL. The vulnerability is due to an error in the way the server handles handshake requests arriving in a certain order. A remote attacker could exploit this vulnerability by sending a malicious handshake sequence to a target server. Successful exploitation could result in arbitrary code execution, in the context of the affected application.|
IPS will detect and block malicious handshake requests sent to the TLS/SSL server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: OpenSSL Enforcement Violation.
Attack Information: OpenSSL Handshake Requests ECDH Use-after-free