Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-2629 CVE-2016-2183

Log Correlation Engine (LCE) 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243. The following vulnerabilities have been resolved with the updated libraries. cURL / libcurl lib/url.c allocate_conn() Function OCSP Stapling Validation Failure MitM Certificate Revocation Bypass [VulnDB 152389 / CVE-2017-2629] Triple Data Encryption Algorithm (3DES) 64-bit Block Size Birthday Attack HTTPS Cookie MitM Disclosure (SWEET32) [VulnDB 143387 / CVE-2016-2183] Please note that Tenable strongly recommends that LCE be installed on a subnet that is not Internet addressable.

Source

Log Correlation Engine (LCE) 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243.

The following vulnerabilities have been resolved with the updated libraries.

cURL / libcurl lib/url.c allocate_conn() Function OCSP Stapling Validation Failure MitM Certificate Revocation Bypass [VulnDB 152389 / CVE-2017-2629]
Triple Data Encryption Algorithm (3DES) 64-bit Block Size Birthday Attack HTTPS Cookie MitM Disclosure (SWEET32) [VulnDB 143387 / CVE-2016-2183]

Please note that Tenable strongly recommends that LCE be installed on a subnet that is not Internet addressable.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

[R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities

Synopsis

Solution

Vulmon Search

About

Products

Connect