Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

InterScan Web Security Virtual Appliance (IWSVA) 6.5 Service Pack 2 (SP2) does not support SSL RC4 Cipher Suites

    • Updated:
    • 24 Apr 2017
    • Product/Version:
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary

Some vulnerability scanners report that IWSVA 6.5 SP2 is vulnerable to SSL RC4 Cipher.

Details
Public

CVE References on RC4 and “CRIME” attack:

This type of attack can be mitigated by preventing the use of SSL/TLS compression either at the client end (browser) or on the web server.

Our developers have tested and found that IWSVA does not support RC4 on ports 8443 and 9091, so there is no impact for IWSVA.

In any case, this attack would require an old browser version and all the principal browsers have been patched in 2016.

For more details, refer to the the following articles:

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1117190
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.