Release Notes › Web Services Security (formerly SOA Security Manager) Release Notes › New Features and Changes to Existing Features

New Features and Changes to Existing Features

Upgrade of CAPKI

CA SiteMinder® is upgraded to use CAPKI 4.3.4 to fix the following OpenSSL vulnerabilities:

• CVE-2014-0224: An SSL/TLS MITM vulnerability exists in OpenSSL 0.9.8y and earlier. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
• CVE-2014-0221: DTLS recursion flaw exists in OpenSSL 0.9.8y and earlier. By sending an invalid DTLS handshake to an OpenSSL DTLS client, the code can be made to recurse, eventually crashing in a DoS attack.
• CVE-2014-3470: Anonymous ECDH denial of service flaw exists in OpenSSL 0.9.8y and earlier. OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
• CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack".

For more information about the vulnerabilities, see the OpenSSL documentation.

Defects Fixed in SOA Security Manager Releases

Web Services Security Defects Fixed in r12.52 SP1

There were no defects fixed for Web Services Security for r12.52 SP1.