Is RHEL 6 and RHEL 5 vulnerable to CVE-2005-2969 ?
Issue
Getting following Vulnerability in httpd-2.2.15,
-
Synopsis
The remote service has a configuration that may make it vulnerable to the CRIME attack. -
Description
The remote service has one of two configurations that are known to be required for the CRIME attack: - SSL / TLS compression is enabled.
-
TLS advertises the SPDY protocol earlier than version 4.
Note that Nessus did not attempt to launch the CRIME attack against the remote service. -
Severity MEDIUM
-
Recommendation
Disable compression and / or the SPDY service.
Environment
- Red Hat Enterprise Linux 5,6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.