Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Python Vulnerability in Ironports

Are the Ironports vulnerable to the Python issue #2254?

1 REPLY
Cisco Employee

Python Vulnerability in Ironports

Bob -

Reviewing the Python vulnerabilty - I do believe you are referring to the following:

http://bugs.python.org/issue2254

Description:

================================================================================

Requesting cgi script (in example test.py) without / in the beginnig of URL cause return script content/code instead of script execution.  It could lead to disclose some secret information eg. password.

AsyncOS does not use that module that is affected by this Python vulnerabilty.  The Python source code is not included our OS.

If there were any concerns with the cipher strength that is implemented on your appliance, we would suggest that you have the following set for your 'sslconfig' ciphers:

include medium and high cipher strengths, disable SSLv2 (optional) and disallow anonymous ciphers:

Inbound SMTP method: sslv3tlsv1

Inbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH

Outbound SMTP method: sslv3tlsv1

Outbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH

Hope this helps!

-Robert

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

538
Views
0
Helpful
1
Replies
CreatePlease to create content