07-02-2018 12:55 AM
HI All,
We detected Vulnerability: 36926 ID- GnuTLS Server Hello Session ID Heap Buffer Overflow in Palo Alto firewall. In our cutomers Firewall enviroment we not enable the SSL Descryption Feature.
Customers Queries us.. How and Why Palo Alto able detect the Vulnerability threat without the SSL?
Can Any one assist us on this?
08-22-2018 02:29 AM
This is due to the fact that the firewall, or anyone capturing the stream for that matter, can see the start of the server/client session exchange which is still unencrypted.
Looking at the vulnerability "GnuTLS Server Hello Session", the firewall detected something in the server hello. This is the part of an SSL stream where the server and client are still deciding on the way they are going to encrypt the actual session.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
