Guest

Cisco CSS 11500 Series Content Services Switches

Field Notice: FN - 62364 - CSS WebNS Software Version 8.10.105, 7.50.204, and 7.40.304 Withdrawn from CCO


May 12, 2006

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Afftected

Comments

WebNS

8.10.105, 7.50.204, and 7.40.304

Problem Description

It has been determined that users of WEBNS version 8.10.104, 7.50 204, and 7.40.304 are vulnerable to the following DDTS - CSCek34363 - SSL Client authentication fails with IE browser. This version has been withdrawn and new, corrected images have been posted.

Background

The Safe Harbor Testing process has brought this issue to light. Through this exhaustive tesing it was determined that the fix for CSCek34363 was never correctly implemented in these code versions.

Problem Symptoms

The problem will display the following symptoms:

When an IE brower connects to the CSS which requires client authentication, the connection fails. Once the HTTP GET is received, the CSS does not forward that GET to the server. In turn, the client browser just sits there until the connection times out. From the user perspective, no page is ever loaded.

Workaround/Solution

Workarounds to the defect:

An IE browser that connects to a CSS with an ssl-server configured that has client authentication enabled will not see data returned. This issue is not seen when client authentication is disabled.

Another workaround is to turn off server id reuse, since this appears to contribute to the problem.

On the ssl-server command, under ssl-proxy-list use ssl-server x session-cache 0 .

Solution:

The fixed code has been reposted to CCO and the version numbers have been incremented by 1. The new versions are 8.10.106, 7.50.205 and 7.40.305, respectively.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCek34363 (registered customers only)

Client auth fails with IE browser. When an IE brower connects to the CSS which requires client authentication, the connection fails. Once the HTTP GET is received the CSS does not forward that GET to the server. In turn, the client browser just sits there until the connection times out. From the user perspective no page is ever loaded.

Revision History

Revision

Date

Comment

1.0

12-MAY-2006

Initial Public Release

NetPro Discussion Forums - Featured Conversations

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.