Summary

Due to a recently discovered SSL vulnerability known as the “Sweet32” attack, DES/3DES security ciphers are no longer secure and have been disabled from our SaaS environment.

You can read more about this vulnerability in the following links:

Affected Software 

 

ProductComponentVersionExploitabilitySeverity
.NET AgentAppDynamics DotNet AgentAllNoHigh


This update is known to impact .NET APM Agents running on Windows 2003 Server where the latest security ciphers have not been installed.  .NET Agents running on Windows 2008/2012, as well as all Java agents, are not affected by this update.

Impact

.NET APM Agents running on Windows 2003 Server will begin to throw the following error while attempting to communicate with the SaaS controller:

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.

Resolution

 

The following article from Microsoft contains more information and a link to download the latest secure ciphers for Windows 2003 Server.
https://support.microsoft.com/en-us/help/3050509/improving-cipher-security-in-windows-server-2003

Disclaimer

The information provided in this security advisory is provided "as is" without warranty of any kind. AppDynamics disclaims all warranties with respect thereto, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall AppDynamics or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if AppDynamics or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply to you.

Revision History

1.0 - 2/9/2017  Initial Revision



  • No labels