We just found SSLv3 "POODLE" vulnerability alerts from our IPS system. And our Splunk Universal Forwarder is in 6.4.2.
I thought the SSLv3 POODLE issue only appear at Splunk version earlier than 6.3?
Should I use the same workaround mention here?
Many thanks in advance.
So we are not using SSL forwarding between uf and HWF.
The only SSL communication I can think of is the REST connection of 8089. However, since we are not doing any command line or REST request to the uf. So I will try disabling the management port by deploying a server.conf
disableDefaultPort = true
@season88481 - Did the Splunk blog post referenced by gokadroid below help answer to your question? If yes, please don't forget to resolve this post by clicking "Accept". If no, please leave a comment with more feedback. Thanks!