Bob -
Reviewing the Python vulnerabilty - I do believe you are referring to the following:
http://bugs.python.org/issue2254
Description:
================================================================================
Requesting cgi script (in example test.py) without / in the beginnig of URL cause return script content/code instead of script execution. It could lead to disclose some secret information eg. password.
AsyncOS does not use that module that is affected by this Python vulnerabilty. The Python source code is not included our OS.
If there were any concerns with the cipher strength that is implemented on your appliance, we would suggest that you have the following set for your 'sslconfig' ciphers:
include medium and high cipher strengths, disable SSLv2 (optional) and disallow anonymous ciphers:
Inbound SMTP method: sslv3tlsv1
Inbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
Outbound SMTP method: sslv3tlsv1
Outbound SMTP ciphers: MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
Hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)