BugZero | Palo Alto Networks BugID PAN-159536 - Fixed an issue where, when the CLI command oscp-ex...

Palo Alto Networks - Defect ID: PAN-159536

Fixed an issue where, when the CLI command oscp-exclude-nonce-yes was enabled for a certificate profile, a nonce value was still included in the Online Certificate Status Protocol (OCSP) request.

Palo Alto Networks - Defect ID: PAN-159536

Fixed an issue where, when the CLI command oscp-exclude-nonce-yes was enabled for a certificate profile, a nonce value was still included in the Online Certificate Status Protocol (OCSP) request.

Last updated on Invalid date

BugZero Risk Score
6.3 Medium

Overall: 6.3

Severity: 6.4

Community: 3.7

Lifecycle: 10.0

What is the BugZero Risk Score?

Palo Alto Networks Integration

Learn more about where this data comes from

Palo Alto Networks Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 1

Description

The earliest recollection of this bug is traced back to PAN-OS 9.1.11 - July 22, 2025. This bug is fixed in PAN-OS versions 9.1.11. Fixed an issue where, when the CLI command oscp-exclude-nonce-yes was enabled for a certificate profile, a nonce value was still included in the Online Certificate Status Protocol (OCSP) request. For more information: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-11-addressed-issues

Change history

No changes to display

Top Palo Alto Networks Defects

6.6Defect ID: PAN-263226
Fixed an issue where, when SSL decryption was enabled and Client Hello messages spanned multiple TCP segments, some SSL decrypted sessions failed.
6.6Defect ID: PAN-270549
Fixed an issue where some TLS connections were not handled correctly, which led to instability in the dataplane.
6.6Defect ID: PAN-251035
Fixed an issue where selective push operations did not push certificate changes to the firewall.
6.5Defect ID: PAN-251895
Fixed an issue where enabling inline Cloud Analysis features caused a slow packet buffer leak, which resulted in performance issues and dropped traffic.
6.5Defect ID: PAN-259769
GlobalProtect portal is not accessible via a web browser and the app displays the error ERR_EMPTY_RESPONSE .

Ready to prevent the next vendor outage?

Get a demo

Palo Alto Networks - Defect ID: PAN-159536

Fixed an issue where, when the CLI command oscp-exclude-nonce-yes was enabled for a certificate profile, a nonce value was still included in the Online Certificate Status Protocol (OCSP) request.

Palo Alto Networks - Defect ID: PAN-159536

Fixed an issue where, when the CLI command oscp-exclude-nonce-yes was enabled for a certificate profile, a nonce value was still included in the Online Certificate Status Protocol (OCSP) request.

Last updated on Invalid date

BugZero Risk Score6.3 Medium

Bug Details

Links

Top Palo Alto Networks Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.3 Medium