You are here

OpenSSL Vulnerability Fixed in Version 1.0.2k

IDs: 
CVE-2017-3731, CVE-2017-3730, CVE-2017-3732, CVE-2016-7055
Keywords: 
OpenSSL
Description: 

OpenSSL released a security advisory on January 26, 2017, describing four vulnerabilities fixed in the newest releases [1].

Airlock WAF is not affected

Details:

CVE-2017-3732/CVE-2016-7055: These vulnerabilities describe carry propagating bugs in a squaring and multiplication function. Exploiting the vulnerabilities is very difficult in general and even impossible in the context of Airlock WAF.

CVE-2017-3731: Affects only 32-bit systems. Airlock WAF runs on a 64-bit system.

CVE-2017-3730: Affects only OpenSSL 1.1.0 clients. Airlock WAF is using OpenSSL 1.0.2 and only the server part of OpenSSL is exposed to attackers.

Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock