You are here

OpenSSL Vulnerability Fixed in Version 1.0.2m

IDs: 
CVE-2017-3736, CVE-2017-3735
Keywords: 
OpenSSL
Description: 

OpenSSL released a security advisory on November 2, 2017, describing two vulnerabilities fixed in the newest releases [1].

Airlock WAF is not affected

Details:

CVE-2017-3736: Carry propagating bugs in a squaring and multiplication function. The vulnerability is very similar to CVE-2017-3732 and CVE-2015-3193 [2]. Exploiting the vulnerabilities is very difficult in general and even impossible in the context of Airlock WAF.

CVE-2017-3735: One-byte buffer overread vulnerability related to X.509 certificate processing. The criticality for Airlock WAF is negligible.

Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock