You are here
OpenSSL Vulnerability related to OpenSSL Security Advisory 29 October 2018
Submitted on 29. October 2018 - 18:08 by rischi.
Last update on 30. October 2018 - 9:42.
Last update on 30. October 2018 - 9:42.
Keywords:
OpenSSL, ECDSA
Description:
OpenSSL released a security advisory on October 29, 2018 describing the vulnerability CVE-2018-0735 [1].
Airlock WAF is not affected
The vulnerability affects the ECDSA signature algorithm and has a low severity according to OpenSSL (OpenSSL did not even publish a new release at the time of the security advisory). Airlock WAF is not affected because this algorithm is only used with ECC/ECDSA certificates. Airlock WAF only supports RSA certificates in the configuration center and is therefore not affected by default. Even if an ECC certificate is configured using Apache Expert settings a successful attack is very unlikely.
Resolution:
No action required.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock
Reference: