You are here

OpenSSL Vulnerabilities Fixed in Version 1.0.2q

IDs: 
CVE-2018-5407, CVE-2018-0734
Keywords: 
ECC, DSA
Description: 

OpenSSL 1.0.2q fixes two vulnerabilities [1]

Airlock WAF is not affected

Details

  • CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication. The criticality for Airlock WAF is negligible because of the difficulty to mount the timing side channel in realistic deployment scenarios for Airlock WAF.
  • CVE-2018-0734: see [2]
Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock