OpenSSL Vulnerabilities Fixed in Version 1.0.2r

Submitted on 26. February 2019 - 16:33 by rischi.
Last update on 14. June 2019 - 16:30.

IDs:

CVE-2019-1559

Keywords:

padding oracle

Description:

OpenSSL released version 1.0.2r which fixes one vulnerability [1]

No action required for Airlock WAF

Details:
CVE-2019-1559: 0-byte record padding oracle. Apache HTTP Server (mod_ssl) might be affected according to our analysis. Nevertheless, the risk for Airlock WAF is negligible, because the default configuration of Airlock WAF prioritizes GCM cipher suites over CBC ciphers suites, which are not affected. Further, Airlock WAF on modern hardware is not affected since AES-NI and only stitched cipher suites [2] are used, which prevents exploitation of this vulnerability.

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Does not affect back-end behind Airlock

Reference:

[1] OpenSSL Security Advisory [26 February 2019]

[2] TLS Padding Oracles

Main menu

Navigation

User menu

You are here

OpenSSL Vulnerabilities Fixed in Version 1.0.2r

Main menu

Search form

Navigation

User menu

You are here

OpenSSL Vulnerabilities Fixed in Version 1.0.2r