You are here

OpenSSL Vulnerabilities Fixed in Version 1.0.2r

IDs: 
CVE-2019-1559
Keywords: 
padding oracle
Description: 

OpenSSL released version 1.0.2r which fixes one vulnerability [1]

No action required for Airlock WAF

Details

  • CVE-2019-1559: 0-byte record padding oracle. Apache HTTP Server (mod_ssl) might be affected according to our analysis. Nevertheless, the risk for Airlock WAF is negligible, because the default configuration of Airlock WAF prioritizes GCM cipher suites over CBC ciphers suites, which are not affected. Further, Airlock WAF on modern hardware is not affected since AES-NI and only stitched cipher suites [2] are used, which prevents exploitation of this vulnerability.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock