You are here

OpenSSL Vulnerability Fixed in Version 1.0.2o

Keywords: 
OpenSSL, ASN.1
Description: 

OpenSSL released a security advisory on March 27, 2018, describing three vulnerabilities fixed in the newest releases [1].

Airlock WAF is not affected

Details:

  • CVE-2018-0739: Vulnerability related to ASN.1 types with recursive definitions. Airlock WAF is not affected because no such structures are used within SSL/TLS that come from untrusted sources.
  • CVE-2018-0733: This vulnerability only affects OpenSSL version 1.1.0 which is not used by Airlock WAF.
  • CVE-2017-3738: This vulnerability is already fixed in OpenSSL version 1.0.2n and not relevant for Airlock WAF. Details see [2].
Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock