You are here

OpenSSL Vulnerability related to OpenSSL Security Advisory 29 October 2018

Keywords: 
OpenSSL, ECDSA
Description: 

OpenSSL released a security advisory on October 29, 2018 describing the vulnerability CVE-2018-0735 [1].

Airlock WAF is not affected

The vulnerability affects the ECDSA signature algorithm and has a low severity according to OpenSSL (OpenSSL did not even publish a new release at the time of the security advisory). Airlock WAF is not affected because this algorithm is only used with ECC/ECDSA certificates. Airlock WAF only supports RSA certificates in the configuration center and is therefore not affected by default. Even if an ECC certificate is configured using Apache Expert settings a successful attack is very unlikely.

Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock