You are here
OpenSSL Vulnerability related to OpenSSL Security Advisory 30 October 2018
Submitted on 31. October 2018 - 8:55 by rischi.
Last update on 31. October 2018 - 10:39.
Last update on 31. October 2018 - 10:39.
Keywords:
OpenSSL, DSA
Description:
OpenSSL released a security advisory on October 30, 2018 describing the vulnerability CVE-2018-0734 [1].
Airlock WAF is not affected
The vulnerability affects the DSA signature algorithm and has a low severity according to OpenSSL (OpenSSL did not even publish a new release at the time of the security advisory). Airlock WAF is not affected because this algorithm is only used with DSA certificates. Airlock WAF only supports RSA certificates in the configuration center and is therefore not affected by default. Even if a DSA certificate is configured using Apache Expert settings a successful attack is very unlikely.
Resolution:
No action required.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock
Reference: