You are here

OpenSSL Vulnerabilities Fixed in Version 1.0.1s

CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0701. CVE-2015-3197
OpenSSL, SSLv2, SSLv3, CacheBleed, Drown Attack

On March 1, 2016, OpenSSL announced the discovery of 10 vulnerabilities [2].

Airlock WAF and all applications protected by Airlock WAF are not affected.


  • CVE-2016-0800, CVE-2015-3197: SSLv2 can not be used with Airlock WAF.
  • CVE-2016-0705: DSA private keys can not be used in Airlock WAF.
  • CVE-2016-0798: The Secure Remote Password protocol (SRP) is not used in Airlock WAF.
  • CVE-2016-0797: Airlock WAF does not use the vulnerable OpenSSL function.
  • CVE-2016-0799: Airlock WAF is not affected because the vulnerable function (BIO_printf) is only used for OCSP in Apache httpd which is not supported prior to Airlock WAF 6.0.
  • CVE-2016-0702: A.k.a CacheBleed attack. Airlock WAF is not affected because it is not a general purpose multi user system.
  • CVE-2016-0704, CVE-2016-0703, CVE-2016-0701: Airlock WAF is not affected because this vulnerability is already fixed in OpenSSL 1.0.1q (HF0008).

no action is required.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required