A denial of service flaw was found in the way the SSL/TLS protocol handels ALERT packets during an SSL handshake.
Airlock WAF is not affected.
Details:
A flaw was found in the way OpenSSL processed ALERT packets during an SSL handshake. An attacker basically sends a large number of plaintext WARNING packets after CLIENTHELLO, which causes OpenSSL to go into an endless loop, consequently taking 100% CPU. This may cause certain applications compiled against OpenSSL to hang and may not be able to serve content to the clients. [1]
Airlock WAF is not affected, because Apache httpd allocates an extra thread for processing ClientHello messages which prevents this DoS vulnerability. The same applies for stunnel in the SSL VPN module.
no action required.