You are here
OpenSSL Vulnerability Fixed in Version 1.0.2k
Submitted on 27. January 2017 - 10:44 by rischi.
Last update on 10. March 2017 - 17:17.
Last update on 10. March 2017 - 17:17.
IDs:
CVE-2017-3731, CVE-2017-3730, CVE-2017-3732, CVE-2016-7055
Keywords:
OpenSSL
Description:
OpenSSL released a security advisory on January 26, 2017, describing four vulnerabilities fixed in the newest releases [1].
Airlock WAF is not affected
Details:
CVE-2017-3732/CVE-2016-7055: These vulnerabilities describe carry propagating bugs in a squaring and multiplication function. Exploiting the vulnerabilities is very difficult in general and even impossible in the context of Airlock WAF.
CVE-2017-3731: Affects only 32-bit systems. Airlock WAF runs on a 64-bit system.
CVE-2017-3730: Affects only OpenSSL 1.1.0 clients. Airlock WAF is using OpenSSL 1.0.2 and only the server part of OpenSSL is exposed to attackers.
Resolution:
No action required.
Component:
Airlock
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock
Reference: