04-25-2012 12:38 AM
Hi,
I have a client who is using WAAS devices running WAAS software version 4.4.3.4.
They have identified some vulnerabilities in the current version of openSSL (1.0.0a I think) that is included in that software release.
Do the newer releases have updated openSSL - preferably of a minimum version of 1.0.0g?
I cannot find any information in the release notes for newer release of WAAS software or anywhere else that indicates the version of included openSSL.
Any help would be much appreciated.
Regards
Matthew.
05-03-2012 01:51 AM
A further issue that has been raised is that the version of Apache currently running (1.3) is no longer supported. Do newer versions the WAAS software have updated versions of Apache?
05-08-2012 05:49 AM
Hi Matthew,
For this kind of questions, please, open a TAC case describing the exact vulnerabilities that were detected. We'll then investigate them individually to see if they affect WAAS software or not.
Anyway, please, take into account that all the components inside the WAAS software have been highly customized over time, so the version numbers are not really relevant as most of the code may have changed when compared to the base version.
Regards
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide