cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1647
Views
0
Helpful
2
Replies

WAAS openSSL vulnerabilities

matthew.nicole
Level 1
Level 1

Hi,

I have a client who is using WAAS devices running WAAS software version 4.4.3.4.

They have identified some vulnerabilities in the current version of openSSL (1.0.0a I think) that is included in that software release.

Do the newer releases have updated openSSL - preferably of a minimum version of 1.0.0g?

I cannot find any information in the release notes for newer release of WAAS software or anywhere else that indicates the version of included openSSL.

Any help would be much appreciated.

Regards

Matthew.

2 Replies 2

matthew.nicole
Level 1
Level 1

A further issue that has been raised is that the version of Apache currently running (1.3) is no longer supported. Do newer versions the WAAS software have updated versions of Apache?

Hi Matthew,

For this kind of questions, please, open a TAC case describing the exact vulnerabilities that were detected. We'll then investigate them individually to see if they affect WAAS software or not.

Anyway, please, take into account that all the components inside the WAAS software have been highly customized over time, so the version numbers are not really relevant as most of the code may have changed when compared to the base version.

Regards

Daniel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: