04-25-2012 12:38 AM
Hi,
I have a client who is using WAAS devices running WAAS software version 4.4.3.4.
They have identified some vulnerabilities in the current version of openSSL (1.0.0a I think) that is included in that software release.
Do the newer releases have updated openSSL - preferably of a minimum version of 1.0.0g?
I cannot find any information in the release notes for newer release of WAAS software or anywhere else that indicates the version of included openSSL.
Any help would be much appreciated.
Regards
Matthew.
05-03-2012 01:51 AM
A further issue that has been raised is that the version of Apache currently running (1.3) is no longer supported. Do newer versions the WAAS software have updated versions of Apache?
05-08-2012 05:49 AM
Hi Matthew,
For this kind of questions, please, open a TAC case describing the exact vulnerabilities that were detected. We'll then investigate them individually to see if they affect WAAS software or not.
Anyway, please, take into account that all the components inside the WAAS software have been highly customized over time, so the version numbers are not really relevant as most of the code may have changed when compared to the base version.
Regards
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: