Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1851
Views
0
Helpful
2
Replies

WAAS openSSL vulnerabilities

matthew.nicole
Level 1
Level 1

‎04-25-2012 12:38 AM

Hi,

I have a client who is using WAAS devices running WAAS software version 4.4.3.4.

They have identified some vulnerabilities in the current version of openSSL (1.0.0a I think) that is included in that software release.

Do the newer releases have updated openSSL - preferably of a minimum version of 1.0.0g?

I cannot find any information in the release notes for newer release of WAAS software or anywhere else that indicates the version of included openSSL.

Any help would be much appreciated.

Regards

Matthew.

0 Helpful
2 Replies 2

matthew.nicole
Level 1
Level 1

‎05-03-2012 01:51 AM

A further issue that has been raised is that the version of Apache currently running (1.3) is no longer supported. Do newer versions the WAAS software have updated versions of Apache?

0 Helpful

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee
In response to matthew.nicole

‎05-08-2012 05:49 AM

Hi Matthew,

For this kind of questions, please, open a TAC case describing the exact vulnerabilities that were detected. We'll then investigate them individually to see if they affect WAAS software or not.

Anyway, please, take into account that all the components inside the WAAS software have been highly customized over time, so the version numbers are not really relevant as most of the code may have changed when compared to the base version.

Regards

Daniel

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card