KB Article #175944

Heartbleed Vulnerabiltiy and Gateway Interchange

Heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
 
Heartbleed has 2 CVE identifiers: CVE-2014-0160 and CVE-2014-0346.  The second CVE is deprecated and CVE-2014-0160 should be considered the canonical CVE.

Is Gateway Interchange/CSOS/ePedigree/Activator vulnerable to Heartbleed?

Gateway Interchange is not vulnerable to the Heartbleed bug as it does not incorporate OpenSSL.  Interchange does include portions of the OpenSSL toolkit, but does not include the actual OpenSSL protocol implementation, and therefore does not contain the Heartbleed bug. 

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.