KB Article #175950

Validation Authority is Not Vulnerable to Heartbleed (CVE-2014-0160)

Problem

* Customer needs to know the version of OpenSSL used in VA to determine whether it is vulnerable to the Heartbleed OpenSSL attack (CVE-2014-0160).

Resolution

-- VA 4.10.6 is based on OpenSSL 0.9.8, while 4.11.1 & 4.11.2 are based on OpenSSL 1.0.0. Neither version of OpenSSL is affected by CVE-2014-0160 as they do not contain the vulnerable TLS heartbeat extension.

General Information

Published:: 14 April 2014
Last Modified:: 14 April 2014

Affected Products

Validation Authority 4.10.6 - 4.11.2

Affected OS

wince-arm
win-x86-64
win-x86-32
sun-sparc-64
sun-sparc-32
linux-x86-64
linux-x86-32
hpux-parisc-32
ap-x86-64
UNIX
Java ME
...Other

Problem

Resolution

Still need help?