IBM WebSphere Application Server and IBM HTTP Server Not Vulnerable to June 5th OpenSSL vulnerabilities
Abstract
IBM WebSphere Application Server and IBM HTTP Server are not vulnerable to the OpenSSL vulnerabilities noted on June 5, 2014 (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470)
Content
These vulnerabilities do NOT affect the SSL that is used by IBM WebSphere Application Server in all editions and all platforms. The IBM Java JSSE does not use OpenSSL.
This vulnerability does NOT affect the IBM HTTP Server component in all version, editions and platforms. The GSKit component of IBM HTTP Server does not use OpenSSL SSL code.
Remediation: No action required.
Change History: 06 June 2014: original document published
IBM WebSphere Application Server and IBM HTTP Server are not vulnerable to the OpenSSL vulnerabilities noted on June 5, 2014 (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470)
Content
These vulnerabilities do NOT affect the SSL that is used by IBM WebSphere Application Server in all editions and all platforms. The IBM Java JSSE does not use OpenSSL.
This vulnerability does NOT affect the IBM HTTP Server component in all version, editions and platforms. The GSKit component of IBM HTTP Server does not use OpenSSL SSL code.
Remediation: No action required.
Change History: 06 June 2014: original document published
With thanks to my IBM colleague Jonathan Marshall for sharing via Twitter.
No comments:
Post a Comment