OpenSSL DoS Flaw

OpenSSL DoS Flaw

A new vulnerability in OpenSSL libraries has been discovered

A new critical security issue was found in OpenSSL which affect versions 1.0.1 and 1.0.2. More about it can be found here.

If you are deploying IntraWeb applications as Services or Stand Alone servers and you are using HTTPS/SSL, you must update your OpenSSL libraries (see vulnerable versions below). Of course, this is not needed if you are deploying as ISAPI or ASPX Library.

We already updated our links and they point to newer OpenSSL libraries, which fix this vulnerability. You can download new OpenSSL libraries here. Another 12 other security issues were fixed in versions 1.0.2i and 1.0.1u. Not all OpenSSL versions are vulnerable:

  • Servers using OpenSSL versions prior to 1.0.1g are not vulnerable in defaultconfiguration

However it is recommended that:

  • OpenSSL 1.0.2 users should upgrade to 1.0.2i
  • OpenSSL 1.0.1 users should upgrade to 1.0.1u