Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 01 February 2019
Zevenet is proud to announce the new Support Plans available in order to simplify your options and to know better which support level fits better with your requirements. In addition,…
4 LikesComments Off on New Subscription Plan launched
Posted by zenweb | 29 January 2019
The Zevenet Team is proud to announce the development Roadmap 2019 including new load balancing cores for application delivery, further cyber security features and improved user experience. During the year…
4 LikesComments Off on Zevenet Development Roadmap 2019
Posted by zenweb | 22 January 2019
A load balancer is an important piece in any IT infrastructure as it manages a big part of the traffic to the corporate applications, so a good monitoring of what…
6 LikesComments Off on Integrating Zevenet in your SIEM