Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 01 September 2022
Load balancing is common in the computing world. It came about due to users wanting content quickly. This meant that high‑traffic websites that get millions of user requests had to…
106 LikesComments Off on How load balancing works
Posted by zenweb | 30 August 2022
Healthcare is highly vulnerable to security threats, just like any other industry. Nowadays, cyberattacks in healthcare are very common leading to a lot of risks, specifically security risks to be…
117 LikesComments Off on The Importance of Cybersecurity Frameworks in Healthcare
Posted by zenweb | 02 August 2022
7 Reasons ZEVENET is the best Load Balancing software in 2022 Load balancing solution is no longer what it used to be in the past. As technology improves, threats also…
145 LikesComments Off on 7 Reasons ZEVENET is the best Load Balancing software in 2022