Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by zenweb | 16 April 2021
ZEVENET is a smart company focused on the Application Delivery Controller market and really obsessed with the security in the delivery, for that reason we really know that today the…
11 LikesComments Off on ZEVENET Multi-Layered Security Overview in the Edge
Posted by zenweb | 23 March 2021
The world of the internet is full of people waiting to breach into your system. They want to get a grasp of your personal information and exploit it. This might…
25 LikesComments Off on Importance of Cybersecurity for Businesses
Posted by zenweb | 18 March 2021
Even though it has been only a few months since the already famous attack on the SolarWinds supply chain, again we have to write about another hacking issue, this time…
18 LikesComments Off on Mitigation for Exchange Servers Hafnium Zero-day vulnerabilities