AnsweredAssumed Answered

Heartbleed False Positives on Windows Servers?

Question asked by kelkin on Apr 14, 2014
Latest reply on Jul 12, 2017 by Jose Garduño

I performed the custom scan as documented on Qualys' website and quite a few servers came back as testing positive for the Heartbleed vulnerability, the results section simply stating "TLSv1". These are servers that do not have any third party software or applications installed, just IIS. According to Microsoft, their servers do NOT utilize OpenSSL and are not vulnerable to Heartbleed. Why is Qualys giving me positives on servers that do not contain OpenSSL?  I contacted support about this but so far I have not been provided with any answers.

 

-Keith

Outcomes