AnsweredAssumed Answered

OpenSSL Vulnerability 8/6/2014

Question asked by alancfung on Aug 20, 2014
Latest reply on Sep 1, 2014 by Ivan Ristić

I have been using Qualys OpenSSL Labs (Qualys SSL Labs - Projects / SSL Server Test) to scan for OpenSSL vulnerabilities.  According to openssl.org, there are 9 new vulnerabilities.

But I think Qualys OpenSSL Labs is stuck on CVE-2014-0224 back in 6/2014.  Does anyone know if and when Qualys SSL Labs will be able to scan for those 9 vulnerabilities.  I only
user the SSL Labs whenver we have new vendors, so purchasing Qualys WAS might not be feastible.

 

Any info/idea/suggestions?

 

 

https://www.openssl.org/news/secadv_20140806.txt

 

CVE-2014-3508
CVE-2014-5139
CVE-2014-3509
CVE-2014-3505
CVE-2014-3506
CVE-2014-3507
CVE-2014-3510
CVE-2014-3511
CVE-2014-3512

Outcomes