OpenSSL HeartBleed, CVE-2014-0160

Get the latest updates on how F5 mitigates HeartbleedGet the latest updates on how F5 mitigates Heartbleed The Heartbleed attack in OpenSSL 1.0.1 and beyond allows an attacker to get up to 64k of ...

Published Apr 09, 2014

Version 1.0

Historic F5 Account

Joined January 26, 2005

View Profile

Jeff_Costlow_10

Historic F5 Account

Joined January 26, 2005

View Profile

Joel_Moses

Nimbostratus

Apr 11, 2014

It should be noted that although Edge Client is linked to a vulnerable version of OpenSSL, it's nowhere near as risky as use of the same library on a server process which is actively listening all the time. In a client scenario, the listener must actively connect to a malicious server, and in the case of Edge Client, that possibility is remote (unless you're the type of person that blindly configures your VPN client to connect to just any 'ol server hostname that people send you).

The client components will be patched for sure; but don't slow down your mitigation tasks on your servers while hunting and fixing clients that use the vulnerable OpenSSL library...

OpenSSL HeartBleed, CVE-2014-0160

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS