Apache 2.2.x and CVE-2012-2333

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I am questioning if Apache 2.2.22 with OpenSSL 0.9.8t is affected by CVE-2012-2333 (OpenSSL Invalid TLS/DTLS Record Denial of Service Vulnerability)?

You may find the details of the vulnerability here: http://www.openssl.org/news/secadv_20120510.txt

Here, it says that "DTLS applications are affected in all versions of OpenSSL. TLS is only affected in OpenSSL 1.0.1 and later."

I do not have deeper knowledge about protocols but I think as follows: DTLS means TLS for datagram packets so it means http does not use DTLS, right? On the other hand, TLS is affected in OpenSSL 1.0.1 and later which means 0.9.8-related version is not affected, right?

Thus, can I imply that OpenSSL 0.9.8t version used with Apache httpd 2.2.22 is not affected with this vulnerability?

Can anybody comment on this issue? Is Apache 2.2.22 with OpenSSL 0.9.8t afected by CVE-2012-2333?


Thanks & Regards,
Gorkem
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux