Dear Zen Master,
Yesterday 3rd of May, it was released a set of OpenSSL vulnerabilities (2 of them with high severity) where a Man In The Middle attack could decrypt traffic when the SSL connection uses certain ciphers. More information here.
In detail, the vulnerabilities released and checked for Zen Load Balancer Editions are:
- Memory corruption in the ASN.1 encoder (CVE-2016-2108) – Severity High
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107) – Severity High
- EVP_EncodeUpdate overflow (CVE-2016-2105) – Severity Low
- EVP_EncryptUpdate overflow (CVE-2016-2106) – Severity Low
- ASN.1 BIO excessive memory allocation (CVE-2016-2109) – Severity Low
- EBCDIC overread (CVE-2016-2176) – Severity Low
Zen Load Balancer Enterprise & Community Editions needs the OpenSSL updates that we provide with any of our Support Plans. Please contact with us for any doubt.
Enjoy a secured Load Balancing!
Related Blogs
Posted by reluser | 08 May 2024
The distinction between penetration testing and vulnerability scanning is often blurred. However, understanding their nuanced disparities is crucial for organizations to tailor their security strategies effectively. While both methodologies contribute…
24 LikesComments Off on Key differences between Pen Testing & Vulnerability Scanning
Posted by reluser | 26 March 2024
We are thrilled to announce the release of RELIANOID 7.2.0 (Community Edition), a significant update that introduces new features, improvements, and bugfixes to enhance your load balancing experience. This release,…
59 LikesComments Off on Open Source Load Balancer RELIANOID CE v7.2.0 is released!
Posted by reluser | 22 March 2024
Load balancing is crucial for building reliable distributed systems, optimizing workload allocation across various computing resources like computers, clusters, and network links. Its aim is to enhance resource utilization, maximize…
68 LikesComments Off on Deep dive into Network Load Balancing and Proxying