[j-nsp] SA SSL VPN vulnerable to Heartbleed?
David B Funk
dbfunk at engineering.uiowa.edu
Tue Apr 8 17:51:48 EDT 2014
We have a SA4500 SSL VPN box with the JTAC recommended 7.4R8.0 release.
Testing by tools such as "https://www.ssllabs.com/ssltest/" shows it to
be vulnerable to the Heartbleed attack (http://heartbleed/).
Checking software downloads at juniper.net does not even seem to
have an alert for this problem, let alone a fix.
Does Juniper have a clue about this?
Is anybody else worried?
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
More information about the juniper-nsp
mailing list