[j-nsp] SA SSL VPN vulnerable to Heartbleed?
Andy Litzinger
Andy.Litzinger at theplatform.com
Tue Apr 8 18:02:21 EDT 2014
I opened a JTAC case for the same issue. JTAC said their security team is
aware of the CVE and they are waiting for fix/recommendation.
-andy
On 4/8/14 2:51 PM, "David B Funk" <dbfunk at engineering.uiowa.edu> wrote:
>We have a SA4500 SSL VPN box with the JTAC recommended 7.4R8.0 release.
>Testing by tools such as "https://www.ssllabs.com/ssltest/" shows it to
>be vulnerable to the Heartbleed attack (http://heartbleed/).
>
>Checking software downloads at juniper.net does not even seem to
>have an alert for this problem, let alone a fix.
>
>Does Juniper have a clue about this?
>Is anybody else worried?
>
>--
>Dave Funk University of Iowa
><dbfunk (at) engineering.uiowa.edu> College of Engineering
>319/335-5751 FAX: 319/384-0549 1256 Seamans Center
>Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
>#include <std_disclaimer.h>
>Better is not better, 'standard' is better. B{
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list