[j-nsp] SA SSL VPN vulnerable to Heartbleed?

Dale Shaw dale.shaw+j-nsp at gmail.com
Tue Apr 8 19:51:59 EDT 2014


Hi David,

On Wed, Apr 9, 2014 at 7:51 AM, David B Funk <dbfunk at engineering.uiowa.edu>
wrote:
>
> We have a SA4500 SSL VPN box with the JTAC recommended 7.4R8.0 release.
> Testing by tools such as "https://www.ssllabs.com/ssltest/" shows it to
> be vulnerable to the Heartbleed attack (http://heartbleed/).
>
> Checking software downloads at juniper.net does not even seem to
> have an alert for this problem, let alone a fix.
>
> Does Juniper have a clue about this?
> Is anybody else worried?

Here's the advisory:

http://kb.juniper.net/JSA10623

Cheers,
Dale


More information about the juniper-nsp mailing list