The WS_FTP Pro 12.4.1 patch release disables the heartbeat function that exposed the vulnerability in the OpenSSL 1.0.1c version and a later release will provide an update to a version of OpenSSL (1.0.1g or later) that has addressed this issue. This vulnerability affects only the 12.4 version of WS_FTP Pro.
In basic terms, the vulnerability exposes any exchange that uses the OpenSSL 1.0.1 family of protocols to an attack. Security Update on Heartbleed SSL: Heartbleed SSL, the recent vulnerability uncovered in OpenSSL, has affected vendors and companies that rely on this near-ubiquitous open source security protocol. The WS_FTP 12.4.1.1 patch release upgrades OpenSSL to the 1.0.1h version, which removes this vulnerability.Ĭheck your version number to see if you need to upgrade. This vulnerability affects the 12.4 and 12.4.1 versions of the WS_FTP client. In basic terms, the vulnerability exposes an OpenSSL to OpenSSL exchange that uses the OpenSSL 0.9.8, 1.0.0 and 1.0.1 family of protocols to an attack. Security update on SSL/TLS MITM (Man-in-the-middle) vulnerability (CVE-2014-0224): The recent vulnerability uncovered in OpenSSL, has affected vendors and companies that rely on this near-ubiquitous open source security protocol. This version of OpenSSL addresses the SSL/TLS MITM vulnerability (CVE-2014-0224), along with other security fixes mentioned here. 12.5.x Release Notes Security Update: 12.5.x
0 kommentar(er)
