WSO2 Information for VU#720951

OpenSSL TLS heartbeat extension read overflow discloses sensitive information

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

On April 7th, a Security Advisory was issued by the OpenSSL project notifying the public of a serious vulnerability in the encryption software used by a majority of websites on the Internet.

http://connect.wso2.com/wso2/c/secadv_20140407.txt?_lid=62396&_cid=77097&_t=859269

We want you to know that our servers were not exposed and your WSO2 account is completely safe. Nevertheless, to ensure there is no additional risk, we strongly encourage you to request a new password.
http://connect.wso2.com/wso2/c/password?_lid=62397&_cid=77097&_t=859269

If you have any questions or concerns, please email security@wso2.com.

For additional information regarding this vulnerability, please visit:
http://connect.wso2.com/wso2/c/heartbleed.com?_lid=62398&_cid=77097&_t=859269

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.