J
Jean Richert
Guest
On Monday, April 7, 2014, a new "Heartbleed" vulnerability (CVE-2014-0160) was publicized. This vulnerability involves the SSL (encrypted) connection between web clients and their web server pages. Under certain circumstances, web communication(s) between clients and their web server pages could be read, intercepted, hijacked, or otherwise falsely manipulated by unauthorized users. Progress immediately implemented a system-wide assessment of components potentially affected by the "Heartbleed" vulnerability, and developed appropriate response and remediation plans: All 3 rd party web services the Progress Pacific platform use were updated as of April 9, 2014, mitigating the vulnerability. Further, we have re-issued our SSL web encryption certificates to further mitigate risk. Please note that, after diligent operational review of our real-time logs and monitors, we do not believe any SSL keys or certificates were compromised at this time. Progress RollBase web servers were updated as of April 9, 2014, mitigating the vulnerability. At this time we believe no other customer-facing Progress utilities are susceptible to the vulnerability. Progress understand that a secure user experience is top of mind for its customers and partners. If you have specific questions, please contact Progress Support or call your Regional Technical Support Manager at the number listed on our Escalate a Case page. Additional background materials concerning the Heartbleed (CVE-2014-0160) vulnerability can be found here: http://heartbleed.com/ https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160
Continue reading...
Continue reading...