Hello,
I'm doing a Security scan and there is an OpenSSL Vulnerability and I'm being prompted to upgrade to version 1.0.2k.
I came across the following for another vulnerability:
https://pioneear.wordpress.com/2014/05/01/windows-apache-wamp-or-xampp-openssl-update-to-fix-hearbleed-bug/
This talks about copying these files:
bin\libeay32.dll
bin\ssleay32.dll
bin\openssl.exe
Any suggestions on where I can source these files?
Regards,
David
Upgrade OpenSSL
7 posts
• Page 1 of 1
Upgrade OpenSSL
by daithi_dearg » 19. April 2017 10:53
- daithi_dearg
- Posts: 4
- Joined: 18. April 2017 18:14
- XAMPP version: 7.1.1
- Operating System: Windows 7
Re: Upgrade OpenSSL
by gsmith » 22. April 2017 17:44
It depends on a few factors one of which is what version are you using now.
- gsmith
- Posts: 278
- Joined: 29. November 2013 18:04
- Location: San Diego
- XAMPP version: 0.0.0
- Operating System: Win 10/2012R VS 14,15,16
Re: Upgrade OpenSSL
by daithi_dearg » 25. April 2017 10:43
I'll also add that it might be worth patching this to 1.1.0 as there is also a Medium Vulnerability against this also.
- daithi_dearg
- Posts: 4
- Joined: 18. April 2017 18:14
- XAMPP version: 7.1.1
- Operating System: Windows 7
Re: Upgrade OpenSSL
by Altrea » 25. April 2017 11:30
Medium Vulnerability in which context?
A local test and development environment can have multiple software security vulnerabilities without ever being attackable or insecure.
If you want to always get best scores in so named vulnerability scanners than xampp is the wrong product for you. XAMPP does not provide single component upgrases.
A local test and development environment can have multiple software security vulnerabilities without ever being attackable or insecure.
If you want to always get best scores in so named vulnerability scanners than xampp is the wrong product for you. XAMPP does not provide single component upgrases.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!
It's like porn for programmers
It's like porn for programmers
-
Altrea - AF Moderator
- Posts: 11935
- Joined: 17. August 2009 13:05
- XAMPP version: several
- Operating System: Windows 11 Pro x64
Re: Upgrade OpenSSL
by daithi_dearg » 25. April 2017 11:37
We have a tool Nessus that runs and rates vulnerabilities as Critical, High, Medium etc.
Looking at this another way is there a way we can lock down ports so that these can't be scanned?
Looking at this another way is there a way we can lock down ports so that these can't be scanned?
- daithi_dearg
- Posts: 4
- Joined: 18. April 2017 18:14
- XAMPP version: 7.1.1
- Operating System: Windows 7
Re: Upgrade OpenSSL
by Altrea » 25. April 2017 17:34
Sure, thats what a firewall is for.
Or you can disable ssl if you don't use it
Or you can unplug your network cable,
Or you ask your IT expert what you should do to secure this up.
Or you can disable ssl if you don't use it
Or you can unplug your network cable,
Or you ask your IT expert what you should do to secure this up.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!
It's like porn for programmers
It's like porn for programmers
-
Altrea - AF Moderator
- Posts: 11935
- Joined: 17. August 2009 13:05
- XAMPP version: several
- Operating System: Windows 11 Pro x64
7 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 50 guests