Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
general:openssl3 [2022/11/01 18:34] emrgeneral:openssl3 [2022/11/02 12:35] anh
Line 1: Line 1:
-====== Stages and OpenSSL 3.x Vulnerability CVE-2022-3358 ====== +====== Stages and OpenSSL 3.x Vulnerabilities CVE-2022-3602, CVE-2022-3786 ======
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted.</font> +
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>On premise Stages installations are not impacted, unless all of the following conditions apply:</font>+
  
-  - +The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted. 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>OpenSSL 3.0.0 - 3.0.is installed on your operating system. You can check by executing "openssl version" on the command line.</font> + 
-  +On premise Stages installations are not impactedunless the following conditions apply: 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>OpenSSL usage is explicitly enabled by removing the comments around</font>  \\ + 
- <font 11pt/Consolas;;black;;inherit><!– <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> ></font  \\ +  * OpenSSL 3.0.0 - 3.0.is installed on your operating system. You can check by executing "openssl version" on the command line. 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>in …/conf/server.xmlThe default configuration uses the Java SSL implementationwhich is not vulnerable.</font>+  OpenSSL usage is explicitly enabled by configuring an SSL Connector and removing the comments around the following configuration line in …/conf/server.xml. The default configuration uses the Java SSL implementation, which is not vulnerable. 
 + 
 +<code> 
 +<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> --> 
 + 
 +</code
 + 
 +If you are using a reverse proxy in front of Stages (e.g. Apache Server)please also check whether it is configured with one of the affected OpenSSL versions (3.0.0-3.0.6) and if this is the caseinstall the newest version. 
 + 
 +We will update this statement as more information around the vulnerability becomes available.