Both sides previous revisionPrevious revisionNext revision | Previous revision |
general:openssl3 [2022/11/01 18:34] – emr | general:openssl3 [2024/02/15 00:00] (current) – external edit 127.0.0.1 |
---|
====== Stages and OpenSSL 3.x Vulnerability CVE-2022-3358 ====== | ====== Stages and OpenSSL 3.x Vulnerabilities CVE-2022-3602, CVE-2022-3786 ====== |
<font 11pt/Calibri,sans-serif;;inherit;;inherit>The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted.</font> | |
<font 11pt/Calibri,sans-serif;;inherit;;inherit>On premise Stages installations are not impacted, unless all of the following conditions apply:</font> | |
| |
- | The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted. |
<font 11pt/Calibri,sans-serif;;inherit;;inherit>OpenSSL 3.0.0 - 3.0.5 is installed on your operating system. You can check by executing "openssl version" on the command line.</font> | |
- | On premise Stages installations are not impacted, unless the following conditions apply: |
<font 11pt/Calibri,sans-serif;;inherit;;inherit>OpenSSL usage is explicitly enabled by removing the comments around</font> \\ | |
<font 11pt/Consolas;;black;;inherit><!– <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> –></font> \\ | * OpenSSL 3.0.0 - 3.0.6 is installed on your operating system. You can check by executing "openssl version" on the command line. |
<font 11pt/Calibri,sans-serif;;inherit;;inherit>in …/conf/server.xml. The default configuration uses the Java SSL implementation, which is not vulnerable.</font> | * OpenSSL usage is explicitly enabled by configuring an SSL Connector and removing the comments around the following configuration line in …/conf/server.xml. The default configuration uses the Java SSL implementation, which is not vulnerable. |
| |
| <code> |
| <!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> --> |
| |
| </code> |
| |
| If you are using a reverse proxy in front of Stages (e.g. Apache Server), please also check whether it is configured with one of the affected OpenSSL versions (3.0.0-3.0.6) and if this is the case, install the newest version. |
| |
| |