Customer Communication
10th April 2014
In relation to recent media publicity regarding Open SSL 'Heartbleed' vulnerabilities discovered, Integritie would like to communicate the below statement to all our Customers. This vulnerability does not affect components used in our systems.
Knowledge Capture Online
Content: Heartbleed Vulnerability
This vulnerability does NOT affect the SSL that is used by KCOL and IBM WebSphere Application Servers in all editions and all platforms. The IBM Java JSSE does not use OpenSSL.
This vulnerability does NOT affect the IBM HTTP Server component in all editions and all platforms. The GSKit component of IBM HTTP Server does not use OpenSSL SSL code.
On Apache HTTP Server, the SSL functionality is achieved using the module "mod_ssl" which is part of Open SSL. KCOL does not use "mod_ssl" for SSL, but rather ships it's own Gskit implementation which interfaces with a module named "mod_ibm_ssl".
Remediation: No action required.
SMC4
Content: Heartbleed Vulnerability
SMC4 Does build open OpenSSL, however this vulnerability does NOT affect the versions in use on our Servers. OpenSSL snippet "OpenSSL 0.9.8 branch is NOT vulnerable".
Remediation: No action required.
Click Here to download the press release.
Additional Information: Click Here