WebNMS Developer Forums
Click on Join Now to Sign Up
OpenSSL HeartBleed Bug
1. Default Tomcat/JRE, bundled with WebNMS are NOT vulnerable to this bug.
2. Hence WebNMS 5.0 / 5.0SP1 / 5.2 / 5.2SP1 (& EMS/NMS applications over 5.x) are not affected
3. If you had used OpenSSL 1.0.1 - 1.0.1f for your SSL communication in 4.7.x WebNMS, then your service is affected.
4. If you had been using Tomcat's APR implementation (chances are very remote), then your EMS/NMS application is vulnerable to this bug.
Hope you are aware of the Heart bleed bug.
due to the following reasons:
Who is mainly affected?
If your EMS/NMS application is using Apache which uses OpenSSL (1.0.1-1.0.1f) for SSL communication, you have a chance to get affected.
OpenSSL 1.0.1g/1.0.0x/0.9.8x branches are NOT vulnerable
How to know whether my EMS/NMS application is affected?
Enter your URL (should be available to public) at this website to know whether your service is vulnerable.
How can OpenSSL be fixed?
Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.
Can I detect if someone has exploited this against me?
Exploitation of this bug leaves no traces of anything abnormal happening to the logs.
Where I can get more details about this bug.
Please read the single-page website - http://heartbleed.com