1 2 3 Previous Next 65 Replies Latest reply on Apr 22, 2014 12:32 AM by stembot

    ePO - OpenSSL versions (CVE-2014-0160)


      Hi All,


      can anyone confirm if accessing this file on ePO (4.6.4 here) Is a good way to see easily what version of openSSL you have?


      C:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\OPENSSL-README.txt


      ePo 4.6.4 shows the OpenSSL readme and talking about version 1.0.0.d which is not vulnerable, which also matches what i see from various scanning tools that have appeared.


      As always if in doubt shut down your agent handler in the DMZ for time being.... Thats what we did the last time there was an issue like this that could be remotely expolited.




        1 2 3 Previous Next