The last Serv-U release notes which mention OpenSSL were from version 126.96.36.199 indicating OpenSSL 0.9.8x.
Does Serv-U version 15.x still use OpenSSL 0.9.8x or has that been updated?
I'm concerned if our Serv-U installation is affected by CVE-2014-0160, HeartBleed OpenSSL vulnerability, which is a nasty one. OpenSSL versions 1.0.1 through 1.0.1f (inclusive) are vulnerable.
Just confirmed in my own environment that the latest version of Serv-U 15.0.1 does currently use an OpenSSL 0.9.8.24. You can confirm this in your Serv-U installation directory. Specifically the two file versions to check are:
Hence Serv-U is not currently effected by this HeartBleed bug mentioned here http://heartbleed.com/
I just check ours with those two files and found out we're using 1.0.1e.
I run to another site “https://lastpass.com/heartbleed" to test vulnerability for our site and it came out as NOT VULNERABLE.
What other steps can I verify that or system is not affected by this bug?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.