IBM Support

IBM WebSphere Application Server and IBM HTTP Server CVE-2014-0160

Flashes (Alerts)


Abstract

IBM WebSphere Application Server and IBM HTTP Server are not vulnerable to CVE-2014-0160 Heartbleed vulnerability

Content

CVE-2014-0160 - Heartbleed Vulnerability

This vulnerability does NOT affect the SSL that is used by IBM WebSphere Application Server in all editions and all platforms. The IBM Java JSSE does not use OpenSSL.

This vulnerability does NOT affect the IBM HTTP Server component in all version, editions and platforms. The GSKit component of IBM HTTP Server does not use OpenSSL SSL code.

Remediation: No action required.

Change History: 09 April 2014: original document published

10 April 2014: clarified no versions affected

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CdDIAA0","label":"JVM Miscellaneous Issues->Other"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"8.5.5;9.0.0;9.0.5","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
01 June 2020

UID

swg21669774