Heartbleed bug

crcampbel's Avatar

crcampbel

10 Apr, 2014 08:35 PM

Hi HH,

I forwarded on your message to our IT Network team and received the below response.

"I see their comment, “This vulnerability probably won't affect you since you're on Windows.” … but I still don’t understand if that’s 100% true for anyone running Windows, since it is still running tomcat.

The KB they link to in that link you sent me (http://help.hannonhill.com/discussions/general/18142-heartbleed-bug... is the same as your original email from yesterday, I think), says:

To confirm that you are not using the native APR libraries, check your most recent catalina.log file (in tomcat/logs) and look for the following message on start-up:

INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path:{path}

Looking in the latest catalina.log file, I see no reference to the text “APR” … I don’t know if that’s good or bad."

How should we interpret our findings?

Thanks,
Craig

  1. Support Staff 1 Posted by Tim on 10 Apr, 2014 10:35 PM

    Tim's Avatar

    Hi Craig,

    Unless you all specifically installed and configured those native APR libraries, you should be safe. Try using this site to see if your instance is vulnerable:

    http://filippo.io/Heartbleed/

    Let me know if you have any further questions.

    Thanks!

  2. Tim closed this discussion on 02 May, 2014 05:26 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac