tag:help-archives.hannonhill.com,2010-02-09:/discussions/general/18159-heartbleed-bugCascade CMS: Discussion 2014-05-02T17:26:39Ztag:help-archives.hannonhill.com,2010-02-09:Comment/325086122014-04-10T20:35:08Z2014-04-10T20:35:08ZHeartbleed bug<div><p>Hi HH,</p>
<p>I forwarded on your message to our IT Network team and received
the below response.</p>
<p>"I see their comment, “This vulnerability probably won't
affect you since you're on Windows.” … but I still
don’t understand if that’s 100% true for anyone running
Windows, since it is still running tomcat.</p>
<p>The KB they link to in that link you sent me (<a href=
"http://help.hannonhill.com/discussions/general/18142-heartbleed-bug)(which">http://help.hannonhill.com/discussions/general/18142-heartbleed-bug...</a>
is the same as your original email from yesterday, I think),
says:</p>
<p>To confirm that you are not using the native APR libraries,
check your most recent catalina.log file (in tomcat/logs) and look
for the following message on start-up:</p>
<p>INFO: The APR based Apache Tomcat Native library which allows
optimal performance in production environments was not found on the
java.library.path:{path}</p>
<p>Looking in the latest catalina.log file, I see no reference to
the text “APR” … I don’t know if
that’s good or bad."</p>
<p>How should we interpret our findings?</p>
<p>Thanks,<br>
Craig</p></div>crcampbeltag:help-archives.hannonhill.com,2010-02-09:Comment/325086122014-04-10T22:35:44Z2014-04-10T22:35:44ZHeartbleed bug<div><p>Hi Craig,</p>
<p>Unless you all specifically installed and configured those
native APR libraries, you should be safe. Try using this site to
see if your instance is vulnerable:</p>
<p><a href=
"http://filippo.io/Heartbleed/">http://filippo.io/Heartbleed/</a></p>
<p>Let me know if you have any further questions.</p>
<p>Thanks!</p></div>Tim