I was asking because Imperva On-prem terminates some TLS, not because there's something that it can do to protect against those vulnerabilities.
------------------------------
Skott Klebe
Security Architect
EBSCO Information Services
Ipswich MA
------------------------------
Original Message:
Sent: 11-04-2022 00:39
From: Cho Jae Ku
Subject: OpenSSL CVE-2022-3786 and CVE-2022-3602
Other than product impact, are there any policies that WAF can protect against vulnerabilities?
Thanks
JK
------------------------------
Cho Jae Ku
engineer
Cybertek holdings Inc
seoul
Original Message:
Sent: 11-03-2022 07:44
From: Anat Zadik
Subject: OpenSSL CVE-2022-3786 and CVE-2022-3602
WAF GW and Cloud WAF products do not use OpenSSL v3 and therefore not vulnerable to these CVEs.
------------------------------
Anat Zadik
Engineering Manager
Imperva
Tel Aviv
Original Message:
Sent: 11-02-2022 13:05
From: Skott Klebe
Subject: OpenSSL CVE-2022-3786 and CVE-2022-3602
Has Imperva put out any language on the OpenSSL fix released this week?
Understanding that it was downgraded from the anticipated critical rating, I still can't find any statement from Imperva about any exposure in the On-Prem WAF, much less any thing that says action is or is not necessary.
Thanks!
SK
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Skott Klebe
Security Architect
EBSCO Information Services
Ipswich MA
------------------------------