Is Netreo vulnerable to the Heartbleed bug in OpenSSL?

In April 2014, OpenSSL announced the existence of the CVE-2014-0160 bug (also known as Heartbleed) which is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Netreo uses the Apache web server, which uses OpenSSL for encryption. However, the version of OpenSSL that Netreo uses is not, and never has been, vulnerable to this exploit.

In practice, the risk of this type of exploit for Netreo customers is very low anyway, as Netreo is typically deployed behind the customer firewall and is not publicly accessible to outside attackers. Netreo also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the Netreo Appliance Security page for more information.

If you have any concerns, please feel free to contact Netreo Support.