Advice: the Heartbleed Bug and HP Autonomy Worksite
Here’s some useful advice from Phoenix Business Solutions about The Heartbleed Bug and the vulnerability it causes. In addition to the numerous public websites affected, many systems and services that rely on the same technology may be affected in particular, the latest version of HP Autonomy WorkSite, when used with the WorkSite Anywhere feature, is potentially vulnerable. If you use WorkSite 9 or will be upgrading to it, HP has promptly released the following guidance notes for how to secure your environment. As always, if you have any questions or concerns about your system, please feel free to contact Phoenix for assistance.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
According to HP Autonomy, the Heartbleed vulnerability in OpenSSL can affect WorkSite Server 9.0 Update 4 and 9.0 SP1. If you are using WorkSite Anywhere and WorkSite Server 9.0 Update 4 or SP1, then your WorkSite server is vulnerable to this attack. HP Autonomy have released a quick update to address this vulnerability. (WorkSite Web is not affected because IIS does not utilise OpenSSL.) The update, named as CSAR-1692, contains a new build of imDmsSvr.exe and imDmssvc.pdb. Due to the seriousness of this Vulnerability, Phoenix recommend an emergency deployment of this update, if using the affected versions.
The patch can be downloaded from here.
To test a URL or Hostname for Vulnerability – Click Here