IBM Notes & Domino are not vulnerable to OpenSSL "Heartbleed" bug (CVE-2014-0160)

Flash (Alert)


Abstract

Information is circulating describing a method called "Heartbleed," which exploits a vulnerability caused by a design error in OpenSSL. This technote provides confirmation that IBM Notes and Domino are not susceptible to the Heartbleed attack.

Content

IBM Notes and Domino are not vulnerable to the Heartbleed bug because they do not use OpenSSL as the basis of the SSL stack in the products. Note that this includes both the Domino SSL stack as well as the TLS implementation supported by the IBM HTTP Server in 9.0. Notes Traveler is also not affected.

For more information on the Heartbleed bug, including a Q&A, go to http://www.heartbleed.com.

Related information

CVE-2014-0160
OpenSSL vulnerabilities do not apply to IHS
A simplified Chinese translation is available

Cross reference information
Segment Product Component Platform Version Edition
Messaging Applications IBM Notes 9.0, 8.5, 8.0
Messaging Applications IBM Notes Traveler 9.0, 8.5, 8.0.1

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Domino
Security

Software version:

8.0, 8.5, 9.0

Operating system(s):

AIX, AIX 64bit, IBM i, Linux, Linux iSeries, Linux xSeries, Linux zSeries, Solaris, Windows, Windows 64bit, i5/OS, z/OS

Reference #:

1669782

Modified date:

2014-04-09

Translate my page

Machine Translation

Content navigation