[THIN] Re: Citrix Webinterface -heartbleed

• From: Jeremy Saunders <jeremy@xxxxxxxxxxxxxxxxxxxx>
• To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
• Date: Mon, 9 Jun 2014 01:24:42 +0000

That's right Al. Web Interface itself is not vulnerable, but possibly the 
underlying IIS instance. The security team just needs to check that as they 
would with any other IIS instance.

Cheers,
Jeremy

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Alan Tropper
Sent: Monday, 9 June 2014 9:17 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Citrix Webinterface -heartbleed

Hi All,

Our security team are concerned about heartbleed with the citrix webinterface 
server, however Im not so sure there is a vulnerability there, after reading 
the below I don't think web interface is affected, can anyone out there confirm?

Quote: 
(http://support.citrix.com/article/CTX140876%20%3Chttp://support.citrix.com/article/CTX140876%3E<http://support.citrix.com/article/CTX140876%20%3Chttp:/support.citrix.com/article/CTX140876%3E>)

"Citrix Web Interface: Web Interface makes use of the TLS functionality 
provided by the underlying web server. Citrix customers are advised to verify 
that any deployed web servers used to host Web Interface are not vulnerable to 
these issues. Web Interface can also use a built-in TLS library to make 
outgoing TLS connections, this library is not vulnerable to these CVEs".

Thanks

Al

Alan Tropper
Service Delivery & Support | INPEX
Level 22 100 St Georges Tce | PERTH Western Australia 6000
T + 61 8 6213 6777 | F + 61 8 6213 6455 |
Alan.Tropper@xxxxxxxxxxxx<mailto:Alan.Tropper@xxxxxxxxxxxx>

The contents of this e-mail, including any attachments are the property of 
INPEX, are intended for use by the ordinary user of the e-mail address to which 
it was addressed and may also be privileged. If you are not the addressee of 
this e-mail you may not copy, forward, disclose or otherwise use it or any part 
of it in any form whatsoever. If you have received this e-mail in error please 
e-mail the sender by replying to this message. Emails sent or received may be 
monitored to ensure compliance with the law, regulation and/or INPEX policies.

• Follow-Ups:
  • [THIN] Re: Citrix Webinterface -heartbleed
    • From: Greg Reese

• References:
  • [THIN] Citrix Webinterface -heartbleed
    • From: Alan Tropper

Other related posts:

• » [THIN] Citrix Webinterface -heartbleed- Alan Tropper
• » [THIN] Re: Citrix Webinterface -heartbleed - Jeremy Saunders
• » [THIN] Re: Citrix Webinterface -heartbleed- Greg Reese
• » [THIN] Re: Citrix Webinterface -heartbleed- Dan Dill
• » [THIN] Re: Citrix Webinterface -heartbleed- Jeremy Saunders

1. Home
2. thin
3. Archive
4. 06-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---