Earlier today, The OpenSSL Project released an update to address a number of security flaws, including a new vulnerability classified as “high” severity. The versions of OpenSSL to be patched are 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The high-severity vulnerability exists only in v1.0.2, according to the advisory.
This new high-severity vulnerability could be exploited to launch a denial-of-service (DoS) attack against a server by renegotiating an SSL connection with an invalid signature algorithm extension.
Incapsula is not using v1.0.2 of OpenSSL and as a result the new OpenSSL vulnerability has no impact on our network.
Moreover, since Incapsula terminates all SSL connections before passing them to origin servers, all Incapsula-protected domains are also secured by default, even before applying the patch on their end.Read more »