Akamai Diversity

The Akamai Blog

OpenSSL Vulnerabilities (CVE-2015-1788 & CVE-2015-1789)

Akamai is aware of a recently disclosed vulnerability in OpenSSL that can be exploited to perform denial of service attacks against any system which processes public keys, certificate requests, or certificates.

The announcement for CVE-2015-1788 (discovered by Joseph Barr-Pixton and fixed by Andy Polyakov of the OpenSSL development team) and CVE-2015-1789 (discovered independently by Robert Swiecki and Hanno Böck) can be found here. The fix was developed by Emilia Käsper of the OpenSSL development team.

How Is Akamai protected?
As of June 11, 2015, Akamai has patched its HTTP/HTTPS delivery platforms (HTTP and Secure Content Delivery Networks). Akamai is also in the process of checking (and where necessary, patching) its other internal systems for exposure to these vulnerabilities.

Note that the other vulnerabilities reported in the same advisory do not impact Akamai's configuration.

What steps do I need to take to protect myself?
If you run OpenSSL in your origin infrastructure, Akamai advises you to consult your security advisory team to review the vulnerability and upgrade your software.

If you have any questions or concerns regarding this vulnerability and your Akamai services, please use our Community post dedicated to the subject, or contact your Akamai Representative or Customer Care.

If our investigation uncovers additional risks, we will provide follow-up blog posts, Akamai Community posts, and Luna Portal advisories to update customers on how we are affected and what we're doing about it.

Leave a comment