skip to main content

SAP NetWeaver Newbie

Heartbleed: SAP Business Intelligence products using APR native Tomcat library affected

SAP has released an advisory on the implications of Heartbleed bug on SAP Business Objects and Business Intelligence products, through SAP note 2003582

According to the note:
Default Tomcat provided by SAP with SAP Business Intelligence products  is not affected by this issue, unless customers explicitly enable SSL using APR native tomcat library.
See http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html and http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html for details on Tomcat SSL configuration.
Open an SAP message on the component XX-SER-BO-SEC if you suspect you are affected.

Here is a simple explanation of this bug


Use this site to check if a website has been fixed or not to know whether to change password now or wait.
You can also use this site to test if the servers are secure right now. It sends a deliberately malformed heartbeat and checks if the server responds with too much information. Keep in mind this tells you nothing about whether or not a previously vulnerable website has changed their x509 certificates and similar information.

No comments:

Post a Comment

Email Subscription

Get every new post into your inbox by subscribing us.

Want a reason to subscribe?
1. This sitemap might convince you to subscribe.
2. We do not misuse email IDs. We respect privacy.

© 2008 - 2017 sapnwnewbie. All rights reserved.