Following is the par from the IBM support article which states that IBM WebSphere Application Server and IBM HTTP Server are not vulnerable to CVE-2014-0160 Heartbleed vulnerability.

This vulnerability does NOT affect the SSL that is used by IBM WebSphere Application Server in all editions and all platforms. The IBM Java JSSE does not use OpenSSL.
This vulnerability does NOT affect the IBM HTTP Server component in all editions and all platforms. The GSKit component of IBM HTTP Server does not use OpenSSL SSL code.

Ref : IBM WebSphere Application Server and IBM HTTP Server CVE-2014-0160

Heartbleed Vulnerability IBM WebSphere Application Server and IBM HTTP Server

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recommend on Google