Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Chromebleed |
|
| Author |
|
Materix
Joined: 30 Aug 2012
Posts: 42
|
 Posted: Thu 10 Apr '14 16:13 Post subject: Chromebleed |
 |
|
Hello.
I have installed the Chromebleed extension for Chrome.
When I visit apachelounge.com, then it pops up with a message "this site is vulnerable".
Why is that? |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 701
|
| Posted: Thu 10 Apr '14 16:25 Post subject: |
|
|
What reason gives it ?
When it is for the Heartbleed bug, then it is a false positive. Apachelounge runs at the moment with OpenSSL 1.0.1g which is not vulnerable. SSLLabs.com says it is ok.
Last edited by admin on Fri 11 Apr '14 11:55; edited 1 time in total |
|
| Back to top |
|
Materix
Joined: 30 Aug 2012
Posts: 42
|
| Posted: Thu 10 Apr '14 16:33 Post subject: |
|
|
| admin wrote: | What reason gives it ?
|
It does not give any reason. I did also expect this was a false positive. I was just wondering what the reason might be for this. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7398
Location: EU, Germany, Next to Hamburg
|
| Posted: Fri 11 Apr '14 17:09 Post subject: |
|
|
| I haven't run a a test against apachelounge, but I had with some tools a false positive because the servers support ssl heartbeat (even if patched against heart bleed). |
|
| Back to top |
|
|
|
|
|
|
