Tuesday, March 1, 2016

Security Notification: OpenSSL Cross-Protocol Attack on TLS Using SSLv2 (DROWN) (CVE-2016-0800 and CVE-2016-0703)

A new security vulnerability was recently discovered in certain versions of OpenSSL. More information about the vulnerability is available on the OpenSSL website: https://www.openssl.org/news/secadv/20160301.txt

All the Bitnami-packaged applications are NOT VULNERABLE because Apache disables SSLv2 and EXPORT algorithms for HTTPS by default.

Please take a moment to update existing Bitnami cloud images or virtual machines by following the instructions on our wiki:


To check whether your server is vulnerable, use the following automatic DROWN Attack checker:


If you have any questions about this process, please post to our community support forum and we will be happy to help!