Skip to content
Effectuez une recherche pour en savoir plus sur les produits et solutions InterSystems, les offres d'emploi, etc.

Advisory: Cross-Protocol Attack on TLS Using SSLv2 (DROWN)

March 10, 2016 – Advisory: Cross-Protocol Attack on TLS Using SSLv2 (DROWN)

This advisory concerns the recently announced vulnerability CVE-2016-0800, aka DROWN, which is due to weaknesses in SSLv2. For more information, see https://drownattack.com. This vulnerability may be relevant to InterSystems customers as InterSystems products have the capability to utilize SSLv2.

SSLv2 is known to have weak security and it has long been recommended that it be disabled in installations. SSLv2 has always been disabled by default in all released versions of InterSystems products.

If your organization uses the default configuration for its instances, then no action is required. However, if your organization has enabled SSLv2 for any of its instances, then to eliminate this vulnerability you must disable it. This is especially critical if any instances share a private key. (Note that InterSystems always strongly discourages sharing private keys due to its inherent dangers.) Your organization’s administrators can use the Management Portal or the command line utilities to make the required modifications to SSL/TLS configurations of InterSystems product instances.

If you have any questions regarding this alert, please contact the InterSystems Worldwide Response Center.

Latest Alerts & Advisories

20 May 2025
This issue affects all versions of HealthShare®:
20 May 2025
This problem affects the following products:

Passez à l'étape suivante

Nous serions ravis d'échanger avec vous. Remplissez les champs suivants et nous vous recontacterons.
*Champs obligatoires
Veuillez remplir tous les champs obligatoires*
*Champs obligatoires
Veuillez remplir tous les champs obligatoires*
** En cochant cette case, vous consentez à recevoir des actualités, des mises à jour et toute autre information à objectif marketing liés aux produits et événements actuels et futurs d'InterSystems. En outre, vous consentez à ce que vos coordonnées professionnelles soient saisies dans notre solution CRM hébergée aux États-Unis, mais conservées conformément aux lois applicables en matière de protection des données.