HTTrack Website Copier
Free software offline browser - FORUM
Subject: Re: Potencially vulnerable ssleay32.dll
Author: Xavier Roche
Date: 11/25/2014 17:46
 
> Hi, we found HTTrack uses ssleay32.dll of 1.0.1.7
> version, which contains some vulnerabilities (f.e.
> CVE-2014-3567). We don't know which functions of
> that dll uses HTTrack. So we have an answer - is
> ssleay32.dll vulnerable or HTTrack doesn't use the
> vulnerable functions? If it is, are you going to
> update ssleay32.dll?
The risk is low (this is a denial of service, and would require to download a
specifically crafter website)

I have however updated OpenSSL to the latest 1.0.1j version for the next
release:
<https://code.google.com/p/httrack/source/detail?r=1325>
<https://code.google.com/p/httrack/source/detail?r=1326>

Thanks for pointing out!
 
Reply Create subthread


All articles

Subject Author Date
Potencially vulnerable ssleay32.dll

11/24/2014 09:19
Re: Potencially vulnerable ssleay32.dll

11/25/2014 17:46
Re: Potencially vulnerable ssleay32.dll

06/05/2015 10:03




c

Created with FORUM 2.0.11