Imperva Security Response for CVE-2014-0160 - aka "Heartbleed"

OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat Extension packets

Revision History
Date Comment
4/10/2014 Initial Version
4/14/2014 Update to provide a more granular mitigation option to protect customer applications with SecureSphere WAF

Status Summary
  • A granular method for Imperva SecureSphere customers to mitigate this vulnerability in their applications using SecureSphere WAF is available (See Protecting Applications below).
  • Only release 10.5 of SecureSphere and ThreatRadar services were affected by this vulnerability. Exposure is limited to management communications, which are not commonly exposed externally (See Affected Imperva Products below).

1) Protecting Applications:

Imperva customers can use SecureSphere WAF to protect vulnerable applications as follows:
  • When deployed in Kernel Reverse Proxy (KRP) mode, SecureSphere WAF automatically protects customer applications because SecureSphere controls the SSL connection.
  • When deployed in bridge mode, SecureSphere should be configured to block "SSL Untraceable Connection". This method works in versions 9.5 and later.
  • For customers deployed in bridge mode that need more granularity when blocking SSL untraceable connections, we have released software patches today that provide better granularity (patches for versions 9.0, 9.5 and 10.0) for mitigation. After following the patch instructions and changing the file bootstrap.xml in the WAF appliance, only the SSL untraceable connection with protocol violations will be blocked (the ones with "ssl fatal error"). This blocks connections associated with the Heartbleed attack.

Patches to mitigate affected applications using SecureSphere WAF are available now.

Patch for V9.0:
Patch for V9.5:
Patch for V10.0:
(Imperva Username and Credentials Required)

2) Affected Imperva Products:
  • SecureSphere Version 10.5, and ThreatRadar services
Not affected Imperva Products:
The following versions or products are not vulnerable:
  • SecureSphere 8.0, 8.5, 9.0, 9.5, 10.0


Only SecureSphere V10.5 is impacted by this vulnerability, and the only element impacted is SecureSphere management communications, which are not commonly exposed externally. All ThreatRadar services were protected from this vulnerability on April 8th, 2014 and all associated certificates were replaced on April 13th, 2014.

Vendor Fix

A fix for SecureSphere V10.5 will be available from Imperva support soon. Customers with questions or issues should contact Imperva support for more information and/or guidance.

The patch for SecureSphere V10.5 will be available on the FTP Site.
(Imperva Username and Credentials Required)


Mitre CVE Listing: