The purpose of this article is to provide a list of commonly known vulnerabilities along with an explanation as to why the LM is not affected.
This article is not a comprehensive list of vulnerabilities going back to the dawn of the loadmaster. The article is also not a best practice security guide.
CVE Entry | Affected Libraries | Fixed Version | Comments |
CVE-2021-3156 | Sudoedit Linux | N/A | Not vulnerable. sudoedit on linux. Not applicable to LM. |
CVE-2021-1732 | Windows NETLOGON | N/A | NA to LM. This is windows issue. |
CVE-2020-15598 | ModSecurity v3 | N/A | LoadMaster is not vulnerable as it runs the ModSecurity v2.9 release line. |
CVE-2020-8515 | N/A | N/A | Not vulnerable. |
CVE-2020-1967 | N/A | N/A | Not vulnerable. |
CVE-2020-10029 | Glibc | N/A | Not vulnerable. |
CVE-2019-16905 | openssh | 7.7,7.9,8.x- 8.1 | NA. Not vulnerable. Experimental code which is not built as part of LMOS. |
CVE-2019-0190 | openssl | 1.1.1 | NA, not relevant to LMOS - only relevant to Apache HTTP server. |
CVE-2019-1551 | openssl | 1.1.1 | NA, this is with 512-bit moduli - I.e. a 512 HD random key - the default is for 2K keys so this is not relevant. |
CVE-2019-1549 |
openssl | 1.1.1 | NA, sslproxy forks first and then starts openssl, so this is not applicable. |
CVE-2019-1563 | openssl | 1.1.1 | NA, The LM does not use PKCS7 or CMS and it always uses a certificate. |
CVE-2019-1547 | openssl | 1.1.1 | NA, LM only uses libssl interface which is indicated to be not vulnerable. |