Urchin WebAnalytics Software is discontinued and is no longer supported. All Urchin documentation applies only to the Urchin product as it was at the time of discontinuation, and does not apply to any Google Analytics products or services.

Vulnerability in OpenSSL 0.9.7c: Limited Urchin 4 Exposure


Urchin 5 ships with an embedded Apache webserver that provides access to the web-based Urchin administration and reporting functions. The Apache webserver shipped with Urchin is built with SSL support, although it is not enabled by default. Per the following security advisory:

several vulnerabilities in the OpenSSL SSL/TLS library could allow an unauthenticated, remote attacker to cause a denial of service.

Impact on Urchin Customers

Beginning with Urchin 4.100, the Apache webserver shipped with Urchin has included OpenSSL. All versions of Urchin from Urchin 4.100 through Urchin 4.106 include a version of OpenSSL that is vulnerable to this denial of service attack.

Given that SSL support is not enabled by default, and that the vulnerability presents no threat to system security, Urchin Software Corporation will not be releasing a fix for this issue as no further development is being done on Urchin 4. Customers are urged to upgrade to the latest release of Urchin instead.

Clear search
Close search
Google apps
Main menu
Search Help Center