Urchin WebAnalytics Software is discontinued and is no longer supported. All Urchin documentation applies only to the Urchin product as it was at the time of discontinuation, and does not apply to any Google Analytics products or services.

Vulnerability in OpenSSL 0.9.7c: Limited Urchin 5 Exposure


Urchin 5 ships with an embedded Apache webserver that provides access to the web-based Urchin administration and reporting functions. The Apache webserver shipped with Urchin is built with SSL support, although it is not enabled by default. Per the following security advisory:

several vulnerabilities in the OpenSSL SSL/TLS library could allow an unauthenticated, remote attacker to cause a denial of service.

Impact on Urchin Customers

Beginning with Urchin 4.100, the Apache webserver shipped with Urchin has included OpenSSL. All versions of Urchin from Urchin 4.100 through Urchin 5.501 include a version of OpenSSL that is vulnerable to this denial of service attack.

This issue was addressed in Urchin 5.600, which shipped with an Apache 1.3.29 server using OpenSSL 0.9.d. Customers are encouraged to upgrade to Urchin 5.600 or later.

Clear search
Close search
Google apps
Main menu
Search Help Center