How to know the OpenSSL version for WebApp hosted in Azure cloud - PhpOut

Raj
November 2, 2022
169 views
0 votes
2 Answers

I know it is not related to coding but really need to know this. Already googled it but no concrete answer was found.

The client wants to know whether our application is vulnerable to the latest vulnerability which is found in OpenSSL.
CVE-2022-3786
CVE-2022-3602

Reference: https://snyk.io/blog/new-openssl-critical-vulnerability/

Tags: azure azure-web-app-service openssl security

Answers

- SoySolisCarlos
- November 2, 2022 at 1:52 pm
- 0 votes
0
You can find vulnerable machines with Defender for Cloud’s inventory tools:
1. Sign in to the Azure portal.
2. Navigate to Microsoft Defender for Cloud > Inventory
3. Use the built-in filters to find your at-risk machines:
  - Use the Installed applications filter to search for “contains openssl” or specific packages
  - Use the Installed applications versions filter to find the affected versions (3.0.0-3.0.6)
    Source: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/new-openssl-v3-vulnerability-prepare-with-microsoft-defender-for/ba-p/3666487
According to Tenable:

OpenSSL version 3.0.7 has been released to address these vulnerabilities.

You won’t say what kind of WebApp you have but updating OpenSSL in your WebApp will be enough.

UPDATE

You can get your OpenSSL Version with the command openssl version

You can find the app service console in your Azure portal
Login or Signup to reply.

- lunchbox
- November 14, 2022 at 8:20 pm
- 0 votes
0
MSFT announced Defender CSPM at Ignite, one of the features of DCSPM is Cloud Security Explorer and it has a built in template for this exact scenario. The feature is in preview and can be used for free (for now)

OpenSSL Detection

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.