F5 Networks Not Affected

Notified:  April 19, 2002 Updated: May 28, 2002

Status

Not Affected

Vendor Statement

F5 Networks' EDGE-FX Cache product does not currently perform HTTP content/virus scanning.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

F-Secure Not Affected

Notified:  April 19, 2002 Updated: June 05, 2002

Status

Not Affected

Vendor Statement

F-Secure products are not vulnerable. We do not have a product implemented as HTTP proxy. FSAV for Firewalls is designed to scan HTTP traffic, and works in conjunction with a CVP-compliant firewall such as Check Point FireWall-1, Cyberguard, etc. Customers using FSAV for Firewalls should check if their firewall software is affected and contact the firewall vendor to get a patch/workaround.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Not Affected

Notified:  April 19, 2002 Updated: May 29, 2002

Status

Not Affected

Vendor Statement

[HP does not] have any products that make use of HTTP CONNECT method tunnels.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sophos Not Affected

Notified:  April 19, 2002 Updated: May 30, 2002

Status

Not Affected

Vendor Statement

Sophos does not provide HTTP virus scanning at this time.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Trend Micro Affected

Updated:  April 15, 2002

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC tested InterScan VirusWall 3.52 on Windows 2000 and found it to be vulnerable.