[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2014-0160

Date: (C)2014-04-11   (M)2017-11-18 


The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CVSS Score: 5.0Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1030026
SECTRACK-1030074
SECTRACK-1030077
SECTRACK-1030078
SECTRACK-1030079
SECTRACK-1030080
SECTRACK-1030081
SECTRACK-1030082
http://seclists.org/fulldisclosure/2014/Apr/91
http://seclists.org/fulldisclosure/2014/Apr/90
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
http://seclists.org/fulldisclosure/2014/Apr/109
http://seclists.org/fulldisclosure/2014/Apr/173
http://seclists.org/fulldisclosure/2014/Apr/190
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded
EXPLOIT-DB-32745
EXPLOIT-DB-32764
SECUNIA-57347
SECUNIA-57483
SECUNIA-57721
SECUNIA-57836
SECUNIA-57966
SECUNIA-57968
SECUNIA-59139
SECUNIA-59243
SECUNIA-59347
BID-66690
DSA-2896
FEDORA-2014-4879
FEDORA-2014-4910
FEDORA-2014-9308
HPSBGN03008
HPSBGN03010
HPSBGN03011
HPSBHF03021
HPSBHF03136
HPSBMU02994
HPSBMU02995
HPSBMU02997
HPSBMU02998
HPSBMU02999
HPSBMU03009
HPSBMU03012
HPSBMU03013
HPSBMU03017
HPSBMU03018
HPSBMU03019
HPSBMU03020
HPSBMU03022
HPSBMU03023
HPSBMU03024
HPSBMU03025
HPSBMU03028
HPSBMU03029
HPSBMU03030
HPSBMU03032
HPSBMU03033
HPSBMU03037
HPSBMU03040
HPSBMU03044
HPSBMU03062
HPSBPI03014
HPSBPI03031
HPSBST03000
HPSBST03001
HPSBST03004
HPSBST03015
HPSBST03016
HPSBST03027
IAVM:2012-A-0104
IAVM:2013-A-0222
IAVM:2014-A-0017
IAVM:2014-A-0019
IAVM:2014-A-0051
IAVM:2014-A-0053
IAVM:2014-A-0054
IAVM:2014-A-0055
IAVM:2014-A-0056
IAVM:2014-A-0057
IAVM:2014-A-0058
IAVM:2014-A-0062
IAVM:2014-A-0063
IAVM:2014-B-0041
IAVM:2014-B-0042
IAVM:2014-B-0046
IAVM:2014-B-0050
MDVSA-2015:062
RHSA-2014:0376
RHSA-2014:0377
RHSA-2014:0378
RHSA-2014:0396
SSRT101846
SUSE-SA:2014:002
TA14-098A
VU#720951
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
http://advisories.mageia.org/MGASA-2014-0165.html
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://cogentdatahub.com/ReleaseNotes.html
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
http://heartbleed.com/
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.blackberry.com/btsc/KB35882
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
http://www.kerio.com/support/kerio-control/release-history
http://www.openssl.org/news/secadv_20140407.txt
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
http://www.splunk.com/view/SP-CAAAMB3
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
https://code.google.com/p/mod-spdy/issues/detail?id=85
https://filezilla-project.org/versions.php?type=server
https://gist.github.com/chapmajs/10473815
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
https://www.cert.fi/en/reports/2014/vulnerability788210.html
openSUSE-SU-2014:0492

CPE    11
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.1:beta3
cpe:/a:openssl:openssl:1.0.1:beta2
cpe:/a:openssl:openssl:1.0.1a
...
CWE    1
CWE-119
OVAL    26
oval:org.secpod.oval:def:106829
oval:org.secpod.oval:def:501220
oval:org.secpod.oval:def:203298
oval:org.secpod.oval:def:400610
...

© 2013 SecPod Technologies