[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0160Date: (C)2014-04-11   (M)2024-02-22


The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1030026
SECTRACK-1030074
SECTRACK-1030077
SECTRACK-1030078
SECTRACK-1030079
SECTRACK-1030080
SECTRACK-1030081
SECTRACK-1030082
http://seclists.org/fulldisclosure/2014/Apr/91
http://seclists.org/fulldisclosure/2014/Apr/90
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
http://seclists.org/fulldisclosure/2014/Apr/109
http://seclists.org/fulldisclosure/2014/Apr/173
http://seclists.org/fulldisclosure/2014/Apr/190
http://www.securityfocus.com/archive/1/534161/100/0/threaded
EXPLOIT-DB-32745
EXPLOIT-DB-32764
SECUNIA-57347
SECUNIA-57483
SECUNIA-57721
SECUNIA-57836
SECUNIA-57966
SECUNIA-57968
SECUNIA-59139
SECUNIA-59243
SECUNIA-59347
BID-66690
DSA-2896
FEDORA-2014-4879
FEDORA-2014-4910
FEDORA-2014-9308
HPSBGN03008
HPSBGN03010
HPSBGN03011
HPSBHF03021
HPSBHF03136
HPSBMU02994
HPSBMU02995
HPSBMU02997
HPSBMU02998
HPSBMU02999
HPSBMU03009
HPSBMU03012
HPSBMU03013
HPSBMU03017
HPSBMU03018
HPSBMU03019
HPSBMU03020
HPSBMU03022
HPSBMU03023
HPSBMU03024
HPSBMU03025
HPSBMU03028
HPSBMU03029
HPSBMU03030
HPSBMU03032
HPSBMU03033
HPSBMU03037
HPSBMU03040
HPSBMU03044
HPSBMU03062
HPSBPI03014
HPSBPI03031
HPSBST03000
HPSBST03001
HPSBST03004
HPSBST03015
HPSBST03016
HPSBST03027
MDVSA-2015:062
RHSA-2014:0376
RHSA-2014:0377
RHSA-2014:0378
RHSA-2014:0396
SSRT101846
SUSE-SA:2014:002
TA14-098A
USN-2165-1
VU#720951
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
http://advisories.mageia.org/MGASA-2014-0165.html
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://cogentdatahub.com/ReleaseNotes.html
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
http://heartbleed.com/
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://support.citrix.com/article/CTX140605
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.blackberry.com/btsc/KB35882
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
http://www.kerio.com/support/kerio-control/release-history
http://www.openssl.org/news/secadv_20140407.txt
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
http://www.splunk.com/view/SP-CAAAMB3
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
https://code.google.com/p/mod-spdy/issues/detail?id=85
https://filezilla-project.org/versions.php?type=server
https://gist.github.com/chapmajs/10473815
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
openSUSE-SU-2014:0492
openSUSE-SU-2014:0560

CPE    17
cpe:/o:fedoraproject:fedora:20
cpe:/o:opensuse:opensuse:12.3
cpe:/a:openssl:openssl
cpe:/o:debian:debian_linux:7.0
...
CWE    1
CWE-125
OVAL    25
oval:org.secpod.oval:def:601256
oval:org.secpod.oval:def:601255
oval:org.secpod.oval:def:400610
oval:org.secpod.oval:def:701627
...

© SecPod Technologies