Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.103936
Category:SSL and TLS
Title:SSL/TLS: OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability
Summary:OpenSSL is prone to an information disclosure vulnerability.
Description:Summary:
OpenSSL is prone to an information disclosure vulnerability.

Vulnerability Insight:
The TLS and DTLS implementations do not properly handle
Heartbeat Extension packets.

Vulnerability Impact:
An attacker can exploit this issue to gain access to sensitive
information that may aid in further attacks.

Affected Software/OS:
OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and
1.0.1 are vulnerable.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: BugTraq ID: 66690
Common Vulnerability Exposure (CVE) ID: CVE-2014-0160
http://www.securityfocus.com/bid/66690
Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Cert/CC Advisory: TA14-098A
http://www.us-cert.gov/ncas/alerts/TA14-098A
CERT/CC vulnerability note: VU#720951
http://www.kb.cert.org/vuls/id/720951
Cisco Security Advisory: 20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Debian Security Information: DSA-2896 (Google Search)
http://www.debian.org/security/2014/dsa-2896
http://www.exploit-db.com/exploits/32745
http://www.exploit-db.com/exploits/32764
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
http://seclists.org/fulldisclosure/2014/Apr/91
http://seclists.org/fulldisclosure/2014/Apr/90
http://seclists.org/fulldisclosure/2014/Apr/109
http://seclists.org/fulldisclosure/2014/Apr/173
http://seclists.org/fulldisclosure/2014/Apr/190
http://seclists.org/fulldisclosure/2014/Dec/23
HPdes Security Advisory: HPSBGN03008
http://marc.info/?l=bugtraq&m=139774054614965&w=2
HPdes Security Advisory: HPSBGN03010
http://marc.info/?l=bugtraq&m=139774703817488&w=2
HPdes Security Advisory: HPSBGN03011
http://marc.info/?l=bugtraq&m=139833395230364&w=2
HPdes Security Advisory: HPSBHF03021
http://marc.info/?l=bugtraq&m=139835815211508&w=2
HPdes Security Advisory: HPSBHF03136
http://marc.info/?l=bugtraq&m=141287864628122&w=2
HPdes Security Advisory: HPSBHF03293
http://marc.info/?l=bugtraq&m=142660345230545&w=2
HPdes Security Advisory: HPSBMU02994
http://marc.info/?l=bugtraq&m=139757726426985&w=2
HPdes Security Advisory: HPSBMU02995
http://marc.info/?l=bugtraq&m=139722163017074&w=2
HPdes Security Advisory: HPSBMU02997
http://marc.info/?l=bugtraq&m=139757919027752&w=2
HPdes Security Advisory: HPSBMU02998
http://marc.info/?l=bugtraq&m=139757819327350&w=2
HPdes Security Advisory: HPSBMU02999
http://marc.info/?l=bugtraq&m=139765756720506&w=2
HPdes Security Advisory: HPSBMU03009
http://marc.info/?l=bugtraq&m=139905458328378&w=2
HPdes Security Advisory: HPSBMU03012
http://marc.info/?l=bugtraq&m=139808058921905&w=2
HPdes Security Advisory: HPSBMU03013
http://marc.info/?l=bugtraq&m=139824993005633&w=2
HPdes Security Advisory: HPSBMU03017
http://marc.info/?l=bugtraq&m=139817727317190&w=2
HPdes Security Advisory: HPSBMU03018
http://marc.info/?l=bugtraq&m=139817782017443&w=2
HPdes Security Advisory: HPSBMU03019
http://marc.info/?l=bugtraq&m=139817685517037&w=2
HPdes Security Advisory: HPSBMU03020
http://marc.info/?l=bugtraq&m=139836085512508&w=2
HPdes Security Advisory: HPSBMU03022
http://marc.info/?l=bugtraq&m=139869891830365&w=2
HPdes Security Advisory: HPSBMU03023
http://marc.info/?l=bugtraq&m=139843768401936&w=2
HPdes Security Advisory: HPSBMU03024
http://marc.info/?l=bugtraq&m=139889113431619&w=2
HPdes Security Advisory: HPSBMU03025
http://marc.info/?l=bugtraq&m=139869720529462&w=2
HPdes Security Advisory: HPSBMU03028
http://marc.info/?l=bugtraq&m=139905243827825&w=2
HPdes Security Advisory: HPSBMU03029
http://marc.info/?l=bugtraq&m=139905202427693&w=2
HPdes Security Advisory: HPSBMU03030
http://marc.info/?l=bugtraq&m=139905351928096&w=2
HPdes Security Advisory: HPSBMU03032
http://marc.info/?l=bugtraq&m=139905405728262&w=2
HPdes Security Advisory: HPSBMU03033
http://marc.info/?l=bugtraq&m=139905295427946&w=2
HPdes Security Advisory: HPSBMU03037
http://marc.info/?l=bugtraq&m=140724451518351&w=2
HPdes Security Advisory: HPSBMU03040
http://marc.info/?l=bugtraq&m=140015787404650&w=2
HPdes Security Advisory: HPSBMU03044
http://marc.info/?l=bugtraq&m=140075368411126&w=2
HPdes Security Advisory: HPSBMU03062
http://marc.info/?l=bugtraq&m=140752315422991&w=2
HPdes Security Advisory: HPSBPI03014
http://marc.info/?l=bugtraq&m=139835844111589&w=2
HPdes Security Advisory: HPSBPI03031
http://marc.info/?l=bugtraq&m=139889295732144&w=2
HPdes Security Advisory: HPSBST03000
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
HPdes Security Advisory: HPSBST03001
http://marc.info/?l=bugtraq&m=139758572430452&w=2
HPdes Security Advisory: HPSBST03004
http://marc.info/?l=bugtraq&m=139905653828999&w=2
HPdes Security Advisory: HPSBST03015
http://marc.info/?l=bugtraq&m=139824923705461&w=2
HPdes Security Advisory: HPSBST03016
http://marc.info/?l=bugtraq&m=139842151128341&w=2
HPdes Security Advisory: HPSBST03027
http://marc.info/?l=bugtraq&m=139905868529690&w=2
HPdes Security Advisory: SSRT101846
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
http://heartbleed.com/
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://gist.github.com/chapmajs/10473815
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E
RedHat Security Advisories: RHSA-2014:0376
http://rhn.redhat.com/errata/RHSA-2014-0376.html
RedHat Security Advisories: RHSA-2014:0377
http://rhn.redhat.com/errata/RHSA-2014-0377.html
RedHat Security Advisories: RHSA-2014:0378
http://rhn.redhat.com/errata/RHSA-2014-0378.html
RedHat Security Advisories: RHSA-2014:0396
http://rhn.redhat.com/errata/RHSA-2014-0396.html
http://www.securitytracker.com/id/1030026
http://www.securitytracker.com/id/1030074
http://www.securitytracker.com/id/1030077
http://www.securitytracker.com/id/1030078
http://www.securitytracker.com/id/1030079
http://www.securitytracker.com/id/1030080
http://www.securitytracker.com/id/1030081
http://www.securitytracker.com/id/1030082
http://secunia.com/advisories/57347
http://secunia.com/advisories/57483
http://secunia.com/advisories/57721
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://secunia.com/advisories/59139
http://secunia.com/advisories/59243
http://secunia.com/advisories/59347
SuSE Security Announcement: SUSE-SA:2014:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
SuSE Security Announcement: openSUSE-SU-2014:0492 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
SuSE Security Announcement: openSUSE-SU-2014:0560 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
http://www.ubuntu.com/usn/USN-2165-1
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.