Lucene search

[email protected]CVE-2014-0160

HistoryApr 07, 2014 - 10:55 p.m.

CVE-2014-0160

2014-04-0722:55:03

CWE-125

[email protected]

web.nvd.nist.gov

3519

In Wild

cve-2014-0160

nvd

openssl

heartbleed

tls

dtls

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Affected configurations

NVD

Node

opensslopensslRange1.0.1–1.0.1g

Node

filezilla-projectfilezilla_serverRange<0.9.44

Node

siemensapplication_processing_engine_firmwareMatch2.0

AND

siemensapplication_processing_engineMatch-

Node

siemenscp_1543-1_firmwareMatch1.1

AND

siemenscp_1543-1Match-

Node

siemenssimatic_s7-1500_firmwareMatch1.5

AND

siemenssimatic_s7-1500Match-

Node

siemenssimatic_s7-1500t_firmwareMatch1.5

AND

siemenssimatic_s7-1500tMatch-

Node

siemenselan-8.2Range<8.3.3

siemenswincc_open_architectureMatch3.12

Node

intellianv100_firmwareMatch1.20

intellianv100_firmwareMatch1.21

intellianv100_firmwareMatch1.24

AND

intellianv100Match-

Node

intellianv60_firmwareMatch1.15

intellianv60_firmwareMatch1.25

AND

intellianv60Match-

Node

mitelmicollabMatch6.0

mitelmicollabMatch7.0

mitelmicollabMatch7.1

mitelmicollabMatch7.2

mitelmicollabMatch7.3

mitelmicollabMatch7.3.0.104

mitelmivoiceMatch1.1.2.5lync

mitelmivoiceMatch1.1.3.3skype_for_business

mitelmivoiceMatch1.2.0.11skype_for_business

mitelmivoiceMatch1.3.2.2skype_for_business

mitelmivoiceMatch1.4.0.102skype_for_business

Node

opensuseopensuseMatch12.3

opensuseopensuseMatch13.1

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.10

Node

fedoraprojectfedoraMatch19

fedoraprojectfedoraMatch20

Node

redhatgluster_storageMatch2.1

redhatstorageMatch2.1

redhatvirtualizationMatch6.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.5

redhatenterprise_linux_server_eusMatch6.5

redhatenterprise_linux_server_tusMatch6.5

redhatenterprise_linux_workstationMatch6.0

Node

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

Node

ricons9922l_firmwareMatch16.10.3\(3794\)

AND

ricons9922lMatch1.0

CPENameOperatorVersion
openssl:opensslopenssllt1.0.1g

CPE	Name	Operator	Version
openssl:openssl	openssl	lt	1.0.1g

References

advisories.mageia.org/MGASA-2014-0165.html

blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

cogentdatahub.com/ReleaseNotes.html

download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

heartbleed.com/

lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

marc.info/?l=bugtraq&m=139722163017074&w=2

marc.info/?l=bugtraq&m=139757726426985&w=2

marc.info/?l=bugtraq&m=139757819327350&w=2

marc.info/?l=bugtraq&m=139757919027752&w=2

marc.info/?l=bugtraq&m=139758572430452&w=2

marc.info/?l=bugtraq&m=139765756720506&w=2

marc.info/?l=bugtraq&m=139774054614965&w=2

marc.info/?l=bugtraq&m=139774703817488&w=2

marc.info/?l=bugtraq&m=139808058921905&w=2

marc.info/?l=bugtraq&m=139817685517037&w=2

marc.info/?l=bugtraq&m=139817727317190&w=2

marc.info/?l=bugtraq&m=139817782017443&w=2

marc.info/?l=bugtraq&m=139824923705461&w=2

marc.info/?l=bugtraq&m=139824993005633&w=2

marc.info/?l=bugtraq&m=139833395230364&w=2

marc.info/?l=bugtraq&m=139835815211508&w=2

marc.info/?l=bugtraq&m=139835844111589&w=2

marc.info/?l=bugtraq&m=139836085512508&w=2

marc.info/?l=bugtraq&m=139842151128341&w=2

marc.info/?l=bugtraq&m=139843768401936&w=2

marc.info/?l=bugtraq&m=139869720529462&w=2

marc.info/?l=bugtraq&m=139869891830365&w=2

marc.info/?l=bugtraq&m=139889113431619&w=2

marc.info/?l=bugtraq&m=139889295732144&w=2

marc.info/?l=bugtraq&m=139905202427693&w=2

marc.info/?l=bugtraq&m=139905243827825&w=2

marc.info/?l=bugtraq&m=139905295427946&w=2

marc.info/?l=bugtraq&m=139905351928096&w=2

marc.info/?l=bugtraq&m=139905405728262&w=2

marc.info/?l=bugtraq&m=139905458328378&w=2

marc.info/?l=bugtraq&m=139905653828999&w=2

marc.info/?l=bugtraq&m=139905868529690&w=2

marc.info/?l=bugtraq&m=140015787404650&w=2

marc.info/?l=bugtraq&m=140075368411126&w=2

marc.info/?l=bugtraq&m=140724451518351&w=2

marc.info/?l=bugtraq&m=140752315422991&w=2

marc.info/?l=bugtraq&m=141287864628122&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

rhn.redhat.com/errata/RHSA-2014-0376.html

rhn.redhat.com/errata/RHSA-2014-0377.html

rhn.redhat.com/errata/RHSA-2014-0378.html

rhn.redhat.com/errata/RHSA-2014-0396.html

seclists.org/fulldisclosure/2014/Apr/109

seclists.org/fulldisclosure/2014/Apr/173

seclists.org/fulldisclosure/2014/Apr/190

seclists.org/fulldisclosure/2014/Apr/90

seclists.org/fulldisclosure/2014/Apr/91

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/57347

secunia.com/advisories/57483

secunia.com/advisories/57721

secunia.com/advisories/57836

secunia.com/advisories/57966

secunia.com/advisories/57968

secunia.com/advisories/59139

secunia.com/advisories/59243

secunia.com/advisories/59347

support.citrix.com/article/CTX140605

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

www-01.ibm.com/support/docview.wss?uid=isg400001841

www-01.ibm.com/support/docview.wss?uid=isg400001843

www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

www-01.ibm.com/support/docview.wss?uid=swg21670161

www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

www.blackberry.com/btsc/KB35882

www.debian.org/security/2014/dsa-2896

www.exploit-db.com/exploits/32745

www.exploit-db.com/exploits/32764

www.f-secure.com/en/web/labs_global/fsc-2014-1

www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

www.kb.cert.org/vuls/id/720951

www.kerio.com/support/kerio-control/release-history

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.openssl.org/news/secadv_20140407.txt

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/66690

www.securitytracker.com/id/1030026

www.securitytracker.com/id/1030074

www.securitytracker.com/id/1030077

www.securitytracker.com/id/1030078

www.securitytracker.com/id/1030079

www.securitytracker.com/id/1030080

www.securitytracker.com/id/1030081

www.securitytracker.com/id/1030082

www.splunk.com/view/SP-CAAAMB3

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

www.ubuntu.com/usn/USN-2165-1

www.us-cert.gov/ncas/alerts/TA14-098A

www.vmware.com/security/advisories/VMSA-2014-0012.html

www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

blog.torproject.org/blog/openssl-bug-cve-2014-0160

bugzilla.redhat.com/show_bug.cgi?id=1084875

cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

code.google.com/p/mod-spdy/issues/detail?id=85

filezilla-project.org/versions.php?type=server

gist.github.com/chapmajs/10473815

h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html

sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

www.cert.fi/en/reports/2014/vulnerability788210.html

www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd