Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vmwareVMwareVMSA-2014-0004
HistoryApr 14, 2014 - 12:00 a.m.

VMware product updates address OpenSSL security vulnerabilities

2014-04-1400:00:00
www.vmware.com
192

0.975 High

EPSS

Percentile

100.0%

JSON

a. Information Disclosure vulnerability in OpenSSL third party library

The OpenSSL library is updated to version openssl-1.0.1g to resolve multiple security issues

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2014-0076 and CVE-2014-0160 to these issues.

CVE-2014-0160 is known as the Heartbleed issue. More information on this issue may be found in the reference section.

To remediate the issue for products that have updated versions or patches available, perform these steps:

  • Deploy the VMware product update or product patches
  • Replace certificates per the product-specific documentation
  • Reset passwords per the product-specific documentation

Section 4 lists product-specific references to installation instructions and certificate management documentation.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

Note: Products that are not affected by thses issues have been documented in VMware Knowledge Base article 2076225.

Related

nessus 53
altlinux 4
openvas 24
securityvulns 21
mageia 1
ubuntu 1
ibm 40
slackware 1
gentoo 1
vmware 1
freebsd_advisory 1
f5 2
openssl 2
seebug 8
prion 2
threatpost 3
veracode 1
cve 1
freebsd 1
debiancve 2
ubuntucve 1
osv 1
intel 1
symantec 1
thn 2
exploitpack 1
hp 2
zdt 2
packetstorm 3
hackerone 2
ics 3
kitploit 2
oraclelinux 1
qt 1
redhat 1
myhack58 1
vulnerlab 1
centos 1
cert 1
cisco 1
nessus
nessus
Slackware 14.0 / 14.1 / current : openssl (SSA:2014-098-01)
2014-04-08 00:00:00
VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
2014-04-21 00:00:00
VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)
2014-04-21 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 1.0.1g-alt1
2014-04-07 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.1g-alt1
2014-04-07 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.1g-alt1
2014-04-07 00:00:00
openvas
openvas
VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities
2014-05-08 00:00:00
VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities
2014-05-08 00:00:00
Slackware: Security Advisory (SSA:2014-098-01)
2022-04-21 00:00:00
securityvulns
securityvulns
[USN-2165-1] OpenSSL vulnerabilities
2014-04-08 00:00:00
FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED]
2014-04-20 00:00:00
OpenSSL security vulnerabilities
2014-05-30 00:00:00
mageia
mageia
Updated openssl package fix two security vulnerabilities
2014-04-08 11:58:47
ubuntu
ubuntu
OpenSSL vulnerabilities
2014-04-07 00:00:00
ibm
ibm
Security Bulletin: BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
2023-04-14 14:32:25
Security Bulletin: IBM Systems Director is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
2019-01-30 08:35:01
Security Bulletin: IBM Systems Director Storage Control is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)
2022-08-23 16:46:40
slackware
slackware
[slackware-security] openssl
2014-04-08 15:05:22
gentoo
gentoo
OpenSSL: Information Disclosure
2014-04-08 00:00:00
vmware
vmware
VMware product updates address OpenSSL security vulnerabilities
2014-04-14 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:06.openssl
2014-04-08 00:00:00
f5
f5
SOL15295 - OpenSSL vulnerability CVE-2014-0076
2014-05-29 00:00:00
K15295 : OpenSSL vulnerability CVE-2014-0076
2014-05-29 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2014-0076
2014-02-14 00:00:00
Vulnerability in OpenSSL CVE-2014-0160
2014-04-07 00:00:00
seebug
seebug
OpenSSL ECDSA Nonces恢复漏洞
2014-03-25 00:00:00
Kerio Control OpenSSL TLS心跳信息泄漏漏洞
2014-04-16 00:00:00
Splunk OpenSSL TLS心跳信息泄漏漏洞
2014-04-16 00:00:00
prion
prion
Design/Logic Flaw
2014-03-25 13:25:00
Buffer overflow
2014-04-07 22:55:00
threatpost
threatpost
Second NSA Crypto Tool Found in RSA BSafe
2014-03-31 15:59:27
Tor Blacklisting Exit Nodes Vulnerable to Heartbleed Bug
2014-04-17 11:40:41
April 2014 Oracle Critical Patch Update
2014-04-16 12:32:06
veracode
veracode
Side-channel Timing Attack
2017-02-08 02:53:24
cve
cve
CVE-2014-0076
2014-03-25 13:25:00
freebsd
freebsd
OpenSSL -- Local Information Disclosure
2014-04-07 00:00:00
debiancve
debiancve
CVE-2014-0076
2014-03-25 13:25:00
CVE-2014-0160
2014-04-07 22:55:00
ubuntucve
ubuntucve
CVE-2014-0076
2014-03-25 00:00:00
osv
osv
openssl - security update
2014-04-07 00:00:00
intel
intel
Multiple Intel Software Products and API Services impacted by CVE-2014-0160
2014-04-30 00:00:00
symantec
symantec
Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version
2016-05-12 08:00:00
thn
thn
How to Protect yourself from the 'Heartbleed' Bug
2014-04-10 07:58:00
Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug
2017-01-22 23:27:00
exploitpack
exploitpack
OpenSSL TLS Heartbeat Extension - Heartbleed Memory Disclosure
2014-04-08 00:00:00
hp
hp
HPSBPI03014 rev.2 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information
2014-04-22 00:00:00
HPSBPI03031 rev.3 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
2014-04-30 00:00:00
zdt
zdt
OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)
2014-04-09 00:00:00
Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support
2014-04-24 00:00:00
packetstorm
packetstorm
OpenSSL Heartbeat (Heartbleed) Information Leak
2014-04-10 00:00:00
OpenSSL TLS Heartbeat Extension Memory Disclosure
2014-04-08 00:00:00
Heartbleed User Session Extraction
2014-04-09 00:00:00
hackerone
hackerone
Mail.ru: OpenSSL HeartBleed (CVE-2014-0160)
2014-10-23 15:12:13
Concrete CMS: https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)
2014-04-08 11:01:31
ics
ics
Unified Automation OPC SDK OpenSSL Vulnerability
2018-09-06 12:00:00
OpenSSL Vulnerability
2018-08-27 12:00:00
Certec atvise scada OpenSSL Heartbleed Vulnerability
2018-08-23 12:00:00
kitploit
kitploit
Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)
2014-04-10 00:55:00
Heartbleed Vulnerability Scanner - Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)
2015-10-01 09:47:00
oraclelinux
oraclelinux
openssl security update
2014-04-07 00:00:00
qt
qt
Heartbleed Bug (CVE-2014-0160) and Qt
2014-04-10 00:00:00
redhat
redhat
(RHSA-2014:0376) Important: openssl security update
2014-04-08 00:00:00
myhack58
myhack58
Than imagined more terror! OpenSSL“effort”vulnerability in-depth analysis-vulnerability warning-the black bar safety net
2014-04-10 00:00:00
vulnerlab
vulnerlab
HeartBleed SSL CVE 20140160 - 10 Steps to Fix in Ubuntu
2014-04-09 00:00:00
centos
centos
openssl security update
2014-04-08 02:54:58
cert
cert
OpenSSL TLS heartbeat extension read overflow discloses sensitive information
2014-04-08 00:00:00
cisco
cisco
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
2014-04-09 03:00:00

0.975 High

EPSS

Percentile

100.0%

JSON
Related for VMSA-2014-0004
nessus53altlinux4openvas24securityvulns21mageia1ubuntu1ibm40slackware1gentoo1vmware1freebsd_advisory1f52openssl2seebug8prion2threatpost3veracode1cve1freebsd1debiancve2ubuntucve1osv1intel1symantec1thn2exploitpack1hp2zdt2packetstorm3hackerone2ics3kitploit2oraclelinux1qt1redhat1myhack581vulnerlab1centos1cert1cisco1