CVE-2014-0160

CVE-2014-0160 Research Center

CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

7.5 high severity
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Created
07/04/2014

Products 9

Virtualization

by Redhat

10 Versions

20 days ago

Openssl

by Openssl

406 Versions

a month ago

Micollab

by Mitel

48 Versions

a month ago

Storage

by Redhat

3 Versions

10 months ago

Gluster Storage

by Redhat

15 Versions

10 months ago

Filezilla Server

by Filezilla-Project

40 Versions

7 years ago

Elan-8.2

by Siemens

3 Versions

7 years ago

Wincc Open Architecture

by Siemens

1 Version

7 years ago

Mivoice

by Mitel

5 Versions

7 years ago

Operating Systems 15

Debian Linux

by Debian

44 Versions

12 days ago

Fedora

by Fedoraproject

40 Versions

14 days ago

Opensuse

by Opensuse

43 Versions

2 months ago

Ubuntu Linux

by Canonical

138 Versions

3 months ago

Enterprise Linux Desktop

by Redhat

27 Versions

4 months ago

Enterprise Linux Server

by Redhat

25 Versions

6 months ago

Enterprise Linux Workstation

by Redhat

9 Versions

7 months ago

Enterprise Linux Server AUS

by Redhat

14 Versions

7 months ago

Virtualization

by Redhat

5 Versions

a year ago

Simatic S7-1500 Firmware

by Siemens

10 Versions

2 years ago

Vulnerability Categories 1

Improper Restriction of Operations within the Bounds of a Memory Buffer

xTags 10

#exposed_to_sensitive_information_disclosure

#easy_to_exploit

#known_vulnerability

#user_interaction_required_for_exploiting

#admin_privileges_required_for_exploiting

#confidentiality_impact_if_exploited

#integrity_impact_if_exploited

#availability_impact_if_exploited

#has_exploit

#tweeted_cves

Patch Links 6

https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E

Patch Now

https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E

Patch Now

http://cogentdatahub.com/ReleaseNotes.html

Patch Now

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

Patch Now

https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E

Patch Now

https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E

Patch Now

Advisory Links 127

https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://seclists.org/fulldisclosure/2014/Dec/23

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.kerio.com/support/kerio-control/release-history

http://cogentdatahub.com/ReleaseNotes.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://marc.info/?l=bugtraq&m=140752315422991&w=2

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

http://secunia.com/advisories/57836

http://secunia.com/advisories/57966

http://secunia.com/advisories/57968

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

http://secunia.com/advisories/59347

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

https://filezilla-project.org/versions.php?type=server

http://advisories.mageia.org/MGASA-2014-0165.html

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

http://heartbleed.com/

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

http://marc.info/?l=bugtraq&m=139722163017074&w=2

http://marc.info/?l=bugtraq&m=139757726426985&w=2

http://marc.info/?l=bugtraq&m=139757819327350&w=2

http://marc.info/?l=bugtraq&m=139757919027752&w=2

http://marc.info/?l=bugtraq&m=139758572430452&w=2

http://marc.info/?l=bugtraq&m=139765756720506&w=2

http://marc.info/?l=bugtraq&m=139774054614965&w=2

http://marc.info/?l=bugtraq&m=139774703817488&w=2

http://marc.info/?l=bugtraq&m=139808058921905&w=2

http://marc.info/?l=bugtraq&m=139817685517037&w=2

http://marc.info/?l=bugtraq&m=139817727317190&w=2

http://marc.info/?l=bugtraq&m=139817782017443&w=2

http://marc.info/?l=bugtraq&m=139824923705461&w=2

http://marc.info/?l=bugtraq&m=139824993005633&w=2

http://marc.info/?l=bugtraq&m=139833395230364&w=2

http://marc.info/?l=bugtraq&m=139835815211508&w=2

http://marc.info/?l=bugtraq&m=139835844111589&w=2

http://marc.info/?l=bugtraq&m=139836085512508&w=2

http://marc.info/?l=bugtraq&m=139842151128341&w=2

http://marc.info/?l=bugtraq&m=139843768401936&w=2

http://marc.info/?l=bugtraq&m=139869720529462&w=2

http://marc.info/?l=bugtraq&m=139869891830365&w=2

http://marc.info/?l=bugtraq&m=139889113431619&w=2

http://marc.info/?l=bugtraq&m=139889295732144&w=2

http://marc.info/?l=bugtraq&m=139905202427693&w=2

http://marc.info/?l=bugtraq&m=139905243827825&w=2

http://marc.info/?l=bugtraq&m=139905295427946&w=2

http://marc.info/?l=bugtraq&m=139905351928096&w=2

http://marc.info/?l=bugtraq&m=139905405728262&w=2

http://marc.info/?l=bugtraq&m=139905458328378&w=2

http://marc.info/?l=bugtraq&m=139905653828999&w=2

http://marc.info/?l=bugtraq&m=139905868529690&w=2

http://marc.info/?l=bugtraq&m=140015787404650&w=2

http://marc.info/?l=bugtraq&m=140075368411126&w=2

http://marc.info/?l=bugtraq&m=140724451518351&w=2

http://marc.info/?l=bugtraq&m=141287864628122&w=2

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

http://rhn.redhat.com/errata/RHSA-2014-0376.html

http://rhn.redhat.com/errata/RHSA-2014-0377.html

http://rhn.redhat.com/errata/RHSA-2014-0378.html

http://rhn.redhat.com/errata/RHSA-2014-0396.html

http://seclists.org/fulldisclosure/2014/Apr/109

http://seclists.org/fulldisclosure/2014/Apr/173

http://seclists.org/fulldisclosure/2014/Apr/190

http://seclists.org/fulldisclosure/2014/Apr/90

http://seclists.org/fulldisclosure/2014/Apr/91

http://secunia.com/advisories/57347

http://secunia.com/advisories/57483

http://secunia.com/advisories/57721

http://secunia.com/advisories/59139

http://secunia.com/advisories/59243

http://support.citrix.com/article/CTX140605

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

http://www.blackberry.com/btsc/KB35882

http://www.debian.org/security/2014/dsa-2896

http://www.exploit-db.com/exploits/32745

http://www.exploit-db.com/exploits/32764

http://www.f-secure.com/en/web/labs_global/fsc-2014-1

http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

http://www.kb.cert.org/vuls/id/720951

http://www.openssl.org/news/secadv_20140407.txt

http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

http://www.securityfocus.com/bid/66690

http://www.securitytracker.com/id/1030026

http://www.securitytracker.com/id/1030074

http://www.securitytracker.com/id/1030077

http://www.securitytracker.com/id/1030078

http://www.securitytracker.com/id/1030079

http://www.securitytracker.com/id/1030080

http://www.securitytracker.com/id/1030081

http://www.securitytracker.com/id/1030082

http://www.splunk.com/view/SP-CAAAMB3

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

http://www.ubuntu.com/usn/USN-2165-1

http://www.us-cert.gov/ncas/alerts/TA14-098A

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

http://www-01.ibm.com/support/docview.wss?uid=swg21670161

https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

https://bugzilla.redhat.com/show_bug.cgi?id=1084875

https://code.google.com/p/mod-spdy/issues/detail?id=85

https://gist.github.com/chapmajs/10473815

https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

https://www.cert.fi/en/reports/2014/vulnerability788210.html

https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E

https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E

http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By Kent Weigle

Mar 10, 2021

February Trending CVEs: CVE-2021-3156

As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month (who's excited for winter to be over?! 😁☀️🌷). Brace yourself! Ok, here we go.

By Kent Weigle

Mar 10, 2021

February Trending CVEs: CVE-2020-1472

By Kent Weigle

Mar 10, 2021

February Trending CVEs: CVE-2021-24078

By Kent Weigle

Feb 01, 2021

Top Trending CVEs of January 2021

Well, we made it through the first month of 2021! (Hopefully without any scratches or bruises 😅). As stewards of the lush and vast landscape of security vulnerabilities, we felt obliged to share with you the top trending CVEs of the past month. So, without further ado, The Top Trending CVEs of January 2021:

By Kent Weigle

Dec 22, 2020

Security Vulnerability Examples

As the threat landscape changes, the ability to address the most common types of security vulnerabilities is vital for robust protection. As information becomes the most essential asset for an organization, cybersecurity gains much more importance. To successfully conduct your business and preserve the hard-earned reputation of your company, you need to protect your data from malicious attacks, data breaches and hackers.

By Kent Weigle

Dec 22, 2020

Zoom Security Vulnerabilities

As if times haven’t been hard enough, businesses are dealing with new security threats while employees work from home and some have major issues with one of the most popular video conferencing platforms, Zoom.

By Kent Weigle

Dec 22, 2020

What is a Vulnerability?

This article will offer a quick guide to vulnerabilities – what they are, how they can be exploited and the consequences of exploitation. A vulnerability is a weakness in an asset that can be exploited by cyber attackers. It’s a known issue that allows an attack to succeed.

By Kent Weigle

Dec 21, 2020

Top 10 Software Vulnerabilities

Security testing is an assessment of the sensitivity of a software vulnerability to various attacks. What type of attacks? Mainly unauthorized breaches into the system with the aim of extracting data about users or getting confidential information. With the help of vulnerabilities present in the software code, attackers can achieve their objectives.

By Kent Weigle

Dec 21, 2020

Zero-Day Vulnerability: Defense Strategies

A zero-day is a weakness in hardware, software or firmware that is not known to the parties responsible for patching or fixing the flaw. The term zero refers to an attack that has zero days between the time the vulnerability is discovered and the first attack. Once a zero-day vulnerability is known to the public, it’s known as a one-day or n-day vulnerability.

Start Closing Security Gaps

Risk reduction from Day 1
Fast set-up and deployment
Unified platform
Full-featured 30-day trial

See TOPIA in Live!

Start Free Trial!