Vulnerability Details : CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
At least one public exploit which can be used to exploit this vulnerability exists!
Threat overview for CVE-2014-0160
Top countries where our scanners detected CVE-2014-0160
Top open port discovered on systems with this issue
21
IPs affected by CVE-2014-0160 276
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-0160!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
CVE-2014-0160
is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
OpenSSL Information Disclosure Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.
Added on
2022-05-04
Action due date
2022-05-25
Exploit prediction scoring system (EPSS) score for CVE-2014-0160
Probability of exploitation activity in the next 30 days: 97.53%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-0160
-
OpenSSL Heartbeat (Heartbleed) Information Leak
Disclosure Date: 2014-04-07First seen: 2020-04-26auxiliary/scanner/ssl/openssl_heartbleedThis module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports se -
OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
Disclosure Date: 2014-04-07First seen: 2020-04-26auxiliary/server/openssl_heartbeat_client_memoryThis module provides a fake SSL service that is intended to leak memory from client systems as they connect. This module is hardcoded for using the AES-128-CBC-SHA1 cipher. Authors: - Neel Mehta - Riku - Antti - Matti - hdm <x@hdm.io>
CVSS scores for CVE-2014-0160
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
nvd@nist.gov |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
nvd@nist.gov |
CWE ids for CVE-2014-0160
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0160
-
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
Schneider ElectricBroken Link
-
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
[SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20Mailing List;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=141287864628122&w=2
'[security bulletin] HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of I' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139817782017443&w=2
'[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure' - MARCThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
[security-announce] openSUSE-SU-2014:0492-1: important: update for opensMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1030079
Cisco Security Manager OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
IBM notice: The page you requested cannot be displayedBroken Link
-
http://marc.info/?l=bugtraq&m=139889295732144&w=2
'[security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers,' - MARCThird Party Advisory
-
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
Enterprise Chef 11.1.3 Release - Chef BlogThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
[SECURITY] Fedora 20 Update: openssl-1.0.1e-37.fc20.1Third Party Advisory
-
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Broken Link
-
http://marc.info/?l=bugtraq&m=139824923705461&w=2
'[security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139817727317190&w=2
'[security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of' - MARCThird Party Advisory
-
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
Pony Mail!Mailing List;Patch;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=139835815211508&w=2
'[security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, ' - MARCThird Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
VMSA-2014-0012.1Not Applicable
-
http://rhn.redhat.com/errata/RHSA-2014-0377.html
RHSA-2014:0377 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0376.html
RHSA-2014:0376 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony MailMailing List;Patch;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
OpenSSL Heartbleed Vulnerability CVE-2014-0160Third Party Advisory
-
http://marc.info/?l=bugtraq&m=140752315422991&w=2
'[security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows ru' - MARCThird Party Advisory
-
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
Vulnerability Report - "Heartbleed" security vulnerability found in certain versions of SAN Datamover used in Unisys MCP PlatformsThird Party Advisory
-
http://www.securitytracker.com/id/1030077
Splunk OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/32764
OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS Versions) - Multiple remote ExploitExploit;Third Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Oracle Critical Patch Update - July 2014Third Party Advisory
-
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
Chef Server 11.0.12 Release - Chef BlogThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139905351928096&w=2
'[security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running ' - MARCThird Party Advisory
-
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
[syslog-ng-announce] syslog-ng Premium Edition 5 LTS (5.0.4a) has been releasedThird Party Advisory
-
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
Third Party Advisory
-
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ - Pony MailMailing List;Patch;Third Party Advisory
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco ProductsThird Party Advisory
-
http://marc.info/?l=bugtraq&m=140724451518351&w=2
'[security bulletin] HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interac' - MARCThird Party Advisory
-
http://www.openssl.org/news/secadv_20140407.txt
Vendor Advisory
-
http://marc.info/?l=bugtraq&m=139824993005633&w=2
'[security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, R' - MARCThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
IBM Tivoli Composite Application Manager for Transactions Internet Service Monitoring 7.4 Interim Fix 13 README Tivoli Composite Application Manager for Transactions 7.4.0.0 7.4.0.0-TIV-CAMIS-IF0013 RThird Party Advisory
-
http://www.securitytracker.com/id/1030078
Cisco Unified Communications Manager OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=139905653828999&w=2
'[security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of' - MARCThird Party Advisory
-
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
Vulnerability Report - OpenSSL "Heartbleed" vulnerability on OS 2200 QProcessorThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139843768401936&w=2
'[security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU' - MARCThird Party Advisory
-
http://www.blackberry.com/btsc/KB35882
Broken Link
-
http://seclists.org/fulldisclosure/2014/Apr/109
Full Disclosure: Re: heartbleed OpenSSL bug CVE-2014-0160Mailing List;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=140015787404650&w=2
'[security bulletin] HPSBMU03040 rev.1 - HP LoadRunner & HP Performance Center, running OpenSSL, Remo' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139808058921905&w=2
'[security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running ' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139758572430452&w=2
'[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of' - MARCThird Party Advisory
-
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
Chef Server Heartbleed (CVE-2014-0160) Releases - Chef BlogThird Party Advisory
-
http://www.securitytracker.com/id/1030082
Cisco IOS XE OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2014-0378.html
RHSA-2014:0378 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2165-1
USN-2165-1: OpenSSL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.splunk.com/view/SP-CAAAMB3
Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014 | SplunkThird Party Advisory
-
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
Not Applicable
-
http://advisories.mageia.org/MGASA-2014-0165.html
Mageia Advisory: MGASA-2014-0165 - Updated openssl package fix two security vulnerabilitiesThird Party Advisory
-
http://www.debian.org/security/2014/dsa-2896
Debian -- Security Information -- DSA-2896-1 opensslThird Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/190
Full Disclosure: Re: heartbleed OpenSSL bug CVE-2014-0160Mailing List;Third Party Advisory
-
http://heartbleed.com/
Heartbleed BugThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139757726426985&w=2
'[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running Op' - MARCThird Party Advisory
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL VersionThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139757819327350&w=2
'[security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux' - MARCThird Party Advisory
-
https://gist.github.com/chapmajs/10473815
Check your system rubies for vulnerable OpenSSL (CVE-2014-0160 "Heartbleed") · GitHubThird Party Advisory
-
http://seclists.org/fulldisclosure/2014/Dec/23
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilitiesMailing List;Third Party Advisory
-
http://www.kerio.com/support/kerio-control/release-history
Kerio Control small business firewallThird Party Advisory
-
http://www.securitytracker.com/id/1030081
Cisco Mobility Services Engine OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
IBM Security Bulletin: IBM DS8870 Release 7.2 is affected by an additional vulnerability in OpenSSL (CVE-2014-0160)Third Party Advisory
-
http://secunia.com/advisories/59139
Sign inThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139869720529462&w=2
'[security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Informa' - MARCThird Party Advisory
-
http://secunia.com/advisories/59347
Sign inThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
[SECURITY] Fedora 19 Update: openssl-1.0.1e-37.fc19.1Third Party Advisory
-
http://marc.info/?l=bugtraq&m=139836085512508&w=2
'[security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repositor' - MARCThird Party Advisory
-
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
FSC-2014-1 | F-SecureThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139869891830365&w=2
'[security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running Op' - MARCThird Party Advisory
-
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
KB Article | Forcepoint SupportNot Applicable
-
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
OpenSSL ‘heartbleed’ bug live blog – Fox-IT International blogThird Party Advisory
-
http://marc.info/?l=bugtraq&m=140075368411126&w=2
'[security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclos' - MARCThird Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/91
Full Disclosure: Re: heartbleed OpenSSL bug CVE-2014-0160Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
1084875 – (CVE-2014-0160, Heartbleed) CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packetsIssue Tracking;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0396.html
RHSA-2014:0396 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.cert.fi/en/reports/2014/vulnerability788210.html
Etusivu | KyberturvallisuuskeskusThird Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/90
Full Disclosure: heartbleed OpenSSL bug CVE-2014-0160Mailing List;Third Party Advisory
-
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/ - Pony MailMailing List;Patch;Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
Third Party Advisory
-
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
#Heartbleed; The hearts continue to bleed... ~ Skull ArmyExploit;Third Party Advisory
-
http://support.citrix.com/article/CTX140605
CVE-2014-0160 - Citrix Security Advisory for the Heartbleed vulnerabilityThird Party Advisory
-
http://cogentdatahub.com/ReleaseNotes.html
Release Notes | Cogent DataHubRelease Notes;Third Party Advisory
-
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SecurityFocusNot Applicable;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
openSUSE-SU-2014:0560-1: moderate: update for opensslMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2014/Apr/173
Full Disclosure: MRI Rubies may contain statically linked, vulnerable OpenSSLMailing List;Third Party Advisory
-
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
RICON Industrial Cellular Router Heartbleed Attack - Yunus Şahin - MediumExploit;Third Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
IBM Tivoli Composite Application Manager for Transactions Internet Service Monitoring 7.3.0.1 Interim Fix 29 README Tivoli Composite Application Manager for Transactions 7.3.0.1 7.3.0.1-TIV-CAMIS-IF00Third Party Advisory
-
http://marc.info/?l=bugtraq&m=139905243827825&w=2
'[security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Softw' - MARCThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
[security-announce] SUSE Security Announcement: openssl "HeartBleed" attMailing List;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=139905405728262&w=2
'[security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Softw' - MARCThird Party Advisory
-
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
Third Party Advisory
-
https://filezilla-project.org/versions.php?type=server
FileZilla - Version historyRelease Notes;Third Party Advisory
-
http://marc.info/?l=bugtraq&m=139757919027752&w=2
'[security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclo' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139765756720506&w=2
'[security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software),' - MARCThird Party Advisory
-
http://www.securityfocus.com/bid/66690
OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=139722163017074&w=2
'[security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139889113431619&w=2
'[security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows ru' - MARCThird Party Advisory
-
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
Mitel Product Security Advisory 17-0008Third Party Advisory
-
http://marc.info/?l=bugtraq&m=139835844111589&w=2
'[security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Prin' - MARCThird Party Advisory
-
http://www.exploit-db.com/exploits/32745
OpenSSL TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure - Multiple remote ExploitExploit;Third Party Advisory;VDB Entry
-
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
OpenSSL bug CVE-2014-0160 | Tor BlogThird Party Advisory
-
http://secunia.com/advisories/59243
Sign inThird Party Advisory
-
http://www.kb.cert.org/vuls/id/720951
VU#720951 - OpenSSL TLS heartbeat extension read overflow discloses sensitive informationThird Party Advisory;US Government Resource
-
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
git.openssl.org Git - openssl.git/commitPatch;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=139774054614965&w=2
'[security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerabil' - MARCThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
mandriva.comThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139905295427946&w=2
'[security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remo' - MARCThird Party Advisory
-
https://code.google.com/p/mod-spdy/issues/detail?id=85
Google Code Archive - Long-term storage for Google Code Project Hosting.Third Party Advisory
-
http://marc.info/?l=bugtraq&m=139774703817488&w=2
'[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerab' - MARCThird Party Advisory
-
http://www.securitytracker.com/id/1030026
OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=139905868529690&w=2
'[security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using H' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139842151128341&w=2
'[security bulletin] HPSBST03016 rev.1 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP M' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=142660345230545&w=2
'[security bulletin] HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139833395230364&w=2
'[security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux ' - MARCThird Party Advisory
-
http://www.securitytracker.com/id/1030080
WebEx Meetings Server OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=139905202427693&w=2
'[security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote ' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139905458328378&w=2
'[security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 runni' - MARCThird Party Advisory
-
http://marc.info/?l=bugtraq&m=139817685517037&w=2
'[security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running ' - MARCThird Party Advisory
-
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
Enterprise Chef 1.4.9 Release - Chef BlogThird Party Advisory
-
http://www.securitytracker.com/id/1030074
BlackBerry Link OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.us-cert.gov/ncas/alerts/TA14-098A
OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160) | CISAThird Party Advisory;US Government Resource
Products affected by CVE-2014-0160
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
- cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*
- cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*
- cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*
- cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*
- cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*
- cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*
- cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*
- cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*
- cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*
- cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*
- cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\):*:*:*:*:*:*:*