CVE-2014-0160
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
References
advisories.mageia.org/MGASA-2014-0165.html
blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
cogentdatahub.com/ReleaseNotes.html
download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
heartbleed.com/
lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
marc.info/?l=bugtraq&m=139722163017074&w=2
marc.info/?l=bugtraq&m=139757726426985&w=2
marc.info/?l=bugtraq&m=139757819327350&w=2
marc.info/?l=bugtraq&m=139757919027752&w=2
marc.info/?l=bugtraq&m=139758572430452&w=2
marc.info/?l=bugtraq&m=139765756720506&w=2
marc.info/?l=bugtraq&m=139774054614965&w=2
marc.info/?l=bugtraq&m=139774703817488&w=2
marc.info/?l=bugtraq&m=139808058921905&w=2
marc.info/?l=bugtraq&m=139817685517037&w=2
marc.info/?l=bugtraq&m=139817727317190&w=2
marc.info/?l=bugtraq&m=139817782017443&w=2
marc.info/?l=bugtraq&m=139824923705461&w=2
marc.info/?l=bugtraq&m=139824993005633&w=2
marc.info/?l=bugtraq&m=139833395230364&w=2
marc.info/?l=bugtraq&m=139835815211508&w=2
marc.info/?l=bugtraq&m=139835844111589&w=2
marc.info/?l=bugtraq&m=139836085512508&w=2
marc.info/?l=bugtraq&m=139842151128341&w=2
marc.info/?l=bugtraq&m=139843768401936&w=2
marc.info/?l=bugtraq&m=139869720529462&w=2
marc.info/?l=bugtraq&m=139869891830365&w=2
marc.info/?l=bugtraq&m=139889113431619&w=2
marc.info/?l=bugtraq&m=139889295732144&w=2
marc.info/?l=bugtraq&m=139905202427693&w=2
marc.info/?l=bugtraq&m=139905243827825&w=2
marc.info/?l=bugtraq&m=139905295427946&w=2
marc.info/?l=bugtraq&m=139905351928096&w=2
marc.info/?l=bugtraq&m=139905405728262&w=2
marc.info/?l=bugtraq&m=139905458328378&w=2
marc.info/?l=bugtraq&m=139905653828999&w=2
marc.info/?l=bugtraq&m=139905868529690&w=2
marc.info/?l=bugtraq&m=140015787404650&w=2
marc.info/?l=bugtraq&m=140075368411126&w=2
marc.info/?l=bugtraq&m=140724451518351&w=2
marc.info/?l=bugtraq&m=140752315422991&w=2
marc.info/?l=bugtraq&m=141287864628122&w=2
marc.info/?l=bugtraq&m=142660345230545&w=2
public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
rhn.redhat.com/errata/RHSA-2014-0376.html
rhn.redhat.com/errata/RHSA-2014-0377.html
rhn.redhat.com/errata/RHSA-2014-0378.html
rhn.redhat.com/errata/RHSA-2014-0396.html
seclists.org/fulldisclosure/2014/Apr/109
seclists.org/fulldisclosure/2014/Apr/173
seclists.org/fulldisclosure/2014/Apr/190
seclists.org/fulldisclosure/2014/Apr/90
seclists.org/fulldisclosure/2014/Apr/91
seclists.org/fulldisclosure/2014/Dec/23
secunia.com/advisories/57347
secunia.com/advisories/57483
secunia.com/advisories/57721
secunia.com/advisories/57836
secunia.com/advisories/57966
secunia.com/advisories/57968
secunia.com/advisories/59139
secunia.com/advisories/59243
secunia.com/advisories/59347
support.citrix.com/article/CTX140605
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
www-01.ibm.com/support/docview.wss?uid=isg400001841
www-01.ibm.com/support/docview.wss?uid=isg400001843
www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
www-01.ibm.com/support/docview.wss?uid=swg21670161
www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
www.blackberry.com/btsc/KB35882
www.debian.org/security/2014/dsa-2896
www.exploit-db.com/exploits/32745
www.exploit-db.com/exploits/32764
www.f-secure.com/en/web/labs_global/fsc-2014-1
www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
www.kb.cert.org/vuls/id/720951
www.kerio.com/support/kerio-control/release-history
www.mandriva.com/security/advisories?name=MDVSA-2015:062
www.openssl.org/news/secadv_20140407.txt
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
www.securityfocus.com/archive/1/534161/100/0/threaded
www.securityfocus.com/bid/66690
www.securitytracker.com/id/1030026
www.securitytracker.com/id/1030074
www.securitytracker.com/id/1030077
www.securitytracker.com/id/1030078
www.securitytracker.com/id/1030079
www.securitytracker.com/id/1030080
www.securitytracker.com/id/1030081
www.securitytracker.com/id/1030082
www.splunk.com/view/SP-CAAAMB3
www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
www.ubuntu.com/usn/USN-2165-1
www.us-cert.gov/ncas/alerts/TA14-098A
www.vmware.com/security/advisories/VMSA-2014-0012.html
www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
blog.torproject.org/blog/openssl-bug-cve-2014-0160
bugzilla.redhat.com/show_bug.cgi?id=1084875
cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
code.google.com/p/mod-spdy/issues/detail?id=85
filezilla-project.org/versions.php?type=server
gist.github.com/chapmajs/10473815
h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
www.cert.fi/en/reports/2014/vulnerability788210.html
www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
Social References
More
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%