ID

VAR-201404-0592


CVE

CVE-2014-0160


TITLE

OpenSSL TLS heartbeat extension read overflow discloses sensitive information

Trust: 0.8

sources: CERT/CC: VU#720951

DESCRIPTION

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as "heartbleed.". LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. Versions prior to LibYAML 0.1.6 are vulnerable. Notes Customers also have the option to downgrade OA firmware to any version prior to OA v4.11 if that meets the requisite Hardware/feature support for the enclosure configuration. No action is required unless the OA is running the firmware versions explicitly listed as vulnerable. Update to version 0.2.4.22 solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the heartbleed bug in OpenSSL (CVE-2014-0160). - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. - The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy. - Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others. - Clients now try to advertise the same list of ciphersuites as Firefox 28. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions: 671H_GS00601 665H_GS12501 663H_GS04601 HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions: 655H_GS10201 HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below. Mitigation Instructions The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI: Product Configuration Options to Disable TLS Heartbeat Functions Secure SMI-S CVTL User Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. NOTE: No patch will be available for HP 3PAR OS 3.1.2 GA. HP recommends that customers with arrays running HP 3PAR OS 3.1.2 GA should upgrade to the latest available MU or HP 3PAR OS 3.1.3 P01. HP 3PAR OS Version Available patch HP 3PAR OS 3.1.3 P01 HP 3PAR OS 3.1.2 MU1, MU2, and MU3 P39 HP can perform the upgrade. Contact the HP global deployment center at 3par-sps@hp.com. Please include the HP 3PAR StoreServ Storage system serial number in the subject line. The email service is available 24 hours a day, 7 days a week. A support case can be opened to request the upgrade, but the email service is recommended. No controller node reboot is required for the patch, when staying with the same OS version. HISTORY Version:1 (rev.1) - 22 April 2014 Initial release Version:2 (rev.2) - 23 April 2014 Added recommendation for use of 3PAR OS Management Tools. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : openssl Date : March 27, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in openssl: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298). The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567). The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569). The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate&#039;s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204). The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205). Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (CVE-2015-0206). Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209). The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286). The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287). The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288). The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 7 HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-11 Last Updated: 2014-05-14 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. References: CVE-2014-0160 (SSRT101499) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes HP Service Manager v9.32, v9.33 Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04248997 HP Asset Manager v9.40, v9.40 CSC Security Bulletin HPSBMU03018: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260505 HP UCMDB Browser v1.x, v2.x, v3.x Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353 note: APR enabled on Tomcat includes an affected OpenSSL version HP UCMDB Configuration Manager v9.1x, v9.2x, v9.3x, v10.01, v10.10 Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353 HP CIT (ConnectIT) v9.52, v9.53 Security bulletin HPSBMU03017: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260456 HP Executive Scorecard v9.40, v9.41 HP Server Automation v10.00, v10.01 Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04250814 HP Diagnostics v9.23, v9.23 IP1 Security bulletin HPSBMU03025 : https://h20564.www2.hp.com/portal/site/hpsc/ public/kb/docDisplay?docId=emr_na-c04267775 HP Business Process Monitor v.9.23, v.9.24 HP LoadRunner v11.52, v12.0 Security bulletin HPSBMU03040: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay?docId=emr_na-c04286049 HP Performance Center v11.52, v12.0 Security bulletin HPSBMU03040: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay?docId=emr_na-c04286049 HP Autonomy WorkSite Server v9.0 SP1 (on-premises software) Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04239374 Impacted Versions table BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Version:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server as impacted. Added security bulletin pointers for Service Manager, Server Automation and Worksite Server Version:4 (rev.4) - 18 April 2014 Changed impacted version list for UCMDB Browser Version:5 (rev.5) - 23 April 2014 Added security bulletins pointers for HP Asset Manager, HP UCMDB Browser, HP UCMDB Configuration Manager and HP CIT (ConnectIT) Version:6 (rev.6) - 28 April 2014 Added security bulletin link for HP Diagnostics, added HP Business Process Monitor to the product list Version:7 (rev.7) - 14 May 2014 Added links to patches for LoadRunner and Performance Center Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlN0pmwACgkQ4B86/C0qfVm6pgCg9x7C/VRD+qhhR5HrGHNeHbYS JdoAn3DM0TJiQM9mg3xB6nU3rrWkFq1E =F8zW -----END PGP SIGNATURE----- . HP Multimedia Service Environment (MSE) 2.1.1 HP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001, 002, 003 HP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003 Only the MSE (ACM TMP) database set up with Replication using SSL is impacted for the above versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Advisory ID: cisco-sa-20140430-tcte Revision 1.0 For Public Release 2014 April 30 16:00 UTC (GMT) Summary ======= Cisco TelePresence TC and TE Software are affected by the following vulnerabilities: Six Session Initiation Protocol (SIP) denial of service vulnerabilities Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability Cisco TelePresence TC and TE Software Input Validation Vulnerability Cisco TelePresence TC and TE Software tshell Command Injection Vulnerability Cisco TelePresence TC and TE Software Heap Overflow Vulnerability Cisco TelePresence TC and TE Software U-Boot Buffer Overflow Vulnerability Cisco TelePresence TC and TE Software Unauthenticated Serial Port Access Vulnerability Cisco TelePresence TC H.225 Denial of Service Vulnerability Successful exploitation of these vulnerabilities could allow an attacker to cause the affected system to reload, execute arbitrary commands or obtain privileged access to the affected system. There are no workarounds that mitigate these vulnerabilities. This bulletin will be revised when the software updates are released. The Virtual Connect firmware itself is not vulnerable to CVE-2014-0160 (Heartbleed), however, the installer component in versions 4.10 and 4.20 of Virtual Connect does have the vulnerability, and should be replaced with versions 4.10b or 4.20b, or the latest version of Virtual Connect Support Utility referenced below. The VCSU vulnerability is only present during the firmware upgrade process

Trust: 3.33

sources: NVD: CVE-2014-0160 // CERT/CC: VU#720951 // BID: 66478 // PACKETSTORM: 126162 // PACKETSTORM: 127069 // PACKETSTORM: 126451 // PACKETSTORM: 127279 // PACKETSTORM: 126581 // PACKETSTORM: 126461 // PACKETSTORM: 131044 // PACKETSTORM: 126563 // PACKETSTORM: 126452 // VULMON: CVE-2014-0160 // PACKETSTORM: 126465 // PACKETSTORM: 126647 // PACKETSTORM: 127749 // PACKETSTORM: 126421 // PACKETSTORM: 126280 // PACKETSTORM: 126325

AFFECTED PRODUCTS

vendor:filezillamodel:serverscope:ltversion:0.9.44

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.5

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.3

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:redhatmodel:storagescope:eqversion:2.1

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.1.3.3

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.3.2.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500tscope:eqversion:1.5

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.5

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:siemensmodel:wincc open architecturescope:eqversion:3.12

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.24

Trust: 1.0

vendor:splunkmodel:splunkscope:ltversion:6.0.3

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.2.0.11

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:6.0

Trust: 1.0

vendor:riconmodel:s9922lscope:eqversion:16.10.3\(3794\)

Trust: 1.0

vendor:intellianmodel:v60scope:eqversion:1.25

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.6.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.0

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.3.0.104

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:19

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.20

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:13.10

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:20

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.1g

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.21

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.1

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.4.0.102

Trust: 1.0

vendor:siemensmodel:cp 1543-1scope:eqversion:1.1

Trust: 1.0

vendor:splunkmodel:splunkscope:gteversion:6.0.0

Trust: 1.0

vendor:redhatmodel:virtualizationscope:eqversion:6.0

Trust: 1.0

vendor:intellianmodel:v60scope:eqversion:1.15

Trust: 1.0

vendor:redhatmodel:gluster storagescope:eqversion:2.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.1

Trust: 1.0

vendor:siemensmodel:application processing enginescope:eqversion:2.0

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.1.2.5

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.6.0

Trust: 1.0

vendor:siemensmodel:elan-8.2scope:ltversion:8.3.3

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.5

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.2

Trust: 1.0

vendor:siemensmodel:simatic s7-1500scope:eqversion:1.5

Trust: 1.0

vendor:amazonmodel: - scope: - version: -

Trust: 0.8

vendor:arch linuxmodel: - scope: - version: -

Trust: 0.8

vendor:arubamodel: - scope: - version: -

Trust: 0.8

vendor:attachmatemodel: - scope: - version: -

Trust: 0.8

vendor:bee waremodel: - scope: - version: -

Trust: 0.8

vendor:blue coatmodel: - scope: - version: -

Trust: 0.8

vendor:camodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:extrememodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:fedoramodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:global associatesmodel: - scope: - version: -

Trust: 0.8

vendor:googlemodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:hitachimodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:intelmodel: - scope: - version: -

Trust: 0.8

vendor:junipermodel: - scope: - version: -

Trust: 0.8

vendor:mandriva s amodel: - scope: - version: -

Trust: 0.8

vendor:marklogicmodel: - scope: - version: -

Trust: 0.8

vendor:mcafeemodel: - scope: - version: -

Trust: 0.8

vendor:nvidiamodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openbsdmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel: - scope: - version: -

Trust: 0.8

vendor:openvpnmodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:slackware linuxmodel: - scope: - version: -

Trust: 0.8

vendor:sophosmodel: - scope: - version: -

Trust: 0.8

vendor:symantecmodel: - scope: - version: -

Trust: 0.8

vendor:ubuntumodel: - scope: - version: -

Trust: 0.8

vendor:unisysmodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:watchguardmodel: - scope: - version: -

Trust: 0.8

vendor:wind rivermodel: - scope: - version: -

Trust: 0.8

vendor:nginxmodel: - scope: - version: -

Trust: 0.8

vendor:opensusemodel: - scope: - version: -

Trust: 0.8

vendor:pfsensemodel: - scope: - version: -

Trust: 0.8

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.2

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:neversion:0.1.6

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:neversion:3.2.2

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:opscodemodel:chefscope:neversion:1.4.9

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.0

Trust: 0.3

vendor:opscodemodel:chefscope:eqversion:1.4.8

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.5.2

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:13.10

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:neversion:2.8.6

Trust: 0.3

vendor:aaronmodel:patterson psychscope:neversion:2.0.5

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.7.2

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:redhatmodel:common for rhel serverscope:eqversion:6

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.3

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.2

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:redhatmodel:openstackscope:eqversion:4.0

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:12.10

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.0

Trust: 0.3

vendor:aaronmodel:patterson psychscope:eqversion:2.0.4

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.0.2

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.0.1

Trust: 0.3

vendor:opscodemodel:chefscope:neversion:11.1.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.5.1

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.2

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.0.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.0.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.7.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.4

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:opscodemodel:chefscope:eqversion:11.1.2

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.9.5

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.6

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.7

Trust: 0.3

vendor:redhatmodel:openstackscope:eqversion:3.0

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.4

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.6.1

Trust: 0.3

vendor:opscodemodel:chefscope:neversion:11.0.12

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:redhatmodel:software collections for rhelscope:eqversion:160

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.0.1

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.5

Trust: 0.3

vendor:opscodemodel:chefscope:eqversion:11.0.11

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.2

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:12.10

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

sources: CERT/CC: VU#720951 // BID: 66478 // NVD: CVE-2014-0160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0160
value: HIGH

Trust: 1.0

NVD: CVE-2014-0160
value: MEDIUM

Trust: 0.8

VULMON: CVE-2014-0160
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0160
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2014-0160
severity: MEDIUM
baseScore: 5.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2014-0160
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CERT/CC: VU#720951 // VULMON: CVE-2014-0160 // NVD: CVE-2014-0160

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2014-0160

THREAT TYPE

network

Trust: 0.3

sources: BID: 66478

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 66478

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#720951 // VULMON: CVE-2014-0160

PATCH

title:The Registerurl:https://www.theregister.co.uk/2017/01/23/heartbleed_2017/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/

Trust: 0.2

title:Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e4799ab8fe4804274ba2db4d65cd867b

Trust: 0.1

title:Debian Security Advisories: DSA-2896-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=264ec318be06a69e28012f62b2dc5bb7

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2165-1

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2014-0160

Trust: 0.1

title:exploitsurl:https://github.com/vs4vijay/exploits

Trust: 0.1

title:VULNIXurl:https://github.com/El-Palomo/VULNIX

Trust: 0.1

title:openssl-heartbleed-fixurl:https://github.com/sammyfung/openssl-heartbleed-fix

Trust: 0.1

title:cve-2014-0160url:https://github.com/cved-sources/cve-2014-0160

Trust: 0.1

title:heartbleed_checkurl:https://github.com/ehoffmann-cp/heartbleed_check

Trust: 0.1

title:heartbleedurl:https://github.com/okrutnik420/heartbleed

Trust: 0.1

title:heartbleed-test.crxurl:https://github.com/iwaffles/heartbleed-test.crx

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/te

Trust: 0.1

title:AradSocketurl:https://github.com/araditc/AradSocket

Trust: 0.1

title:sslscanurl:https://github.com/kaisenlinux/sslscan

Trust: 0.1

title:Springboard_Capstone_Projecturl:https://github.com/jonahwinninghoff/Springboard_Capstone_Project

Trust: 0.1

title: - url:https://github.com/MrE-Fog/heartbleeder

Trust: 0.1

title:buffer_overflow_exploiturl:https://github.com/olivamadrigal/buffer_overflow_exploit

Trust: 0.1

title: - url:https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening

Trust: 0.1

title:insecure_projecturl:https://github.com/turtlesec-no/insecure_project

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/ssl

Trust: 0.1

title: - url:https://github.com/H4R335HR/heartbleed

Trust: 0.1

title:nmap-scriptsurl:https://github.com/takeshixx/nmap-scripts

Trust: 0.1

title:knockbleedurl:https://github.com/siddolo/knockbleed

Trust: 0.1

title:heartbleed-masstesturl:https://github.com/musalbas/heartbleed-masstest

Trust: 0.1

title:HeartBleedDotNeturl:https://github.com/ShawInnes/HeartBleedDotNet

Trust: 0.1

title:heartbleed_test_openvpnurl:https://github.com/weisslj/heartbleed_test_openvpn

Trust: 0.1

title:paraffinurl:https://github.com/vmeurisse/paraffin

Trust: 0.1

title:sslscanurl:https://github.com/rbsec/sslscan

Trust: 0.1

title:Heartbleed_Dockerfile_with_Nginxurl:https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx

Trust: 0.1

title:heartbleed-bugurl:https://github.com/cldme/heartbleed-bug

Trust: 0.1

title: - url:https://github.com/H4CK3RT3CH/awesome-web-hacking

Trust: 0.1

title:Web-Hackingurl:https://github.com/adm0i/Web-Hacking

Trust: 0.1

title:cybersecurity-ethical-hackingurl:https://github.com/paulveillard/cybersecurity-ethical-hacking

Trust: 0.1

title:Lastest-Web-Hacking-Tools-vol-Iurl:https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I

Trust: 0.1

title:HTBValentineWriteupurl:https://github.com/zimmel15/HTBValentineWriteup

Trust: 0.1

title:heartbleed-pocurl:https://github.com/sensepost/heartbleed-poc

Trust: 0.1

title:CVE-2014-0160url:https://github.com/0x90/CVE-2014-0160

Trust: 0.1

title:Certified-Ethical-Hacker-Exam-CEH-v10url:https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10

Trust: 0.1

title:cs558heartbleedurl:https://github.com/gkaptch1/cs558heartbleed

Trust: 0.1

title:HeartBleedurl:https://github.com/archaic-magnon/HeartBleed

Trust: 0.1

title: - url:https://github.com/undacmic/heartbleed-proof-of-concept

Trust: 0.1

title:openvpn-jookkurl:https://github.com/Jeypi04/openvpn-jookk

Trust: 0.1

title:Heartbleedurl:https://github.com/Saiprasad16/Heartbleed

Trust: 0.1

title: - url:https://github.com/KickFootCode/LoveYouALL

Trust: 0.1

title: - url:https://github.com/imesecan/LeakReducer-artifacts

Trust: 0.1

title: - url:https://github.com/TVernet/Kali-Tools-liste-et-description

Trust: 0.1

title: - url:https://github.com/k4u5h41/Heartbleed

Trust: 0.1

title: - url:https://github.com/ronaldogdm/Heartbleed

Trust: 0.1

title: - url:https://github.com/rochacbruno/my-awesome-stars

Trust: 0.1

title: - url:https://github.com/asadhasan73/temp_comp_sec

Trust: 0.1

title: - url:https://github.com/Aakaashzz/Heartbleed

Trust: 0.1

title:tls-channelurl:https://github.com/marianobarrios/tls-channel

Trust: 0.1

title:fuzzx_cpp_demourl:https://github.com/guardstrikelab/fuzzx_cpp_demo

Trust: 0.1

title: - url:https://github.com/Ppamo/recon_net_tools

Trust: 0.1

title:heatbleedingurl:https://github.com/idkqh7/heatbleeding

Trust: 0.1

title:HeartBleed-Vulnerability-Checkerurl:https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker

Trust: 0.1

title:heartbleedurl:https://github.com/iSCInc/heartbleed

Trust: 0.1

title:heartbleed-dtlsurl:https://github.com/hreese/heartbleed-dtls

Trust: 0.1

title:heartbleedcheckerurl:https://github.com/roganartu/heartbleedchecker

Trust: 0.1

title:nmap-heartbleedurl:https://github.com/azet/nmap-heartbleed

Trust: 0.1

title:sslscanurl:https://github.com/delishen/sslscan

Trust: 0.1

title:web-hackingurl:https://github.com/hr-beast/web-hacking

Trust: 0.1

title: - url:https://github.com/Miss-Brain/Web-Application-Security

Trust: 0.1

title:web-hackingurl:https://github.com/Hemanthraju02/web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/QWERTSKIHACK/awesome-web-hacking

Trust: 0.1

title: - url:https://github.com/himera25/web-hacking-list

Trust: 0.1

title: - url:https://github.com/dorota-fiit/bp-Heartbleed-defense-game

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/sslscan

Trust: 0.1

title:Heart-bleedurl:https://github.com/anonymouse327311/Heart-bleed

Trust: 0.1

title:goScanurl:https://github.com/stackviolator/goScan

Trust: 0.1

title:sec-tool-listurl:https://github.com/alphaSeclab/sec-tool-list

Trust: 0.1

title: - url:https://github.com/utensil/awesome-stars-test

Trust: 0.1

title:insecure-cplusplus-dojourl:https://github.com/patricia-gallardo/insecure-cplusplus-dojo

Trust: 0.1

title: - url:https://github.com/jubalh/awesome-package-maintainer

Trust: 0.1

title: - url:https://github.com/Elnatty/tryhackme_labs

Trust: 0.1

title: - url:https://github.com/hzuiw33/OpenSSL

Trust: 0.1

title:makeItBleedurl:https://github.com/mcampa/makeItBleed

Trust: 0.1

title:CVE-2014-0160-Chrome-Pluginurl:https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin

Trust: 0.1

title:heartbleedfixer.comurl:https://github.com/reenhanced/heartbleedfixer.com

Trust: 0.1

title:CVE-2014-0160-Scannerurl:https://github.com/obayesshelton/CVE-2014-0160-Scanner

Trust: 0.1

title:openmagicurl:https://github.com/isgroup-srl/openmagic

Trust: 0.1

title:heartbleederurl:https://github.com/titanous/heartbleeder

Trust: 0.1

title:cardiac-arresturl:https://github.com/ah8r/cardiac-arrest

Trust: 0.1

title:heartbleed_openvpn_pocurl:https://github.com/tam7t/heartbleed_openvpn_poc

Trust: 0.1

title:docker-wheezy-with-heartbleedurl:https://github.com/simonswine/docker-wheezy-with-heartbleed

Trust: 0.1

title:docker-testsslurl:https://github.com/mbentley/docker-testssl

Trust: 0.1

title:heartbleedscannerurl:https://github.com/hybridus/heartbleedscanner

Trust: 0.1

title:HeartLeakurl:https://github.com/OffensivePython/HeartLeak

Trust: 0.1

title:HBLurl:https://github.com/ssc-oscar/HBL

Trust: 0.1

title:awesome-starsurl:https://github.com/utensil/awesome-stars

Trust: 0.1

title:SecurityTesting_web-hackingurl:https://github.com/mostakimur/SecurityTesting_web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/winterwolf32/awesome-web-hacking

Trust: 0.1

title:awesome-web-hacking-1url:https://github.com/winterwolf32/awesome-web-hacking-1

Trust: 0.1

title: - url:https://github.com/Mehedi-Babu/ethical_hacking_cyber

Trust: 0.1

title: - url:https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/thanshurc/awesome-web-hacking

Trust: 0.1

title:hackurl:https://github.com/nvnpsplt/hack

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/noname1007/awesome-web-hacking

Trust: 0.1

title: - url:https://github.com/ImranTheThirdEye/awesome-web-hacking

Trust: 0.1

title:web-hackingurl:https://github.com/Ondrik8/web-hacking

Trust: 0.1

title:CheckSSL-ciphersuiteurl:https://github.com/kal1gh0st/CheckSSL-ciphersuite

Trust: 0.1

title: - url:https://github.com/undacmic/HeartBleed-Demo

Trust: 0.1

title: - url:https://github.com/MrE-Fog/ssl-heartbleed.nse

Trust: 0.1

title:welivesecurityurl:https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/

Trust: 0.1

title:Threatposturl:https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/

Trust: 0.1

sources: VULMON: CVE-2014-0160

EXTERNAL IDS

db:NVDid:CVE-2014-0160

Trust: 3.7

db:EXPLOIT-DBid:32745

Trust: 1.9

db:CERT/CCid:VU#720951

Trust: 1.9

db:SECUNIAid:57721

Trust: 1.1

db:SECUNIAid:59243

Trust: 1.1

db:SECUNIAid:57836

Trust: 1.1

db:SECUNIAid:57968

Trust: 1.1

db:SECUNIAid:59347

Trust: 1.1

db:SECUNIAid:57966

Trust: 1.1

db:SECUNIAid:57483

Trust: 1.1

db:SECUNIAid:57347

Trust: 1.1

db:SECUNIAid:59139

Trust: 1.1

db:SECTRACKid:1030079

Trust: 1.1

db:SECTRACKid:1030074

Trust: 1.1

db:SECTRACKid:1030081

Trust: 1.1

db:SECTRACKid:1030080

Trust: 1.1

db:SECTRACKid:1030026

Trust: 1.1

db:SECTRACKid:1030077

Trust: 1.1

db:SECTRACKid:1030082

Trust: 1.1

db:SECTRACKid:1030078

Trust: 1.1

db:BIDid:66690

Trust: 1.1

db:EXPLOIT-DBid:32764

Trust: 1.1

db:USCERTid:TA14-098A

Trust: 1.1

db:SIEMENSid:SSA-635659

Trust: 1.1

db:OCERTid:OCERT-2014-003

Trust: 0.3

db:BIDid:66478

Trust: 0.3

db:ICS CERTid:ICSA-14-135-02

Trust: 0.1

db:VULMONid:CVE-2014-0160

Trust: 0.1

db:PACKETSTORMid:126452

Trust: 0.1

db:PACKETSTORMid:126280

Trust: 0.1

db:PACKETSTORMid:126421

Trust: 0.1

db:PACKETSTORMid:127749

Trust: 0.1

db:PACKETSTORMid:126647

Trust: 0.1

db:PACKETSTORMid:126465

Trust: 0.1

db:PACKETSTORMid:126325

Trust: 0.1

db:PACKETSTORMid:126563

Trust: 0.1

db:PACKETSTORMid:126162

Trust: 0.1

db:PACKETSTORMid:131044

Trust: 0.1

db:PACKETSTORMid:126461

Trust: 0.1

db:PACKETSTORMid:126581

Trust: 0.1

db:PACKETSTORMid:127279

Trust: 0.1

db:PACKETSTORMid:126451

Trust: 0.1

db:PACKETSTORMid:127069

Trust: 0.1

sources: CERT/CC: VU#720951 // VULMON: CVE-2014-0160 // BID: 66478 // PACKETSTORM: 126452 // PACKETSTORM: 126280 // PACKETSTORM: 126421 // PACKETSTORM: 127749 // PACKETSTORM: 126647 // PACKETSTORM: 126465 // PACKETSTORM: 126325 // PACKETSTORM: 126563 // PACKETSTORM: 126162 // PACKETSTORM: 131044 // PACKETSTORM: 126461 // PACKETSTORM: 126581 // PACKETSTORM: 127279 // PACKETSTORM: 126451 // PACKETSTORM: 127069 // NVD: CVE-2014-0160

REFERENCES

url:http://rhn.redhat.com/errata/rhsa-2014-0376.html

Trust: 2.7

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed

Trust: 2.0

url:http://heartbleed.com/

Trust: 1.9

url:http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

Trust: 1.9

url:https://www.cert.fi/en/reports/2014/vulnerability788210.html

Trust: 1.9

url:https://code.google.com/p/mod-spdy/issues/detail?id=85

Trust: 1.9

url:https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Trust: 1.9

url:http://www.debian.org/security/2014/dsa-2896

Trust: 1.9

url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

Trust: 1.9

url:http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2014-0160

Trust: 1.5

url:http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

Trust: 1.4

url:http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Trust: 1.4

url:http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Trust: 1.4

url:http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

Trust: 1.4

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 1.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 1.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=1084875

Trust: 1.1

url:http://www.openssl.org/news/secadv_20140407.txt

Trust: 1.1

url:http://www.securitytracker.com/id/1030078

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/109

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/190

Trust: 1.1

url:https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0396.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030082

Trust: 1.1

url:http://secunia.com/advisories/57347

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139722163017074&w=2

Trust: 1.1

url:http://www.securitytracker.com/id/1030077

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670161

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0377.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030080

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030074

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/90

Trust: 1.1

url:http://www.securitytracker.com/id/1030081

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0378.html

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/91

Trust: 1.1

url:http://secunia.com/advisories/57483

Trust: 1.1

url:http://www.splunk.com/view/sp-caaamb3

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030079

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

Trust: 1.1

url:http://secunia.com/advisories/57721

Trust: 1.1

url:http://www.blackberry.com/btsc/kb35882

Trust: 1.1

url:http://www.securitytracker.com/id/1030026

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

Trust: 1.1

url:http://www.securityfocus.com/bid/66690

Trust: 1.1

url:http://www.us-cert.gov/ncas/alerts/ta14-098a

Trust: 1.1

url:http://secunia.com/advisories/57966

Trust: 1.1

url:http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/173

Trust: 1.1

url:http://secunia.com/advisories/57968

Trust: 1.1

url:http://www.exploit-db.com/exploits/32745

Trust: 1.1

url:http://www.kb.cert.org/vuls/id/720951

Trust: 1.1

url:http://www.exploit-db.com/exploits/32764

Trust: 1.1

url:http://secunia.com/advisories/57836

Trust: 1.1

url:https://gist.github.com/chapmajs/10473815

Trust: 1.1

url:http://cogentdatahub.com/releasenotes.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905458328378&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139869891830365&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139889113431619&w=2

Trust: 1.1

url:http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1

Trust: 1.1

url:http://www.kerio.com/support/kerio-control/release-history

Trust: 1.1

url:http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3

Trust: 1.1

url:http://advisories.mageia.org/mgasa-2014-0165.html

Trust: 1.1

url:https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result&javax.portlet.begcachetok=com.vignette.cachetoken&javax.portlet.endcachetok=com.vignette.cachetoken

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Trust: 1.1

url:https://filezilla-project.org/versions.php?type=server

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141287864628122&w=2

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/dec/23

Trust: 1.1

url:http://www.vmware.com/security/advisories/vmsa-2014-0012.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142660345230545&w=2

Trust: 1.1

url:http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:062

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817727317190&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757726426985&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139758572430452&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905653828999&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139842151128341&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905405728262&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139833395230364&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139824993005633&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139843768401936&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905202427693&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139774054614965&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139889295732144&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139835815211508&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140724451518351&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139808058921905&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139836085512508&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139869720529462&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905868529690&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139765756720506&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140015787404650&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139824923705461&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757919027752&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139774703817488&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905243827825&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140075368411126&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905295427946&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139835844111589&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757819327350&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817685517037&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905351928096&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817782017443&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140752315422991&w=2

Trust: 1.1

url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661

Trust: 1.1

url:http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf

Trust: 1.1

url:http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf

Trust: 1.1

url:http://secunia.com/advisories/59347

Trust: 1.1

url:http://secunia.com/advisories/59243

Trust: 1.1

url:http://secunia.com/advisories/59139

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html

Trust: 1.1

url:http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01

Trust: 1.1

url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Trust: 1.1

url:http://support.citrix.com/article/ctx140605

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-2165-1

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

Trust: 1.1

url:http://www.securityfocus.com/archive/1/534161/100/0/threaded

Trust: 1.1

url:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

Trust: 1.1

url:https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

Trust: 1.1

url:https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

Trust: 1.1

url:http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

Trust: 1.1

url:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 1.1

url:http://seclists.org/oss-sec/2014/q2/22

Trust: 0.8

url:http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902

Trust: 0.8

url:https://tools.ietf.org/html/rfc6520

Trust: 0.8

url:http://www.openssl.org/news/openssl-1.0.1-notes.html

Trust: 0.8

url:http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts-

Trust: 0.8

url:http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

Trust: 0.8

url:http://xkcd.com/1354/

Trust: 0.8

url:http://www.exploit-db.com/exploits/32745/

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2014-0160

Trust: 0.8

url:http://www.ubuntu.com/usn/usn-2165-1/

Trust: 0.8

url:http://www.freshports.org/security/openssl/

Trust: 0.8

url:http://kb.bluecoat.com/index?page=content&id=sa79

Trust: 0.8

url:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=

Trust: 0.8

url:http://learn.extremenetworks.com/rs/extreme/images/cert_vu%23720951_vulnerability_advisory_04_11_2014v2.pdf

Trust: 0.8

url:http://www.fortiguard.com/advisory/fg-ir-14-011/

Trust: 0.8

url:http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc

Trust: 0.8

url:http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml

Trust: 0.8

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04239375

Trust: 0.8

url:http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html

Trust: 0.8

url:http://www-01.ibm.com/support/docview.wss?&uid=swg21669774

Trust: 0.8

url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00037&languageid=en-fr

Trust: 0.8

url:https://kb.juniper.net/jsa10623

Trust: 0.8

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10071

Trust: 0.8

url:http://mail-index.netbsd.org/security-announce/2014/04/08/msg000085.html

Trust: 0.8

url:http://ftp.openbsd.org/pub/openbsd/patches/5.3/common/014_openssl.patch

Trust: 0.8

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622

Trust: 0.8

url:http://kb.vmware.com/kb/2076225

Trust: 0.8

url:https://support.windriver.com/

Trust: 0.8

url:http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx

Trust: 0.8

url:https://forum.peplink.com/threads/3062-special-notice-on-openssl-heartbleed-vulnerability

Trust: 0.8

url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk100173

Trust: 0.8

url:http://jpn.nec.com/security-info/av14-001.html

Trust: 0.8

url:http://www.ocert.org/advisories/ocert-2014-003.html

Trust: 0.3

url:https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048

Trust: 0.3

url:https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/

Trust: 0.3

url:http://pyyaml.org/wiki/libyaml

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2014-0353.html

Trust: 0.3

url:http://puppetlabs.com/security/cve/cve-2014-2525

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2014-0354.html

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2014-0355.html

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n

Trust: 0.3

url:http://support.openview.hp.com/downloads.jsp

Trust: 0.3

url:http://www8.h

Trust: 0.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160

Trust: 0.2

url:http://www.mandriva.com/en/support/security/

Trust: 0.2

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:http://seclists.org/fulldisclosure/2019/jan/42

Trust: 0.1

url:https://www.debian.org/security/./dsa-2896

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/

Trust: 0.1

url:https://ics-cert.us-cert.gov/advisories/icsa-14-135-02

Trust: 0.1

url:https://usn.ubuntu.com/2165-1/

Trust: 0.1

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-tcte

Trust: 0.1

url:http://gpgtools.org

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/p

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00556

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km00843525

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00560

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00557

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00559

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/lid/hpsm_00558

Trust: 0.1

url:http://www8.hp.com/us/en/software-so

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0287

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0076

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0198

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0289

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204

Trust: 0.1

url:http://openssl.org/news/secadv_20150319.txt

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-5298

Trust: 0.1

url:http://openssl.org/news/secadv_20150108.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0204

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0293

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3570

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8275

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3569

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0206

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km00880036

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km00879992

Trust: 0.1

url:http://www.hp.com/support/eslg3

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetai

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7295

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-7295

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0059.html

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0256.html

Trust: 0.1

sources: CERT/CC: VU#720951 // VULMON: CVE-2014-0160 // BID: 66478 // PACKETSTORM: 126452 // PACKETSTORM: 126280 // PACKETSTORM: 126421 // PACKETSTORM: 127749 // PACKETSTORM: 126647 // PACKETSTORM: 126465 // PACKETSTORM: 126325 // PACKETSTORM: 126563 // PACKETSTORM: 126162 // PACKETSTORM: 131044 // PACKETSTORM: 126461 // PACKETSTORM: 126581 // PACKETSTORM: 127279 // PACKETSTORM: 126451 // PACKETSTORM: 127069 // NVD: CVE-2014-0160

CREDITS

HP

Trust: 1.2

sources: PACKETSTORM: 126452 // PACKETSTORM: 126280 // PACKETSTORM: 127749 // PACKETSTORM: 126647 // PACKETSTORM: 126465 // PACKETSTORM: 126325 // PACKETSTORM: 126563 // PACKETSTORM: 126162 // PACKETSTORM: 126461 // PACKETSTORM: 126581 // PACKETSTORM: 127279 // PACKETSTORM: 126451

SOURCES

db:CERT/CCid:VU#720951
db:VULMONid:CVE-2014-0160
db:BIDid:66478
db:PACKETSTORMid:126452
db:PACKETSTORMid:126280
db:PACKETSTORMid:126421
db:PACKETSTORMid:127749
db:PACKETSTORMid:126647
db:PACKETSTORMid:126465
db:PACKETSTORMid:126325
db:PACKETSTORMid:126563
db:PACKETSTORMid:126162
db:PACKETSTORMid:131044
db:PACKETSTORMid:126461
db:PACKETSTORMid:126581
db:PACKETSTORMid:127279
db:PACKETSTORMid:126451
db:PACKETSTORMid:127069
db:NVDid:CVE-2014-0160

LAST UPDATE DATE

2024-12-21T22:40:35.884000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#720951date:2016-05-13T00:00:00
db:VULMONid:CVE-2014-0160date:2023-11-07T00:00:00
db:BIDid:66478date:2017-05-02T04:07:00
db:NVDid:CVE-2014-0160date:2024-11-21T02:01:30.317

SOURCES RELEASE DATE

db:CERT/CCid:VU#720951date:2014-04-08T00:00:00
db:VULMONid:CVE-2014-0160date:2014-04-07T00:00:00
db:BIDid:66478date:2014-03-26T00:00:00
db:PACKETSTORMid:126452date:2014-05-03T02:05:11
db:PACKETSTORMid:126280date:2014-04-23T21:23:59
db:PACKETSTORMid:126421date:2014-05-01T02:20:18
db:PACKETSTORMid:127749date:2014-08-05T21:06:31
db:PACKETSTORMid:126647date:2014-05-16T04:43:57
db:PACKETSTORMid:126465date:2014-05-03T17:55:00
db:PACKETSTORMid:126325date:2014-04-25T17:53:00
db:PACKETSTORMid:126563date:2014-05-09T17:31:25
db:PACKETSTORMid:126162date:2014-04-15T23:01:03
db:PACKETSTORMid:131044date:2015-03-27T20:42:44
db:PACKETSTORMid:126461date:2014-05-03T02:17:58
db:PACKETSTORMid:126581date:2014-05-10T13:13:00
db:PACKETSTORMid:127279date:2014-06-30T23:47:20
db:PACKETSTORMid:126451date:2014-05-02T23:55:55
db:PACKETSTORMid:127069date:2014-06-12T13:43:49
db:NVDid:CVE-2014-0160date:2014-04-07T22:55:03.893