Details of VAR-201404-0592

ID

VAR-201404-0592

CVE

CVE-2014-0160

TITLE

OpenSSL of heartbeat Information disclosure vulnerability in expansion

Trust: 0.8

sources: JVNDB: JVNDB-2014-001920

DESCRIPTION

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL of heartbeat An information disclosure vulnerability exists in the implementation of the extension. TLS And DTLS In communication OpenSSL The memory contents of the process executing this code may be leaked to the communication partner.An important information such as a private key may be obtained by a remote third party. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 7 HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-11 Last Updated: 2014-05-14 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. References: CVE-2014-0160 (SSRT101499) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes HP Service Manager v9.32, v9.33 Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04248997 HP Asset Manager v9.40, v9.40 CSC Security Bulletin HPSBMU03018: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260505 HP UCMDB Browser v1.x, v2.x, v3.x Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353 note: APR enabled on Tomcat includes an affected OpenSSL version HP UCMDB Configuration Manager v9.1x, v9.2x, v9.3x, v10.01, v10.10 Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353 HP CIT (ConnectIT) v9.52, v9.53 Security bulletin HPSBMU03017: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260456 HP Executive Scorecard v9.40, v9.41 HP Server Automation v10.00, v10.01 Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04250814 HP Diagnostics v9.23, v9.23 IP1 Security bulletin HPSBMU03025 : https://h20564.www2.hp.com/portal/site/hpsc/ public/kb/docDisplay?docId=emr_na-c04267775 HP Business Process Monitor v.9.23, v.9.24 HP LoadRunner v11.52, v12.0 Security bulletin HPSBMU03040: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay?docId=emr_na-c04286049 HP Performance Center v11.52, v12.0 Security bulletin HPSBMU03040: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay?docId=emr_na-c04286049 HP Autonomy WorkSite Server v9.0 SP1 (on-premises software) Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04239374 Impacted Versions table BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Version:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server as impacted. Added security bulletin pointers for Service Manager, Server Automation and Worksite Server Version:4 (rev.4) - 18 April 2014 Changed impacted version list for UCMDB Browser Version:5 (rev.5) - 23 April 2014 Added security bulletins pointers for HP Asset Manager, HP UCMDB Browser, HP UCMDB Configuration Manager and HP CIT (ConnectIT) Version:6 (rev.6) - 28 April 2014 Added security bulletin link for HP Diagnostics, added HP Business Process Monitor to the product list Version:7 (rev.7) - 14 May 2014 Added links to patches for LoadRunner and Performance Center Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlN0pmwACgkQ4B86/C0qfVm6pgCg9x7C/VRD+qhhR5HrGHNeHbYS JdoAn3DM0TJiQM9mg3xB6nU3rrWkFq1E =F8zW -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged network position may obtain memory contents Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue. CVE-ID CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta of Google Security Installation note for Firmware version 7.7.3 Firmware version 7.7.3 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS. Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.7.3. AirPort Utility for Mac is a free download from http://www.apple.com/support/downloads/ and AirPort Utility for iOS is a free download from the App Store. This bulletin will be revised when the software updates are released. Until the software updates are available, HP recommends restricting administrative access to the MSA on a secure and isolated private management network. https://w orksitesupport.autonomy.com/worksite/Scripts/GetDoc.aspx?latest=0%26nrtid=!nr tdms:0:!session:10.253.1.101:!database:SUPPORT:!document:1351832,1 Note: after applying the update, HP recommends these additional steps to assure the vulnerability is addressed. NOTE: No patch will be available for HP 3PAR OS 3.1.2 GA. HP recommends that customers with arrays running HP 3PAR OS 3.1.2 GA should upgrade to the latest available MU or HP 3PAR OS 3.1.3 P01. HP 3PAR OS Version Available patch HP 3PAR OS 3.1.3 P01 HP 3PAR OS 3.1.2 MU1, MU2, and MU3 P39 HP can perform the upgrade. Contact the HP global deployment center at 3par-sps@hp.com. Please include the HP 3PAR StoreServ Storage system serial number in the subject line. The email service is available 24 hours a day, 7 days a week. A support case can be opened to request the upgrade, but the email service is recommended. No controller node reboot is required for the patch, when staying with the same OS version. HISTORY Version:1 (rev.1) - 22 April 2014 Initial release Version:2 (rev.2) - 23 April 2014 Added recommendation for use of 3PAR OS Management Tools. No user action is required to install them

Trust: 2.52

sources: NVD: CVE-2014-0160 // JVNDB: JVNDB-2014-001920 // VULMON: CVE-2014-0160 // PACKETSTORM: 126954 // PACKETSTORM: 126647 // PACKETSTORM: 126285 // PACKETSTORM: 126458 // PACKETSTORM: 126208 // PACKETSTORM: 126186 // PACKETSTORM: 126581 // PACKETSTORM: 127085 // PACKETSTORM: 126784

AFFECTED PRODUCTS

vendor:	mitel	model:	mivoice	scope:	eq	version:	1.3.2.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	20	Trust: 1.0
vendor:	intellian	model:	v60	scope:	eq	version:	1.15	Trust: 1.0
vendor:	ricon	model:	s9922l	scope:	eq	version:	16.10.3\(3794\)	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.1.2.5	Trust: 1.0
vendor:	redhat	model:	gluster storage	scope:	eq	version:	2.1	Trust: 1.0
vendor:	siemens	model:	application processing engine	scope:	eq	version:	2.0	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.24	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.1g	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500	scope:	eq	version:	1.5	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	splunk	model:	splunk	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	19	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.10	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.1.3.3	Trust: 1.0
vendor:	broadcom	model:	symantec messaging gateway	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	redhat	model:	virtualization	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.0.1	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.20	Trust: 1.0
vendor:	intellian	model:	v60	scope:	eq	version:	1.25	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	13.10	Trust: 1.0
vendor:	siemens	model:	cp 1543-1	scope:	eq	version:	1.1	Trust: 1.0
vendor:	siemens	model:	wincc open architecture	scope:	eq	version:	3.12	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.3.0.104	Trust: 1.0
vendor:	splunk	model:	splunk	scope:	lt	version:	6.0.3	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.2.0.11	Trust: 1.0
vendor:	siemens	model:	elan-8.2	scope:	lt	version:	8.3.3	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	storage	scope:	eq	version:	2.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	filezilla	model:	server	scope:	lt	version:	0.9.44	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.1	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500t	scope:	eq	version:	1.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.4.0.102	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.21	Trust: 1.0
vendor:	broadcom	model:	symantec messaging gateway	scope:	eq	version:	10.6.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.3	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	10.0	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	lte	version:	1.0.1 from 1.0.1f	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4 for x86	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4 for x86_64	Trust: 0.8
vendor:	cybozu	model:	office	scope:	lt	version:	10.1.0	Trust: 0.8
vendor:	cybozu	model:	mailwise	scope:	lt	version:	5.1.4	Trust: 0.8
vendor:	hewlett packard	model:	hp tippingpoint	scope:	eq	version:	ngfw 1.0.1	Trust: 0.8
vendor:	hewlett packard	model:	hp tippingpoint	scope:	eq	version:	ngfw 1.0.2	Trust: 0.8
vendor:	hewlett packard	model:	hp tippingpoint	scope:	eq	version:	ngfw 1.0.3	Trust: 0.8
vendor:	hewlett packard	model:	hp tippingpoint	scope:	eq	version:	ngfw 1.1.0_4127	Trust: 0.8

sources: JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0160
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2014-0160
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2014-001920
value:	MEDIUM
Trust: 0.8
VULMON:	CVE-2014-0160
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0160
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
IPA:	JVNDB-2014-001920
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2014-0160
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULMON: CVE-2014-0160 // JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160 // NVD: CVE-2014-0160

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 126186

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001920

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-0160

PATCH

title:	Apache Tomcat - Apache Tomcat APR/native Connector vulnerabilities	url:	http://tomcat.apache.org/security-native.html	Trust: 0.8
title:	Security/Heartbleed - Tomcat Wiki	url:	http://wiki.apache.org/tomcat/Security/Heartbleed	Trust: 0.8
title:	ミラクル・リナックス株式会社の告知ページ	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3566&sType=&sProduct=&published=1	Trust: 0.8
title:	BlackBerry response to OpenSSL “Heartbleed” vulnerability	url:	http://www.blackberry.com/btsc/KB35882	Trust: 0.8
title:	Enterprise Chef 1.4.9 Release	url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/	Trust: 0.8
title:	Chef Server Heartbleed (CVE-2014-0160) Releases	url:	http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/	Trust: 0.8
title:	Chef Server 11.0.12 Release	url:	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/	Trust: 0.8
title:	Enterprise Chef 11.1.3 Release	url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/	Trust: 0.8
title:	cisco-sa-20140409-heartbleed	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed	Trust: 0.8
title:	Release Notes	url:	http://cogentdatahub.com/ReleaseNotes.html	Trust: 0.8
title:	FSC-2014-1: Notice on OpenSSL 'Heartbleed' Vulnerability	url:	http://www.f-secure.com/en/web/labs_global/fsc-2014-1	Trust: 0.8
title:	SOL15159: OpenSSL vulnerability CVE-2014-0160	url:	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217	Trust: 0.8
title:	Version history	url:	https://filezilla-project.org/versions.php?type=server	Trust: 0.8
title:	OpenSSL multiple vulnerabilities	url:	http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc	Trust: 0.8
title:	HPSBHF03136 SSRT101726	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475466	Trust: 0.8
title:	HPSBMU03022 SSRT101527	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04263236	Trust: 0.8
title:	HPSBMU03024 SSRT101538	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04267749	Trust: 0.8
title:	HPSBST03000 SSRT101513	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04260637	Trust: 0.8
title:	HPSBMU03033 SSRT101550	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04272892	Trust: 0.8
title:	HPSBHF03293 SSRT101846	url:	http://h20566.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595951&lang=en&cc=us	Trust: 0.8
title:	HPSBMU02995 SSRT101499	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04236102	Trust: 0.8
title:	HPSBMU03009 SSRT101520	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04249113	Trust: 0.8
title:	OpenSSL Heartbleed (CVE-2014-0160)	url:	https://www-304.ibm.com/connections/blogs/PSIRT/entry/openssl_heartbleed_cve_2014_0160?lang=en_us	Trust: 0.8
title:	1670161	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670161	Trust: 0.8
title:	00001841	url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001841	Trust: 0.8
title:	00001843	url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001843	Trust: 0.8
title:	1672507	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21672507	Trust: 0.8
title:	アライドテレシス株式会社からの情報	url:	http://jvn.jp/vu/JVNVU94401838/522154/index.html	Trust: 0.8
title:	Kerio Control Release History	url:	http://www.kerio.com/support/kerio-control/release-history	Trust: 0.8
title:	AV14-001	url:	http://jpn.nec.com/security-info/av14-001.html	Trust: 0.8
title:	Add heartbeat extension bounds check.	url:	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3	Trust: 0.8
title:	OpenSSL Security Advisory [07 Apr 2014] - TLS heartbeat read overrun (CVE-2014-0160)	url:	http://www.openssl.org/news/secadv_20140407.txt	Trust: 0.8
title:	OpenSSL Security Bug - Heartbleed / CVE-2014-0160	url:	http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html	Trust: 0.8
title:	Oracle Security Alert for CVE-2014-0160	url:	http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2014	url:	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Trust: 0.8
title:	Bug 1084875	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1084875	Trust: 0.8
title:	RHSA-2014:0377	url:	http://rhn.redhat.com/errata/RHSA-2014-0377.html	Trust: 0.8
title:	RHSA-2014:0378	url:	http://rhn.redhat.com/errata/RHSA-2014-0378.html	Trust: 0.8
title:	RHSA-2014:0376	url:	http://rhn.redhat.com/errata/RHSA-2014-0376.html	Trust: 0.8
title:	RHSA-2014:0396	url:	http://rhn.redhat.com/errata/RHSA-2014-0396.html	Trust: 0.8
title:	Multiple vulnerabilities in OpenSSL	url:	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5	Trust: 0.8
title:	Vulnerabilities resolved in TRITON APX Version 8.0	url:	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	Trust: 0.8
title:	Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014	url:	http://www.splunk.com/view/SP-CAAAMB3	Trust: 0.8
title:	日本マイクロソフト株式会社の告知ページ	url:	http://blogs.technet.com/b/jpsecurity/archive/2014/04/11/microsoft-services-unaffected-by-openssl-quot-heartbleed-quot-vulnerability.aspx	Trust: 0.8
title:	UIS-2014-1	url:	http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1	Trust: 0.8
title:	UIS-2014-3	url:	http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3	Trust: 0.8
title:	VMSA-2014-0012	url:	http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Trust: 0.8
title:	OpenSSLの脆弱性に伴う弊社製品への影響について	url:	https://cs.cybozu.co.jp/2014/001064.html	Trust: 0.8
title:	株式会社インターネットイニシアティブの告知ページ	url:	http://www.seil.jp/support/security/140409.html	Trust: 0.8
title:	cisco-sa-20140409-heartbleed	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122496_ERP-Heartbleed-j.html	Trust: 0.8
title:	アラート/アドバイザリ: OpenSSL Heartbleed の脆弱性(CVE-2014-0160)について	url:	http://esupport.trendmicro.com/solution/ja-jp/1103090.aspx	Trust: 0.8
title:	HIRT-PUB14005：日立製品における OpenSSL 情報漏えいを許してしまう脆弱性(CVE-2014-0160) への対応について	url:	http://www.hitachi.co.jp/hirt/publications/hirt-pub14005/index.html	Trust: 0.8
title:	Systemwalker Desktop Patrol: OpenSSL の heartbeat 拡張に情報漏えいの脆弱性(CVE-2014-0160) (2014年5月8日)	url:	http://software.fujitsu.com/jp/security/products-fujitsu/solution/systemwalker_dtp201401.html	Trust: 0.8
title:	TA14-098A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta14-098a.html	Trust: 0.8
title:	The Register	url:	https://www.theregister.co.uk/2017/01/23/heartbleed_2017/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/	Trust: 0.2
title:	Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e4799ab8fe4804274ba2db4d65cd867b	Trust: 0.1
title:	Debian Security Advisories: DSA-2896-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=264ec318be06a69e28012f62b2dc5bb7	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2165-1	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2014-0160	Trust: 0.1
title:	exploits	url:	https://github.com/vs4vijay/exploits	Trust: 0.1
title:	VULNIX	url:	https://github.com/El-Palomo/VULNIX	Trust: 0.1
title:	openssl-heartbleed-fix	url:	https://github.com/sammyfung/openssl-heartbleed-fix	Trust: 0.1
title:	cve-2014-0160	url:	https://github.com/cved-sources/cve-2014-0160	Trust: 0.1
title:	heartbleed_check	url:	https://github.com/ehoffmann-cp/heartbleed_check	Trust: 0.1
title:	heartbleed	url:	https://github.com/okrutnik420/heartbleed	Trust: 0.1
title:	heartbleed-test.crx	url:	https://github.com/iwaffles/heartbleed-test.crx	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/te	Trust: 0.1
title:	AradSocket	url:	https://github.com/araditc/AradSocket	Trust: 0.1
title:	sslscan	url:	https://github.com/kaisenlinux/sslscan	Trust: 0.1
title:	Springboard_Capstone_Project	url:	https://github.com/jonahwinninghoff/Springboard_Capstone_Project	Trust: 0.1
title:	-	url:	https://github.com/MrE-Fog/heartbleeder	Trust: 0.1
title:	buffer_overflow_exploit	url:	https://github.com/olivamadrigal/buffer_overflow_exploit	Trust: 0.1
title:	-	url:	https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening	Trust: 0.1
title:	insecure_project	url:	https://github.com/turtlesec-no/insecure_project	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/ssl	Trust: 0.1
title:	-	url:	https://github.com/H4R335HR/heartbleed	Trust: 0.1
title:	nmap-scripts	url:	https://github.com/takeshixx/nmap-scripts	Trust: 0.1
title:	knockbleed	url:	https://github.com/siddolo/knockbleed	Trust: 0.1
title:	heartbleed-masstest	url:	https://github.com/musalbas/heartbleed-masstest	Trust: 0.1
title:	HeartBleedDotNet	url:	https://github.com/ShawInnes/HeartBleedDotNet	Trust: 0.1
title:	heartbleed_test_openvpn	url:	https://github.com/weisslj/heartbleed_test_openvpn	Trust: 0.1
title:	paraffin	url:	https://github.com/vmeurisse/paraffin	Trust: 0.1
title:	sslscan	url:	https://github.com/rbsec/sslscan	Trust: 0.1
title:	Heartbleed_Dockerfile_with_Nginx	url:	https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx	Trust: 0.1
title:	heartbleed-bug	url:	https://github.com/cldme/heartbleed-bug	Trust: 0.1
title:	-	url:	https://github.com/H4CK3RT3CH/awesome-web-hacking	Trust: 0.1
title:	Web-Hacking	url:	https://github.com/adm0i/Web-Hacking	Trust: 0.1
title:	cybersecurity-ethical-hacking	url:	https://github.com/paulveillard/cybersecurity-ethical-hacking	Trust: 0.1
title:	Lastest-Web-Hacking-Tools-vol-I	url:	https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I	Trust: 0.1
title:	HTBValentineWriteup	url:	https://github.com/zimmel15/HTBValentineWriteup	Trust: 0.1
title:	heartbleed-poc	url:	https://github.com/sensepost/heartbleed-poc	Trust: 0.1
title:	CVE-2014-0160	url:	https://github.com/0x90/CVE-2014-0160	Trust: 0.1
title:	Certified-Ethical-Hacker-Exam-CEH-v10	url:	https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10	Trust: 0.1
title:	cs558heartbleed	url:	https://github.com/gkaptch1/cs558heartbleed	Trust: 0.1
title:	HeartBleed	url:	https://github.com/archaic-magnon/HeartBleed	Trust: 0.1
title:	-	url:	https://github.com/undacmic/heartbleed-proof-of-concept	Trust: 0.1
title:	openvpn-jookk	url:	https://github.com/Jeypi04/openvpn-jookk	Trust: 0.1
title:	Heartbleed	url:	https://github.com/Saiprasad16/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/KickFootCode/LoveYouALL	Trust: 0.1
title:	-	url:	https://github.com/imesecan/LeakReducer-artifacts	Trust: 0.1
title:	-	url:	https://github.com/TVernet/Kali-Tools-liste-et-description	Trust: 0.1
title:	-	url:	https://github.com/k4u5h41/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/ronaldogdm/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/rochacbruno/my-awesome-stars	Trust: 0.1
title:	-	url:	https://github.com/asadhasan73/temp_comp_sec	Trust: 0.1
title:	-	url:	https://github.com/Aakaashzz/Heartbleed	Trust: 0.1
title:	tls-channel	url:	https://github.com/marianobarrios/tls-channel	Trust: 0.1
title:	fuzzx_cpp_demo	url:	https://github.com/guardstrikelab/fuzzx_cpp_demo	Trust: 0.1
title:	-	url:	https://github.com/Ppamo/recon_net_tools	Trust: 0.1
title:	heatbleeding	url:	https://github.com/idkqh7/heatbleeding	Trust: 0.1
title:	HeartBleed-Vulnerability-Checker	url:	https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker	Trust: 0.1
title:	heartbleed	url:	https://github.com/iSCInc/heartbleed	Trust: 0.1
title:	heartbleed-dtls	url:	https://github.com/hreese/heartbleed-dtls	Trust: 0.1
title:	heartbleedchecker	url:	https://github.com/roganartu/heartbleedchecker	Trust: 0.1
title:	nmap-heartbleed	url:	https://github.com/azet/nmap-heartbleed	Trust: 0.1
title:	sslscan	url:	https://github.com/delishen/sslscan	Trust: 0.1
title:	web-hacking	url:	https://github.com/hr-beast/web-hacking	Trust: 0.1
title:	-	url:	https://github.com/Miss-Brain/Web-Application-Security	Trust: 0.1
title:	web-hacking	url:	https://github.com/Hemanthraju02/web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/QWERTSKIHACK/awesome-web-hacking	Trust: 0.1
title:	-	url:	https://github.com/himera25/web-hacking-list	Trust: 0.1
title:	-	url:	https://github.com/dorota-fiit/bp-Heartbleed-defense-game	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/sslscan	Trust: 0.1
title:	Heart-bleed	url:	https://github.com/anonymouse327311/Heart-bleed	Trust: 0.1
title:	goScan	url:	https://github.com/stackviolator/goScan	Trust: 0.1
title:	sec-tool-list	url:	https://github.com/alphaSeclab/sec-tool-list	Trust: 0.1
title:	-	url:	https://github.com/utensil/awesome-stars-test	Trust: 0.1
title:	insecure-cplusplus-dojo	url:	https://github.com/patricia-gallardo/insecure-cplusplus-dojo	Trust: 0.1
title:	-	url:	https://github.com/jubalh/awesome-package-maintainer	Trust: 0.1
title:	-	url:	https://github.com/Elnatty/tryhackme_labs	Trust: 0.1
title:	-	url:	https://github.com/hzuiw33/OpenSSL	Trust: 0.1
title:	makeItBleed	url:	https://github.com/mcampa/makeItBleed	Trust: 0.1
title:	CVE-2014-0160-Chrome-Plugin	url:	https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin	Trust: 0.1
title:	heartbleedfixer.com	url:	https://github.com/reenhanced/heartbleedfixer.com	Trust: 0.1
title:	CVE-2014-0160-Scanner	url:	https://github.com/obayesshelton/CVE-2014-0160-Scanner	Trust: 0.1
title:	openmagic	url:	https://github.com/isgroup-srl/openmagic	Trust: 0.1
title:	heartbleeder	url:	https://github.com/titanous/heartbleeder	Trust: 0.1
title:	cardiac-arrest	url:	https://github.com/ah8r/cardiac-arrest	Trust: 0.1
title:	heartbleed_openvpn_poc	url:	https://github.com/tam7t/heartbleed_openvpn_poc	Trust: 0.1
title:	docker-wheezy-with-heartbleed	url:	https://github.com/simonswine/docker-wheezy-with-heartbleed	Trust: 0.1
title:	docker-testssl	url:	https://github.com/mbentley/docker-testssl	Trust: 0.1
title:	heartbleedscanner	url:	https://github.com/hybridus/heartbleedscanner	Trust: 0.1
title:	HeartLeak	url:	https://github.com/OffensivePython/HeartLeak	Trust: 0.1
title:	HBL	url:	https://github.com/ssc-oscar/HBL	Trust: 0.1
title:	awesome-stars	url:	https://github.com/utensil/awesome-stars	Trust: 0.1
title:	SecurityTesting_web-hacking	url:	https://github.com/mostakimur/SecurityTesting_web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/winterwolf32/awesome-web-hacking	Trust: 0.1
title:	awesome-web-hacking-1	url:	https://github.com/winterwolf32/awesome-web-hacking-1	Trust: 0.1
title:	-	url:	https://github.com/Mehedi-Babu/ethical_hacking_cyber	Trust: 0.1
title:	-	url:	https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/thanshurc/awesome-web-hacking	Trust: 0.1
title:	hack	url:	https://github.com/nvnpsplt/hack	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/noname1007/awesome-web-hacking	Trust: 0.1
title:	-	url:	https://github.com/ImranTheThirdEye/awesome-web-hacking	Trust: 0.1
title:	web-hacking	url:	https://github.com/Ondrik8/web-hacking	Trust: 0.1
title:	CheckSSL-ciphersuite	url:	https://github.com/kal1gh0st/CheckSSL-ciphersuite	Trust: 0.1
title:	-	url:	https://github.com/undacmic/HeartBleed-Demo	Trust: 0.1
title:	-	url:	https://github.com/MrE-Fog/ssl-heartbleed.nse	Trust: 0.1
title:	welivesecurity	url:	https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/	Trust: 0.1

sources: VULMON: CVE-2014-0160 // JVNDB: JVNDB-2014-001920

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0160	Trust: 2.8
db:	USCERT	id:	TA14-098A	Trust: 1.9
db:	CERT/CC	id:	VU#720951	Trust: 1.9
db:	SECUNIA	id:	57721	Trust: 1.1
db:	SECUNIA	id:	59243	Trust: 1.1
db:	SECUNIA	id:	57836	Trust: 1.1
db:	SECUNIA	id:	57968	Trust: 1.1
db:	SECUNIA	id:	59347	Trust: 1.1
db:	SECUNIA	id:	57966	Trust: 1.1
db:	SECUNIA	id:	57483	Trust: 1.1
db:	SECUNIA	id:	57347	Trust: 1.1
db:	SECUNIA	id:	59139	Trust: 1.1
db:	SECTRACK	id:	1030079	Trust: 1.1
db:	SECTRACK	id:	1030074	Trust: 1.1
db:	SECTRACK	id:	1030081	Trust: 1.1
db:	SECTRACK	id:	1030080	Trust: 1.1
db:	SECTRACK	id:	1030026	Trust: 1.1
db:	SECTRACK	id:	1030077	Trust: 1.1
db:	SECTRACK	id:	1030082	Trust: 1.1
db:	SECTRACK	id:	1030078	Trust: 1.1
db:	BID	id:	66690	Trust: 1.1
db:	EXPLOIT-DB	id:	32745	Trust: 1.1
db:	EXPLOIT-DB	id:	32764	Trust: 1.1
db:	SIEMENS	id:	SSA-635659	Trust: 1.1
db:	ICS CERT	id:	ICSA-14-135-02	Trust: 0.9
db:	JVN	id:	JVNVU94401838	Trust: 0.8
db:	USCERT	id:	TA15-119A	Trust: 0.8
db:	ICS CERT	id:	ICSA-15-344-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-128-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-114-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-126-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-135-04	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-135-05	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-105-02A	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-105-03A	Trust: 0.8
db:	ICS CERT ALERT	id:	ICS-ALERT-14-099-01E	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001920	Trust: 0.8
db:	VULMON	id:	CVE-2014-0160	Trust: 0.1
db:	PACKETSTORM	id:	126954	Trust: 0.1
db:	PACKETSTORM	id:	126647	Trust: 0.1
db:	PACKETSTORM	id:	126285	Trust: 0.1
db:	PACKETSTORM	id:	126458	Trust: 0.1
db:	PACKETSTORM	id:	126208	Trust: 0.1
db:	PACKETSTORM	id:	126186	Trust: 0.1
db:	PACKETSTORM	id:	126581	Trust: 0.1
db:	PACKETSTORM	id:	127085	Trust: 0.1
db:	PACKETSTORM	id:	126784	Trust: 0.1

sources: VULMON: CVE-2014-0160 // PACKETSTORM: 126954 // PACKETSTORM: 126647 // PACKETSTORM: 126285 // PACKETSTORM: 126458 // PACKETSTORM: 126208 // PACKETSTORM: 126186 // PACKETSTORM: 126581 // PACKETSTORM: 127085 // PACKETSTORM: 126784 // JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

REFERENCES

url:	http://heartbleed.com/	Trust: 1.9
url:	http://www.us-cert.gov/ncas/alerts/ta14-098a	Trust: 1.9
url:	https://code.google.com/p/mod-spdy/issues/detail?id=85	Trust: 1.9
url:	http://www.kb.cert.org/vuls/id/720951	Trust: 1.9
url:	https://www.cert.fi/en/reports/2014/vulnerability788210.html	Trust: 1.9
url:	http://advisories.mageia.org/mgasa-2014-0165.html	Trust: 1.9
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1084875	Trust: 1.1
url:	http://www.openssl.org/news/secadv_20140407.txt	Trust: 1.1
url:	http://www.securitytracker.com/id/1030078	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/109	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/190	Trust: 1.1
url:	https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-0376.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-0396.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030082	Trust: 1.1
url:	http://secunia.com/advisories/57347	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139722163017074&w=2	Trust: 1.1
url:	http://www.securitytracker.com/id/1030077	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670161	Trust: 1.1
url:	http://www.debian.org/security/2014/dsa-2896	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-0377.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030080	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030074	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/90	Trust: 1.1
url:	http://www.securitytracker.com/id/1030081	Trust: 1.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-0378.html	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/91	Trust: 1.1
url:	http://secunia.com/advisories/57483	Trust: 1.1
url:	http://www.splunk.com/view/sp-caaamb3	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030079	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html	Trust: 1.1
url:	http://secunia.com/advisories/57721	Trust: 1.1
url:	http://www.blackberry.com/btsc/kb35882	Trust: 1.1
url:	http://www.securitytracker.com/id/1030026	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/66690	Trust: 1.1
url:	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/	Trust: 1.1
url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/	Trust: 1.1
url:	http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/	Trust: 1.1
url:	https://blog.torproject.org/blog/openssl-bug-cve-2014-0160	Trust: 1.1
url:	http://secunia.com/advisories/57966	Trust: 1.1
url:	http://www.f-secure.com/en/web/labs_global/fsc-2014-1	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/173	Trust: 1.1
url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/	Trust: 1.1
url:	http://secunia.com/advisories/57968	Trust: 1.1
url:	http://www.exploit-db.com/exploits/32745	Trust: 1.1
url:	http://www.exploit-db.com/exploits/32764	Trust: 1.1
url:	http://secunia.com/advisories/57836	Trust: 1.1
url:	https://gist.github.com/chapmajs/10473815	Trust: 1.1
url:	http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/	Trust: 1.1
url:	http://cogentdatahub.com/releasenotes.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905458328378&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139869891830365&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139889113431619&w=2	Trust: 1.1
url:	http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1	Trust: 1.1
url:	http://www.kerio.com/support/kerio-control/release-history	Trust: 1.1
url:	http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3	Trust: 1.1
url:	https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result&javax.portlet.begcachetok=com.vignette.cachetoken&javax.portlet.endcachetok=com.vignette.cachetoken	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001843	Trust: 1.1
url:	https://filezilla-project.org/versions.php?type=server	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001841	Trust: 1.1
url:	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=141287864628122&w=2	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/dec/23	Trust: 1.1
url:	http://www.vmware.com/security/advisories/vmsa-2014-0012.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 1.1
url:	http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2015:062	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817727317190&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757726426985&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139758572430452&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905653828999&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139842151128341&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905405728262&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139833395230364&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139824993005633&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139843768401936&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905202427693&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139774054614965&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139889295732144&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139835815211508&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140724451518351&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139808058921905&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139836085512508&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139869720529462&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905868529690&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139765756720506&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140015787404650&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139824923705461&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757919027752&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139774703817488&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905243827825&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140075368411126&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905295427946&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139835844111589&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757819327350&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817685517037&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905351928096&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817782017443&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140752315422991&w=2	Trust: 1.1
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661	Trust: 1.1
url:	http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf	Trust: 1.1
url:	http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf	Trust: 1.1
url:	http://secunia.com/advisories/59347	Trust: 1.1
url:	http://secunia.com/advisories/59243	Trust: 1.1
url:	http://secunia.com/advisories/59139	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html	Trust: 1.1
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01	Trust: 1.1
url:	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html	Trust: 1.1
url:	http://support.citrix.com/article/ctx140605	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-2165-1	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/534161/100/0/threaded	Trust: 1.1
url:	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008	Trust: 1.1
url:	https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf	Trust: 1.1
url:	https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd	Trust: 1.1
url:	http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3	Trust: 1.1
url:	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160	Trust: 1.0
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-02	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0160	Trust: 0.9
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.8
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.8
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-04	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-05	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-03a	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-02a	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-114-01	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-126-01	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-128-01	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-344-01	Trust: 0.8
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01e	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140408-openssl.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140013.html	Trust: 0.8
url:	http://jvn.jp/ta/jvnta99041988/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94401838/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0160	Trust: 0.8
url:	https://www.us-cert.gov/ncas/alerts/ta15-119a	Trust: 0.8
url:	http://www.cente.jp/article/release/483.html	Trust: 0.8
url:	http://www.aratana.jp/security/detail.php?id=8	Trust: 0.8
url:	https://tools.ietf.org/html/rfc6520	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf	Trust: 0.8
url:	http://support.openview.hp.com/downloads.jsp	Trust: 0.4
url:	http://www8.h	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/p	Trust: 0.2
url:	https://h20564.www2.hp.com/portal/site/hpsc/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2019/jan/42	Trust: 0.1
url:	https://www.debian.org/security/./dsa-2896	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/	Trust: 0.1
url:	https://usn.ubuntu.com/2165-1/	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n	Trust: 0.1
url:	http://www.hp.com/go/insightupdates	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.1
url:	http://gpgtools.org	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/km00843314/binary/sa_alert_	Trust: 0.1
url:	http://www8.hp.com/us/en/software-so	Trust: 0.1
url:	https://w	Trust: 0.1
url:	http://www.hp.com/swpublishing/mtx-9c71e9ff82af4d1fbdea666d97	Trust: 0.1
url:	http://www.hp.com/swpublishing/mtx-ade2403c9999459aa758e16d46	Trust: 0.1
url:	http://www.hp.com/swpublishing/mtx-16533b4917c84c8c81b703f354	Trust: 0.1
url:	http://www.hp.com/swpublishing/mtx-06eee9db0f4a40d98d8cb32421	Trust: 0.1

CREDITS

Trust: 0.8

sources: PACKETSTORM: 126954 // PACKETSTORM: 126647 // PACKETSTORM: 126458 // PACKETSTORM: 126208 // PACKETSTORM: 126186 // PACKETSTORM: 126581 // PACKETSTORM: 127085 // PACKETSTORM: 126784

SOURCES

db:	VULMON	id:	CVE-2014-0160
db:	PACKETSTORM	id:	126954
db:	PACKETSTORM	id:	126647
db:	PACKETSTORM	id:	126285
db:	PACKETSTORM	id:	126458
db:	PACKETSTORM	id:	126208
db:	PACKETSTORM	id:	126186
db:	PACKETSTORM	id:	126581
db:	PACKETSTORM	id:	127085
db:	PACKETSTORM	id:	126784
db:	JVNDB	id:	JVNDB-2014-001920
db:	NVD	id:	CVE-2014-0160

LAST UPDATE DATE

2025-12-22T22:25:45.985000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2014-0160	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001920	date:	2015-12-22T00:00:00
db:	NVD	id:	CVE-2014-0160	date:	2025-10-22T01:15:53.233

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2014-0160	date:	2014-04-07T00:00:00
db:	PACKETSTORM	id:	126954	date:	2014-06-05T21:02:31
db:	PACKETSTORM	id:	126647	date:	2014-05-16T04:43:57
db:	PACKETSTORM	id:	126285	date:	2014-04-23T21:26:11
db:	PACKETSTORM	id:	126458	date:	2014-05-03T02:17:11
db:	PACKETSTORM	id:	126208	date:	2014-04-17T22:04:49
db:	PACKETSTORM	id:	126186	date:	2014-04-16T20:43:08
db:	PACKETSTORM	id:	126581	date:	2014-05-10T13:13:00
db:	PACKETSTORM	id:	127085	date:	2014-06-13T13:31:03
db:	PACKETSTORM	id:	126784	date:	2014-05-23T13:13:00
db:	JVNDB	id:	JVNDB-2014-001920	date:	2014-04-08T00:00:00
db:	NVD	id:	CVE-2014-0160	date:	2014-04-07T22:55:03.893