Details of VAR-201404-0592

ID

VAR-201404-0592

CVE

CVE-2014-0160

TITLE

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities

Trust: 0.3

sources: BID: 66690

DESCRIPTION

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. RubyGems actionpack is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions. This vulnerability is fixed in RubyGems actionpack 4.0.2 and 3.2.16. OpenSSL is prone to multiple information disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and 1.0.1 are vulnerable. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions: 671H_GS00601 665H_GS12501 663H_GS04601 HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions: 655H_GS10201 HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below. Mitigation Instructions The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI: Product Configuration Options to Disable TLS Heartbeat Functions Secure SMI-S CVTL User Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Cisco TelePresence System MXP Series Advisory ID: cisco-sa-20140430-mxp Revision 1.0 For Public Release 2014 April 30 16:00 UTC (GMT) Summary ======= Cisco TelePresence System MXP Series Software contains the following vulnerabilities: Three SIP denial of service vulnerabilities Three H.225 denial of service vulnerabilities Successful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected system to reload. There are no workarounds that mitigate these vulnerabilities. https://w orksitesupport.autonomy.com/worksite/Scripts/GetDoc.aspx?latest=0%26nrtid=!nr tdms:0:!session:10.253.1.101:!database:SUPPORT:!document:1351832,1 Note: after applying the update, HP recommends these additional steps to assure the vulnerability is addressed. ============================================================================ Ubuntu Security Notice USN-2165-1 April 07, 2014 openssl vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: OpenSSL could be made to expose sensitive information over the network, possibly including private keys. (CVE-2014-0160) Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2 Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7 Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12 After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz: Upgraded. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for preparing the fix. Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 (* Security fix *) patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1g-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1g-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1g-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1g-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1g-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1g-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1g-i486-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1g-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1g-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: 5467a62ebfbe9a9bfff64dcc4cfcdf7d openssl-1.0.1g-i486-1_slack14.0.txz bdadd9920f2ce6fe4a0a7bd0d96f99df openssl-solibs-1.0.1g-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 11ede2992e2b5d15bd3ffc5807571350 openssl-1.0.1g-x86_64-1_slack14.0.txz 858ea6409aab45a67a880458ce48f923 openssl-solibs-1.0.1g-x86_64-1_slack14.0.txz Slackware 14.1 packages: 8638083d9768ffcc4b7c597806ca634c openssl-1.0.1g-i486-1_slack14.1.txz 4d9dfe9db9e1f286ead72fc60971807b openssl-solibs-1.0.1g-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: d85f8f451f71dd606f3adb59e582322a openssl-1.0.1g-x86_64-1_slack14.1.txz 43ff4bbfe26f99e7a3b9145146d191a0 openssl-solibs-1.0.1g-x86_64-1_slack14.1.txz Slackware -current packages: 265a66855320207d4a7567ac5ae9a747 a/openssl-solibs-1.0.1g-i486-1.txz bf07a4b17f1c78a4081e2cfb711b8748 n/openssl-1.0.1g-i486-1.txz Slackware x86_64 -current packages: 27e5135d764bd87bdb784b288e416b22 a/openssl-solibs-1.0.1g-x86_64-1.txz 5ef747eed99ac34102b34d8d0eaed3a8 n/openssl-1.0.1g-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.1g-i486-1_slack14.1.txz openssl-solibs-1.0.1g-i486-1_slack14.1.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. After the protocols have been disabled, change the user passwords on the array. This bulletin will be revised when the software updates are released. Until the software updates are available, HP recommends restricting administrative access to the MSA on a secure and isolated private management network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged network position may obtain memory contents Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue. CVE-ID CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta of Google Security Installation note for Firmware version 7.7.3 Firmware version 7.7.3 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS. Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.7.3. AirPort Utility for Mac is a free download from http://www.apple.com/support/downloads/ and AirPort Utility for iOS is a free download from the App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0376-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0376.html Issue date: 2014-04-08 CVE Names: CVE-2014-0160 ===================================================================== 1. Summary: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-perl-1.0.1e-16.el6_5.7.i686.rpm openssl-static-1.0.1e-16.el6_5.7.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm x86_64: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm ppc64: openssl-1.0.1e-16.el6_5.7.ppc.rpm openssl-1.0.1e-16.el6_5.7.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.7.ppc.rpm openssl-devel-1.0.1e-16.el6_5.7.ppc64.rpm s390x: openssl-1.0.1e-16.el6_5.7.s390.rpm openssl-1.0.1e-16.el6_5.7.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.s390x.rpm openssl-devel-1.0.1e-16.el6_5.7.s390.rpm openssl-devel-1.0.1e-16.el6_5.7.s390x.rpm x86_64: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-perl-1.0.1e-16.el6_5.7.i686.rpm openssl-static-1.0.1e-16.el6_5.7.i686.rpm ppc64: openssl-debuginfo-1.0.1e-16.el6_5.7.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.7.ppc64.rpm openssl-static-1.0.1e-16.el6_5.7.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-16.el6_5.7.s390x.rpm openssl-perl-1.0.1e-16.el6_5.7.s390x.rpm openssl-static-1.0.1e-16.el6_5.7.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-perl-1.0.1e-16.el6_5.7.i686.rpm openssl-static-1.0.1e-16.el6_5.7.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTQ2mcXlSAg2UNWIIRAvNWAJ9caqXvj0Buf9qcAG03+BZSW85rCwCgtrfb +Ibr0642hrwOVmGicBkJ3xs= =p42l -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 1 HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-11 Last Updated: 2014-04-11 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. References: CVE-2014-0160 (SSRT101499) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes HP Service Manager v9.32, v9.33 HP Asset Manager v9.40, v9.40 CSC HP UCMDB Browser APR enabled on Tomcat includes an affected OpenSSL version HP CIT (ConnectIT) v9.52, v9.53 HP Executive Scorecard v9.40, v9.41 HP Server Automation v10.00, v10.01 HP Diagnostics v9.23, v9.23 IP1 HP LoadRunner v11.52, v12.0 Controller/load generator communication channel HP Performance Center v11.52, v12.0 Controller/load generator communication channel Impacted Versions table BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Trust: 2.88

sources: NVD: CVE-2014-0160 // BID: 64074 // BID: 66690 // PACKETSTORM: 126208 // PACKETSTORM: 127279 // PACKETSTORM: 126420 // PACKETSTORM: 126186 // PACKETSTORM: 126045 // PACKETSTORM: 126237 // PACKETSTORM: 126086 // VULMON: CVE-2014-0160 // PACKETSTORM: 126450 // PACKETSTORM: 126563 // PACKETSTORM: 126418 // PACKETSTORM: 126458 // PACKETSTORM: 126285 // PACKETSTORM: 126261 // PACKETSTORM: 126053 // PACKETSTORM: 126123

AFFECTED PRODUCTS

vendor:	mitel	model:	mivoice	scope:	eq	version:	1.3.2.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	20	Trust: 1.0
vendor:	intellian	model:	v60	scope:	eq	version:	1.15	Trust: 1.0
vendor:	ricon	model:	s9922l	scope:	eq	version:	16.10.3\(3794\)	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.1.2.5	Trust: 1.0
vendor:	redhat	model:	gluster storage	scope:	eq	version:	2.1	Trust: 1.0
vendor:	siemens	model:	application processing engine	scope:	eq	version:	2.0	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.24	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.1g	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500	scope:	eq	version:	1.5	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	splunk	model:	splunk	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	19	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.10	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.1.3.3	Trust: 1.0
vendor:	broadcom	model:	symantec messaging gateway	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	redhat	model:	virtualization	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.0.1	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.20	Trust: 1.0
vendor:	intellian	model:	v60	scope:	eq	version:	1.25	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	13.10	Trust: 1.0
vendor:	siemens	model:	cp 1543-1	scope:	eq	version:	1.1	Trust: 1.0
vendor:	siemens	model:	wincc open architecture	scope:	eq	version:	3.12	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.3.0.104	Trust: 1.0
vendor:	splunk	model:	splunk	scope:	lt	version:	6.0.3	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.2.0.11	Trust: 1.0
vendor:	siemens	model:	elan-8.2	scope:	lt	version:	8.3.3	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	storage	scope:	eq	version:	2.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	filezilla	model:	server	scope:	lt	version:	0.9.44	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.1	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500t	scope:	eq	version:	1.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.4.0.102	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.21	Trust: 1.0
vendor:	broadcom	model:	symantec messaging gateway	scope:	eq	version:	10.6.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.3	Trust: 1.0
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.6
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.6
vendor:	ibm	model:	rational clearquest	scope:	eq	version:	8.0.0.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	5.3.1	Trust: 0.3
vendor:	apple	model:	airport extreme	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	css11500 content services switch	scope:	ne	version:	-	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.7.2	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.5.3	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.0	Trust: 0.3
vendor:	avaya	model:	aura presence services	scope:	eq	version:	6.1.1	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	1.6.1	Trust: 0.3
vendor:	attachmate	model:	reflection for ibm	scope:	eq	version:	14.0.5	Trust: 0.3
vendor:	attachmate	model:	reflection	scope:	eq	version:	x14.0.5	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6.2	Trust: 0.3
vendor:	blue	model:	coat systems policy center	scope:	ne	version:	0	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.6.2	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.0.1.0	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.26	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.4.1	Trust: 0.3
vendor:	red	model:	hat enterprise linux server optional	scope:	eq	version:	6	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1a	scope:	-	version:	-	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.4.3	Trust: 0.3
vendor:	attachmate	model:	reflection	scope:	eq	version:	x14.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.02	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.5	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.7	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.2.1	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation optional	scope:	eq	version:	6	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.5.5	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.4.5	Trust: 0.3
vendor:	attachmate	model:	reflection	scope:	eq	version:	14.1	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	5.3	Trust: 0.3
vendor:	attachmate	model:	reflection for hp	scope:	eq	version:	14.0.5	Trust: 0.3
vendor:	bluecat	model:	networks adonis	scope:	eq	version:	4.1.43	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cerberus	model:	ftp server	scope:	eq	version:	4.0.9.8	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.1.1	Trust: 0.3
vendor:	ibm	model:	rational clearquest	scope:	eq	version:	8.0.0.2	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.6	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.3.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.0.1.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.0.1.3	Trust: 0.3
vendor:	blue	model:	coat systems director	scope:	ne	version:	0	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	3.3	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.0	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	avaya	model:	aura session manager	scope:	eq	version:	6.2	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.0.1.4	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	1.6	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.4.2	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.4	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node optional	scope:	eq	version:	6	Trust: 0.3
vendor:	ipswitch	model:	imail server	scope:	eq	version:	11.01	Trust: 0.3
vendor:	openssl	model:	project openssl 1.0.1c	scope:	-	version:	-	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.4.4	Trust: 0.3
vendor:	mcafee	model:	epolicy orchestrator	scope:	eq	version:	4.5	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.8	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.3.5	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	3.2	Trust: 0.3
vendor:	avaya	model:	aura system manager	scope:	eq	version:	6.2	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.0	Trust: 0.3
vendor:	attachmate	model:	reflection sp1	scope:	eq	version:	14.0	Trust: 0.3
vendor:	ibm	model:	rational clearquest	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	wireless location appliance	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	attachmate	model:	reflection for ibm	scope:	eq	version:	14	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.0.1.2	Trust: 0.3
vendor:	opera	model:	software opera	scope:	eq	version:	11.10	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.2	Trust: 0.3
vendor:	red	model:	hat enterprise virtualization hypervisor for rhel	scope:	eq	version:	60	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.6.5	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.3.2	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	ibm	model:	tivoli management framework	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.3.4	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.9	Trust: 0.3
vendor:	kerio	model:	control	scope:	eq	version:	7.1.0	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	5.3	Trust: 0.3
vendor:	ibm	model:	rational clearquest	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.3	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	3.1	Trust: 0.3
vendor:	ipswitch	model:	imail server	scope:	eq	version:	11.02	Trust: 0.3
vendor:	attachmate	model:	reflection	scope:	eq	version:	14.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ibm	model:	rational clearquest	scope:	eq	version:	7.1.2.6	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	7.1	Trust: 0.3
vendor:	attachmate	model:	reflection for the multi-host enterprise pro	scope:	eq	version:	14.0.5	Trust: 0.3
vendor:	cisco	model:	ace module	scope:	ne	version:	0	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.10	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.1.0	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.0.0.1	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.5.2	Trust: 0.3
vendor:	ibm	model:	rational clearquest	scope:	eq	version:	7.1.2.2	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.2	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	1.0.1	Trust: 0.3
vendor:	ibm	model:	rational clearcase	scope:	eq	version:	7.1.2.2	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.3.3	Trust: 0.3
vendor:	kerio	model:	control patch	scope:	eq	version:	7.1.01	Trust: 0.3
vendor:	mcafee	model:	security for microsoft exchange	scope:	eq	version:	7.6	Trust: 0.3
vendor:	ibm	model:	rational clearquest	scope:	eq	version:	7.1.2.5	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	ibm	model:	aix	scope:	eq	version:	6.1	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	attachmate	model:	reflection suite for	scope:	eq	version:	x14.0.5	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	7.0.1.5	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop optional	scope:	eq	version:	6	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.3.6	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.5	Trust: 0.3
vendor:	blue	model:	coat systems packetshaper	scope:	ne	version:	0	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.4	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.7	Trust: 0.3
vendor:	ibm	model:	rational clearquest	scope:	eq	version:	7.1.2.1	Trust: 0.3
vendor:	ibm	model:	websphere mq	scope:	eq	version:	6.0.2.11	Trust: 0.3
vendor:	python	model:	software foundation python	scope:	eq	version:	2.5.6	Trust: 0.3
vendor:	attachmate	model:	reflection	scope:	eq	version:	x14.0	Trust: 0.3
vendor:	attachmate	model:	reflection for unix and openvms	scope:	eq	version:	14.0.5	Trust: 0.3
vendor:	blue	model:	coat systems intelligence center	scope:	ne	version:	0	Trust: 0.3
vendor:	suse	model:	webyast	scope:	eq	version:	1.3	Trust: 0.3
vendor:	suse	model:	studio onsite	scope:	eq	version:	1.3	Trust: 0.3
vendor:	suse	model:	lifecycle management server	scope:	eq	version:	1.3	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.1	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	12.3	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	12.2	Trust: 0.3
vendor:	rubygems	model:	actionpack	scope:	eq	version:	3.0	Trust: 0.3
vendor:	rubygems	model:	actionpack	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	rubygems	model:	actionpack	scope:	eq	version:	3.2.15	Trust: 0.3
vendor:	redhat	model:	software collections for rhel	scope:	eq	version:	0	Trust: 0.3
vendor:	redhat	model:	openstack	scope:	eq	version:	3.0	Trust: 0.3
vendor:	puppetlabs	model:	puppet enterprise	scope:	eq	version:	3.1	Trust: 0.3
vendor:	opscode	model:	chef	scope:	eq	version:	11.1.2	Trust: 0.3
vendor:	rubygems	model:	actionpack	scope:	ne	version:	4.0.2	Trust: 0.3
vendor:	rubygems	model:	actionpack	scope:	ne	version:	3.2.16	Trust: 0.3
vendor:	puppetlabs	model:	puppet enterprise	scope:	ne	version:	3.1.1	Trust: 0.3
vendor:	opscode	model:	chef	scope:	ne	version:	11.1.3	Trust: 0.3

sources: BID: 66690 // BID: 64074 // NVD: CVE-2014-0160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0160
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2014-0160
value:	HIGH
Trust: 1.0
VULMON:	CVE-2014-0160
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0160
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2014-0160
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULMON: CVE-2014-0160 // NVD: CVE-2014-0160 // NVD: CVE-2014-0160

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.0

sources: NVD: CVE-2014-0160

THREAT TYPE

network

Trust: 0.6

sources: BID: 66690 // BID: 64074

TYPE

Design Error

Trust: 0.3

sources: BID: 66690

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-0160

PATCH

title:	The Register	url:	https://www.theregister.co.uk/2017/01/23/heartbleed_2017/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/	Trust: 0.2
title:	Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e4799ab8fe4804274ba2db4d65cd867b	Trust: 0.1
title:	Debian Security Advisories: DSA-2896-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=264ec318be06a69e28012f62b2dc5bb7	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2165-1	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2014-0160	Trust: 0.1
title:	exploits	url:	https://github.com/vs4vijay/exploits	Trust: 0.1
title:	VULNIX	url:	https://github.com/El-Palomo/VULNIX	Trust: 0.1
title:	openssl-heartbleed-fix	url:	https://github.com/sammyfung/openssl-heartbleed-fix	Trust: 0.1
title:	cve-2014-0160	url:	https://github.com/cved-sources/cve-2014-0160	Trust: 0.1
title:	heartbleed_check	url:	https://github.com/ehoffmann-cp/heartbleed_check	Trust: 0.1
title:	heartbleed	url:	https://github.com/okrutnik420/heartbleed	Trust: 0.1
title:	heartbleed-test.crx	url:	https://github.com/iwaffles/heartbleed-test.crx	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/te	Trust: 0.1
title:	AradSocket	url:	https://github.com/araditc/AradSocket	Trust: 0.1
title:	sslscan	url:	https://github.com/kaisenlinux/sslscan	Trust: 0.1
title:	Springboard_Capstone_Project	url:	https://github.com/jonahwinninghoff/Springboard_Capstone_Project	Trust: 0.1
title:	-	url:	https://github.com/MrE-Fog/heartbleeder	Trust: 0.1
title:	buffer_overflow_exploit	url:	https://github.com/olivamadrigal/buffer_overflow_exploit	Trust: 0.1
title:	-	url:	https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening	Trust: 0.1
title:	insecure_project	url:	https://github.com/turtlesec-no/insecure_project	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/ssl	Trust: 0.1
title:	-	url:	https://github.com/H4R335HR/heartbleed	Trust: 0.1
title:	nmap-scripts	url:	https://github.com/takeshixx/nmap-scripts	Trust: 0.1
title:	knockbleed	url:	https://github.com/siddolo/knockbleed	Trust: 0.1
title:	heartbleed-masstest	url:	https://github.com/musalbas/heartbleed-masstest	Trust: 0.1
title:	HeartBleedDotNet	url:	https://github.com/ShawInnes/HeartBleedDotNet	Trust: 0.1
title:	heartbleed_test_openvpn	url:	https://github.com/weisslj/heartbleed_test_openvpn	Trust: 0.1
title:	paraffin	url:	https://github.com/vmeurisse/paraffin	Trust: 0.1
title:	sslscan	url:	https://github.com/rbsec/sslscan	Trust: 0.1
title:	Heartbleed_Dockerfile_with_Nginx	url:	https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx	Trust: 0.1
title:	heartbleed-bug	url:	https://github.com/cldme/heartbleed-bug	Trust: 0.1
title:	-	url:	https://github.com/H4CK3RT3CH/awesome-web-hacking	Trust: 0.1
title:	Web-Hacking	url:	https://github.com/adm0i/Web-Hacking	Trust: 0.1
title:	cybersecurity-ethical-hacking	url:	https://github.com/paulveillard/cybersecurity-ethical-hacking	Trust: 0.1
title:	Lastest-Web-Hacking-Tools-vol-I	url:	https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I	Trust: 0.1
title:	HTBValentineWriteup	url:	https://github.com/zimmel15/HTBValentineWriteup	Trust: 0.1
title:	heartbleed-poc	url:	https://github.com/sensepost/heartbleed-poc	Trust: 0.1
title:	CVE-2014-0160	url:	https://github.com/0x90/CVE-2014-0160	Trust: 0.1
title:	Certified-Ethical-Hacker-Exam-CEH-v10	url:	https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10	Trust: 0.1
title:	cs558heartbleed	url:	https://github.com/gkaptch1/cs558heartbleed	Trust: 0.1
title:	HeartBleed	url:	https://github.com/archaic-magnon/HeartBleed	Trust: 0.1
title:	-	url:	https://github.com/undacmic/heartbleed-proof-of-concept	Trust: 0.1
title:	openvpn-jookk	url:	https://github.com/Jeypi04/openvpn-jookk	Trust: 0.1
title:	Heartbleed	url:	https://github.com/Saiprasad16/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/KickFootCode/LoveYouALL	Trust: 0.1
title:	-	url:	https://github.com/imesecan/LeakReducer-artifacts	Trust: 0.1
title:	-	url:	https://github.com/TVernet/Kali-Tools-liste-et-description	Trust: 0.1
title:	-	url:	https://github.com/k4u5h41/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/ronaldogdm/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/rochacbruno/my-awesome-stars	Trust: 0.1
title:	-	url:	https://github.com/asadhasan73/temp_comp_sec	Trust: 0.1
title:	-	url:	https://github.com/Aakaashzz/Heartbleed	Trust: 0.1
title:	tls-channel	url:	https://github.com/marianobarrios/tls-channel	Trust: 0.1
title:	fuzzx_cpp_demo	url:	https://github.com/guardstrikelab/fuzzx_cpp_demo	Trust: 0.1
title:	-	url:	https://github.com/Ppamo/recon_net_tools	Trust: 0.1
title:	heatbleeding	url:	https://github.com/idkqh7/heatbleeding	Trust: 0.1
title:	HeartBleed-Vulnerability-Checker	url:	https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker	Trust: 0.1
title:	heartbleed	url:	https://github.com/iSCInc/heartbleed	Trust: 0.1
title:	heartbleed-dtls	url:	https://github.com/hreese/heartbleed-dtls	Trust: 0.1
title:	heartbleedchecker	url:	https://github.com/roganartu/heartbleedchecker	Trust: 0.1
title:	nmap-heartbleed	url:	https://github.com/azet/nmap-heartbleed	Trust: 0.1
title:	sslscan	url:	https://github.com/delishen/sslscan	Trust: 0.1
title:	web-hacking	url:	https://github.com/hr-beast/web-hacking	Trust: 0.1
title:	-	url:	https://github.com/Miss-Brain/Web-Application-Security	Trust: 0.1
title:	web-hacking	url:	https://github.com/Hemanthraju02/web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/QWERTSKIHACK/awesome-web-hacking	Trust: 0.1
title:	-	url:	https://github.com/himera25/web-hacking-list	Trust: 0.1
title:	-	url:	https://github.com/dorota-fiit/bp-Heartbleed-defense-game	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/sslscan	Trust: 0.1
title:	Heart-bleed	url:	https://github.com/anonymouse327311/Heart-bleed	Trust: 0.1
title:	goScan	url:	https://github.com/stackviolator/goScan	Trust: 0.1
title:	sec-tool-list	url:	https://github.com/alphaSeclab/sec-tool-list	Trust: 0.1
title:	-	url:	https://github.com/utensil/awesome-stars-test	Trust: 0.1
title:	insecure-cplusplus-dojo	url:	https://github.com/patricia-gallardo/insecure-cplusplus-dojo	Trust: 0.1
title:	-	url:	https://github.com/jubalh/awesome-package-maintainer	Trust: 0.1
title:	-	url:	https://github.com/Elnatty/tryhackme_labs	Trust: 0.1
title:	-	url:	https://github.com/hzuiw33/OpenSSL	Trust: 0.1
title:	makeItBleed	url:	https://github.com/mcampa/makeItBleed	Trust: 0.1
title:	CVE-2014-0160-Chrome-Plugin	url:	https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin	Trust: 0.1
title:	heartbleedfixer.com	url:	https://github.com/reenhanced/heartbleedfixer.com	Trust: 0.1
title:	CVE-2014-0160-Scanner	url:	https://github.com/obayesshelton/CVE-2014-0160-Scanner	Trust: 0.1
title:	openmagic	url:	https://github.com/isgroup-srl/openmagic	Trust: 0.1
title:	heartbleeder	url:	https://github.com/titanous/heartbleeder	Trust: 0.1
title:	cardiac-arrest	url:	https://github.com/ah8r/cardiac-arrest	Trust: 0.1
title:	heartbleed_openvpn_poc	url:	https://github.com/tam7t/heartbleed_openvpn_poc	Trust: 0.1
title:	docker-wheezy-with-heartbleed	url:	https://github.com/simonswine/docker-wheezy-with-heartbleed	Trust: 0.1
title:	docker-testssl	url:	https://github.com/mbentley/docker-testssl	Trust: 0.1
title:	heartbleedscanner	url:	https://github.com/hybridus/heartbleedscanner	Trust: 0.1
title:	HeartLeak	url:	https://github.com/OffensivePython/HeartLeak	Trust: 0.1
title:	HBL	url:	https://github.com/ssc-oscar/HBL	Trust: 0.1
title:	awesome-stars	url:	https://github.com/utensil/awesome-stars	Trust: 0.1
title:	SecurityTesting_web-hacking	url:	https://github.com/mostakimur/SecurityTesting_web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/winterwolf32/awesome-web-hacking	Trust: 0.1
title:	awesome-web-hacking-1	url:	https://github.com/winterwolf32/awesome-web-hacking-1	Trust: 0.1
title:	-	url:	https://github.com/Mehedi-Babu/ethical_hacking_cyber	Trust: 0.1
title:	-	url:	https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/thanshurc/awesome-web-hacking	Trust: 0.1
title:	hack	url:	https://github.com/nvnpsplt/hack	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/noname1007/awesome-web-hacking	Trust: 0.1
title:	-	url:	https://github.com/ImranTheThirdEye/awesome-web-hacking	Trust: 0.1
title:	web-hacking	url:	https://github.com/Ondrik8/web-hacking	Trust: 0.1
title:	CheckSSL-ciphersuite	url:	https://github.com/kal1gh0st/CheckSSL-ciphersuite	Trust: 0.1
title:	-	url:	https://github.com/undacmic/HeartBleed-Demo	Trust: 0.1
title:	-	url:	https://github.com/MrE-Fog/ssl-heartbleed.nse	Trust: 0.1
title:	welivesecurity	url:	https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/	Trust: 0.1

sources: VULMON: CVE-2014-0160

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0160	Trust: 3.2
db:	BID	id:	66690	Trust: 1.4
db:	CERT/CC	id:	VU#720951	Trust: 1.4
db:	SECUNIA	id:	57721	Trust: 1.1
db:	SECUNIA	id:	59243	Trust: 1.1
db:	SECUNIA	id:	57836	Trust: 1.1
db:	SECUNIA	id:	57968	Trust: 1.1
db:	SECUNIA	id:	59347	Trust: 1.1
db:	SECUNIA	id:	57966	Trust: 1.1
db:	SECUNIA	id:	57483	Trust: 1.1
db:	SECUNIA	id:	57347	Trust: 1.1
db:	SECUNIA	id:	59139	Trust: 1.1
db:	SECTRACK	id:	1030079	Trust: 1.1
db:	SECTRACK	id:	1030074	Trust: 1.1
db:	SECTRACK	id:	1030081	Trust: 1.1
db:	SECTRACK	id:	1030080	Trust: 1.1
db:	SECTRACK	id:	1030026	Trust: 1.1
db:	SECTRACK	id:	1030077	Trust: 1.1
db:	SECTRACK	id:	1030082	Trust: 1.1
db:	SECTRACK	id:	1030078	Trust: 1.1
db:	EXPLOIT-DB	id:	32745	Trust: 1.1
db:	EXPLOIT-DB	id:	32764	Trust: 1.1
db:	USCERT	id:	TA14-098A	Trust: 1.1
db:	SIEMENS	id:	SSA-635659	Trust: 1.1
db:	ICS CERT	id:	ICSA-14-135-02	Trust: 0.4
db:	ICS CERT ALERT	id:	ICS-ALERT-14-099-01E	Trust: 0.3
db:	ICS CERT ALERT	id:	ICS-ALERT-14-099-01B	Trust: 0.3
db:	ICS CERT ALERT	id:	ICS-ALERT-14-099-01C	Trust: 0.3
db:	ICS CERT ALERT	id:	ICS-ALERT-14-099-01D	Trust: 0.3
db:	ICS CERT ALERT	id:	ICS-ALERT-14-099-01F	Trust: 0.3
db:	ICS CERT ALERT	id:	ICS-ALERT-14-099-01A	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-105-02A	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-126-01A	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-135-04	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-105-03	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-105-03B	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-135-05	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-128-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-126-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-114-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-105-02	Trust: 0.3
db:	ICS CERT	id:	ICSA-15-344-01	Trust: 0.3
db:	ICS CERT	id:	ICSA-14-105-03A	Trust: 0.3
db:	JUNIPER	id:	JSA10623	Trust: 0.3
db:	DLINK	id:	SAP10022	Trust: 0.3
db:	MCAFEE	id:	SB10071	Trust: 0.3
db:	BID	id:	64074	Trust: 0.3
db:	VULMON	id:	CVE-2014-0160	Trust: 0.1
db:	PACKETSTORM	id:	126053	Trust: 0.1
db:	PACKETSTORM	id:	126261	Trust: 0.1
db:	PACKETSTORM	id:	126285	Trust: 0.1
db:	PACKETSTORM	id:	126458	Trust: 0.1
db:	PACKETSTORM	id:	126418	Trust: 0.1
db:	PACKETSTORM	id:	126563	Trust: 0.1
db:	PACKETSTORM	id:	126123	Trust: 0.1
db:	PACKETSTORM	id:	126450	Trust: 0.1
db:	PACKETSTORM	id:	126208	Trust: 0.1
db:	PACKETSTORM	id:	126086	Trust: 0.1
db:	PACKETSTORM	id:	126237	Trust: 0.1
db:	PACKETSTORM	id:	126045	Trust: 0.1
db:	PACKETSTORM	id:	126186	Trust: 0.1
db:	PACKETSTORM	id:	126420	Trust: 0.1
db:	PACKETSTORM	id:	127279	Trust: 0.1

sources: VULMON: CVE-2014-0160 // BID: 66690 // BID: 64074 // PACKETSTORM: 126053 // PACKETSTORM: 126261 // PACKETSTORM: 126285 // PACKETSTORM: 126458 // PACKETSTORM: 126418 // PACKETSTORM: 126563 // PACKETSTORM: 126123 // PACKETSTORM: 126450 // PACKETSTORM: 126208 // PACKETSTORM: 126086 // PACKETSTORM: 126237 // PACKETSTORM: 126045 // PACKETSTORM: 126186 // PACKETSTORM: 126420 // PACKETSTORM: 127279 // NVD: CVE-2014-0160

REFERENCES

url:	http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html	Trust: 1.7
url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/	Trust: 1.7
url:	http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0160	Trust: 1.5
url:	http://www.openssl.org/news/secadv_20140407.txt	Trust: 1.4
url:	http://heartbleed.com/	Trust: 1.4
url:	https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html	Trust: 1.4
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670161	Trust: 1.4
url:	http://rhn.redhat.com/errata/rhsa-2014-0377.html	Trust: 1.4
url:	http://www.splunk.com/view/sp-caaamb3	Trust: 1.4
url:	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html	Trust: 1.4
url:	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/	Trust: 1.4
url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/	Trust: 1.4
url:	http://www.f-secure.com/en/web/labs_global/fsc-2014-1	Trust: 1.4
url:	http://www.kb.cert.org/vuls/id/720951	Trust: 1.4
url:	http://www.kerio.com/support/kerio-control/release-history	Trust: 1.4
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00	Trust: 1.4
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661	Trust: 1.4
url:	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html	Trust: 1.4
url:	http://support.citrix.com/article/ctx140605	Trust: 1.4
url:	http://rhn.redhat.com/errata/rhsa-2014-0376.html	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-2165-1	Trust: 1.2
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1084875	Trust: 1.1
url:	http://www.securitytracker.com/id/1030078	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/109	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/190	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-0396.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030082	Trust: 1.1
url:	http://secunia.com/advisories/57347	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139722163017074&w=2	Trust: 1.1
url:	http://www.securitytracker.com/id/1030077	Trust: 1.1
url:	http://www.debian.org/security/2014/dsa-2896	Trust: 1.1
url:	http://www.securitytracker.com/id/1030080	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030074	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/90	Trust: 1.1
url:	http://www.securitytracker.com/id/1030081	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-0378.html	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/91	Trust: 1.1
url:	http://secunia.com/advisories/57483	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030079	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html	Trust: 1.1
url:	http://secunia.com/advisories/57721	Trust: 1.1
url:	http://www.blackberry.com/btsc/kb35882	Trust: 1.1
url:	http://www.securitytracker.com/id/1030026	Trust: 1.1
url:	http://www.securityfocus.com/bid/66690	Trust: 1.1
url:	http://www.us-cert.gov/ncas/alerts/ta14-098a	Trust: 1.1
url:	http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/	Trust: 1.1
url:	https://blog.torproject.org/blog/openssl-bug-cve-2014-0160	Trust: 1.1
url:	http://secunia.com/advisories/57966	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/173	Trust: 1.1
url:	http://secunia.com/advisories/57968	Trust: 1.1
url:	https://code.google.com/p/mod-spdy/issues/detail?id=85	Trust: 1.1
url:	http://www.exploit-db.com/exploits/32745	Trust: 1.1
url:	https://www.cert.fi/en/reports/2014/vulnerability788210.html	Trust: 1.1
url:	http://www.exploit-db.com/exploits/32764	Trust: 1.1
url:	http://secunia.com/advisories/57836	Trust: 1.1
url:	https://gist.github.com/chapmajs/10473815	Trust: 1.1
url:	http://cogentdatahub.com/releasenotes.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905458328378&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139869891830365&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139889113431619&w=2	Trust: 1.1
url:	http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1	Trust: 1.1
url:	http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3	Trust: 1.1
url:	http://advisories.mageia.org/mgasa-2014-0165.html	Trust: 1.1
url:	https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result&javax.portlet.begcachetok=com.vignette.cachetoken&javax.portlet.endcachetok=com.vignette.cachetoken	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001843	Trust: 1.1
url:	https://filezilla-project.org/versions.php?type=server	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001841	Trust: 1.1
url:	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=141287864628122&w=2	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/dec/23	Trust: 1.1
url:	http://www.vmware.com/security/advisories/vmsa-2014-0012.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 1.1
url:	http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2015:062	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817727317190&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757726426985&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139758572430452&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905653828999&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139842151128341&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905405728262&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139833395230364&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139824993005633&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139843768401936&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905202427693&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139774054614965&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139889295732144&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139835815211508&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140724451518351&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139808058921905&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139836085512508&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139869720529462&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905868529690&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139765756720506&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140015787404650&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139824923705461&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757919027752&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139774703817488&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905243827825&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140075368411126&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905295427946&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139835844111589&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757819327350&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817685517037&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905351928096&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817782017443&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140752315422991&w=2	Trust: 1.1
url:	http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf	Trust: 1.1
url:	http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf	Trust: 1.1
url:	http://secunia.com/advisories/59347	Trust: 1.1
url:	http://secunia.com/advisories/59243	Trust: 1.1
url:	http://secunia.com/advisories/59139	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html	Trust: 1.1
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/534161/100/0/threaded	Trust: 1.1
url:	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008	Trust: 1.1
url:	https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf	Trust: 1.1
url:	https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd	Trust: 1.1
url:	http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3	Trust: 1.1
url:	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 1.0
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 1.0
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 1.0
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160	Trust: 1.0
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04236062	Trust: 0.9
url:	https://www.stunnel.org/sdf_changelog.html	Trust: 0.6
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04250814	Trust: 0.6
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04236102	Trust: 0.6
url:	http://support.openview.hp.com/downloads.jsp	Trust: 0.5
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-02	Trust: 0.4
url:	http://kb.parallels.com/en/121129/?=en	Trust: 0.3
url:	https://support.tenable.com/support-center/advisory2.php	Trust: 0.3
url:	http://watchguardsecuritycenter.com/2014/04/09/11-8-3-update-1-now-available-to-fix-heartbleed-vulnerabilty-in-fireware-xtm-os/	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10623&cat=sirt_1&actp=list&showdraft=false	Trust: 0.3
url:	https://openvpn.net/index.php/access-server/download-openvpn-as-sw/532-release-notes-v200.html	Trust: 0.3
url:	http://www.sophos.com/en-us/support/knowledgebase/120854.aspx	Trust: 0.3
url:	http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&id=3489	Trust: 0.3
url:	http://community.microfocus.com/microfocus/corba/artix/w/knowledge_base/25633.artix-openssl-heartbleed-vulnerability-fix-available.aspx	Trust: 0.3
url:	http://support.attachmate.com/techdocs/2724.html	Trust: 0.3
url:	http://support.attachmate.com/techdocs/2725.html	Trust: 0.3
url:	https://bitcoin.org/en/release/v0.9.1	Trust: 0.3
url:	http://www.blackberry.com/btsc/kb35955	Trust: 0.3
url:	http://www.cerberusftp.com/products/releasenotes.html	Trust: 0.3
url:	http://learn.extremenetworks.com/rs/extreme/images/cert_vu%23720951_vulnerability_advisory_04_11_2014v2.pdf	Trust: 0.3
url:	http://tomcat.apache.org/native-doc/miscellaneous/changelog.html	Trust: 0.3
url:	https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk100173&src=securityalerts	Trust: 0.3
url:	http://www.libreoffice.org/about-us/security/advisories/cve-2014-0160/	Trust: 0.3
url:	http://nvidia.custhelp.com/app/answers/detail/a_id/3492	Trust: 0.3
url:	http://www.sonicwall.com/us/shared/download/ell_sonicwall_-_support_bulletin_-_cve-20140-1016_openssl_large_heartbeat_response_vulnerability.pdf	Trust: 0.3
url:	http://www.enterprisedb.com/products-services-training/pgdownload	Trust: 0.3
url:	learn.extremenetworks.com/rs/extreme/images/cert_vu%23720951_vulnerability_advisory_04_11_2014v2.pdf	Trust: 0.3
url:	http://help.filemaker.com/app/answers/detail/a_id/13384/	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095202	Trust: 0.3
url:	http://www.nowsms.com/heartbeat-ssltls-fix-for-nowsms	Trust: 0.3
url:	http://blogs.opera.com/security/2014/04/heartbleed-heartaches/	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04236102	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04268240	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095218	Trust: 0.3
url:	http://www.symantec.com/business/support/index?page=content&id=tech216555	Trust: 0.3
url:	http://www.atvise.com/en/news-events/news/260-important-security-update-heartbleed-bug	Trust: 0.3
url:	http://www.fortiguard.com/advisory/fg-ir-14-011/	Trust: 0.3
url:	https://support.norton.com/sp/en/us/home/current/solutions/v98431836_enduserprofile_en_us	Trust: 0.3
url:	http://blogs.intel.com/application-security/2014/04/10/intelr-expressway-service-gateway-heartbleed-security-update/	Trust: 0.3
url:	http://www.symantec.com/business/support/index?page=content&id=tech216558	Trust: 0.3
url:	http://www.globalscape.com/file-sharing/	Trust: 0.3
url:	https://community.rapid7.com/docs/doc-2736	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=nas3bf6e25d1260a4de686257cc100631528	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=nas3824bd213d0f7c3d086257cc10063152c	Trust: 0.3
url:	https://support.microsoft.com/kb/2962393	Trust: 0.3
url:	https://code.google.com/p/mod-spdy/	Trust: 0.3
url:	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5	Trust: 0.3
url:	https://www.nomachine.com/forums/topic/nomachine-version-4-2-19-now-available	Trust: 0.3
url:	http://www.arubanetworks.com/support/alerts/aid-040814.asc	Trust: 0.3
url:	https://6d860c942a745b5a2e22-2435f2f08e773abe005b52170fce6d94.ssl.cf2.rackcdn.com/security/ruckus-security-advisory-041414.txt	Trust: 0.3
url:	http://support.lexmark.com/index?page=content&id=te597&locale=en&userlocale=en_us	Trust: 0.3
url:	http://scn.sap.com/community/sql-anywhere/blog/2014/04/11/openssl-heartbleed-and-sql-anywhere	Trust: 0.3
url:	http://www.bmc.com/support/support-news/openssl_cve-2014-0160.html	Trust: 0.3
url:	https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid={967f13f1-5720-4592-9beb-42ad69ea14dc}	Trust: 0.3
url:	http://openssl.org/	Trust: 0.3
url:	http://www.symantec.com/business/support/index?page=content&id=tech216630	Trust: 0.3
url:	http://securityadvisories.dlink.com/security/publication.aspx?name=sap10022	Trust: 0.3
url:	http://www.openssl.org/news/vulnerabilities.html	Trust: 0.3
url:	http://www.sybase.com/detail?id=1099387	Trust: 0.3
url:	https://openvpn.net/index.php/download/community-downloads.html	Trust: 0.3
url:	http://openvpn.net/index.php/open-source/downloads.html	Trust: 0.3
url:	http://blogs.opera.com/desktop/2014/04/opera-12-17/	Trust: 0.3
url:	http://www.opera.com/docs/changelogs/windows/1217/	Trust: 0.3
url:	http://www.pexip.com/sites/pexip/files/cve-2014-0160_security_bulletin_2014-04-09_1.pdf	Trust: 0.3
url:	https://blog.pfsense.org/?p=1253	Trust: 0.3
url:	http://blog.proofpoint.com/2014/04/heartbleed-issue-security-update.html	Trust: 0.3
url:	http://www.ibm.com/support/docview.wss?uid=swg21686583	Trust: 0.3
url:	https://www.python.org/download/releases/3.4.1	Trust: 0.3
url:	https://gist.github.com/sh1n0b1/10100394	Trust: 0.3
url:	http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new	Trust: 0.3
url:	http://webserver.docs.gopivotal.com/security/cve-2014-0160-advisory.pdf	Trust: 0.3
url:	https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_aix_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095187	Trust: 0.3
url:	http://support.attachmate.com/techdocs/1708.html	Trust: 0.3
url:	https://www-304.ibm.com/connections/blogs/psirt/entry/security_vulnerabilities_have_been_discovered_in_the_openssl_libraries_which_a_customer_may_use_with_cloudant?lang=en_us	Trust: 0.3
url:	http://help.filemaker.com/app/answers/detail/a_id/13386/	Trust: 0.3
url:	http://www.netwinsite.com/surgemail/help/updates.htm	Trust: 0.3
url:	http://www.symantec.com/content/en/us/enterprise/other_resources/b-symantec-product-list-heartbleed.pdf	Trust: 0.3
url:	http://www.synology.com/en-global/releasenote/model/ds114	Trust: 0.3
url:	http://kb.globalscape.com/knowledgebasearticle11166.aspx	Trust: 0.3
url:	https://blog.torproject.org/blog/tor-browser-354-released	Trust: 0.3
url:	https://www.whatsupgold.com/blog/2014/04/10/ipswitchs-response-heartbleed-ssl-vulnerability/	Trust: 0.3
url:	http://freecode.com/projects/palantir-server/releases/363060	Trust: 0.3
url:	http://winscp.net/eng/docs/history#5.5.3	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-126-01a	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04249113	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04268239	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04272594	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04272892	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04275280	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04264595	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04239375	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04271396	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670738	Trust: 0.3
url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00037&languageid=en-fr	Trust: 0.3
url:	http://forum.gta.com/forum/user-community-support/firewall-general/1463-openssl-heartbeat-heart-bleed-vulnerability-vu-720951-cve-2014-0160	Trust: 0.3
url:	http://support.citrix.com/article/ctx140698	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-02	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-03	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-114-01	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04259321	Trust: 0.3
url:	http://seclists.org/bugtraq/2015/mar/84	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10623&cat=sirt_1&actp=list	Trust: 0.3
url:	https://kb.juniper.net/infocenter/index?page=content&id=jsa10623	Trust: 0.3
url:	https://blogs.oracle.com/security/entry/heartbleed_cve_2014_0160_vulnerability	Trust: 0.3
url:	https://www.adtran.com/pub/library/security%20advisory/adtsa-hb1001-20140410.pdf	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-03b	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-126-01	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-04	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-05	Trust: 0.3
url:	http://support.apple.com/kb/ht6203	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670303	Trust: 0.3
url:	https://www.barracuda.com/blogs/pmblog?bid=2279#.u012w_msyso	Trust: 0.3
url:	http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalid=kb35882	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095124	Trust: 0.3
url:	http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-18.html	Trust: 0.3
url:	http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21672075	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004581	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004611	Trust: 0.3
url:	http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc	Trust: 0.3
url:	http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to-address.html	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1020681	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1020683	Trust: 0.3
url:	https://support.software.dell.com/foglight/kb/122982	Trust: 0.3
url:	http://kb.tableausoftware.com/articles/knowledgebase/heartbleed-issue	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670321	Trust: 0.3
url:	http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04248997	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na- c04262670	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04475466	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04236062	Trust: 0.3
url:	https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04236102-5%257cdoclocale%253d%	Trust: 0.3
url:	https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04239375-2%257cdoclocale%253d%	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04239372	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04239374	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04255796	Trust: 0.3
url:	http://seclists.org/bugtraq/2014/apr/139	Trust: 0.3
url:	http://seclists.org/bugtraq/2014/apr/130	Trust: 0.3
url:	https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260456-2%257cdoclocale%253de	Trust: 0.3
url:	http://seclists.org/bugtraq/2014/apr/131	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04260505	Trust: 0.3
url:	http://seclists.org/bugtraq/2014/apr/129	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na- c04262472	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04263236	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04264271	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04267749	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04267775	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04286049	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04307186	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04262495	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04272043	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04260637	Trust: 0.3
url:	http://seclists.org/bugtraq/2014/apr/136	Trust: 0.3
url:	http://seclists.org/bugtraq/2014/apr/138	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04263038	Trust: 0.3
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04273303	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037392	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670066	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004643	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21674447	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671096	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670176	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670015	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670164	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670300	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671128	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671127	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670640	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21670640	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671100	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671098	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670316	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671059	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671783	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670018	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21669839	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670203	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01a	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-128-01	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-344-01	Trust: 0.3
url:	http://www.vandyke.com/support/advisory/2014/05/index.html	Trust: 0.3
url:	http://www.soliton.co.jp/support/news/important/20140410.html	Trust: 0.3
url:	https://www.support.nec.co.jp/view.aspx?id=3010100835	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-02a	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=kb29007	Trust: 0.3
url:	http://kb.juniper.net/infocenter/index?page=content&id=kb29004	Trust: 0.3
url:	http://support.kaspersky.com/10235#block0	Trust: 0.3
url:	http://www.kerio.com/kerio-connect-release-history	Trust: 0.3
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10071	Trust: 0.3
url:	https://technet.microsoft.com/en-us/library/security/2962393	Trust: 0.3
url:	http://ftp.openbsd.org/pub/openbsd/patches/5.3/common/014_openssl.patch	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21676672	Trust: 0.3
url:	https://kb.bluecoat.com/index?page=content&id=sa79&actp=list	Trust: 0.3
url:	http://www.hmailserver.com/devnet/?page=issuetracker_display&issueid=424	Trust: 0.3
url:	search.abb.com/library/download.aspx?documentid=1mrg016193&languagecode=en&documentpartid=&action=launch	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/100179670	Trust: 0.3
url:	http://www.websense.com/content/support/library/ni/shared/security-alerts/openssl-vul-2014.pdf	Trust: 0.3
url:	http://www.websense.com/content/support/library/ni/shared/security-alerts/openssl-vul-2014.pdfweb	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=nas8n1020021	Trust: 0.3
url:	http://www-304.ibm.com/support/docview.wss?uid=isg3t1020707	Trust: 0.3
url:	http://www.qnap.com/en/index.php?lang=en&sn=845&c=3034&sc=&n=21724	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670388	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21669763	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037380	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037382	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037384	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21666414	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037379	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037381	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037383	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671130	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037391	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24037393	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21670165	Trust: 0.3
url:	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140423-0_wd_arkeia_path_traversal_v10.txt	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2014-0416.html	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-332187.htm	Trust: 0.3
url:	http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-332187.htm	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004582	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095143	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095144	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671745	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671197	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004632	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21673481	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1020715	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1020714&aid=1	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670301	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670302	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670485	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670576	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21669859	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004616	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095217	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21672507	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670339	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095203	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671338	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670864	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004577	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21669907	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=nas8n1020034	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004608	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=isg3t1020694	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670750	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670560	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21669666	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670858	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004599	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004610	Trust: 0.3
url:	https://support.asperasoft.com/entries/50381253	Trust: 0.3
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-03a	Trust: 0.3
url:	http://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01b	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01c	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01d	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01e	Trust: 0.3
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01f	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670242	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21671954	Trust: 0.3
url:	https://www-304.ibm.com/support/docview.wss?uid=swg21670750	Trust: 0.3
url:	http://blogs.sophos.com/2014/04/09/sophos-utm-manager-and-openssl-vulnerability/	Trust: 0.3
url:	http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095066	Trust: 0.3
url:	https://documentsmart.com/security/wp-content/uploads/2014/04/cert_heartbleed-openssl_vulnerability_document_v1.31.pdf	Trust: 0.3
url:	http://www.maxum.com/rumpus/blog/sslvulnerabilities.html	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004615	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21669664	Trust: 0.3
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670060	Trust: 0.3
url:	http://files.trendmicro.com/documentation/readme/osce%20docs/critical%20patch%201044%20readme.txt	Trust: 0.3
url:	http://blogs.sophos.com/2014/04/09/utm-up2date-9-111-released-fix-for-openssl-vulnerability-heartbleed/	Trust: 0.3
url:	http://www.vmware.com/security/advisories/vmsa-2014-0004.html	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/100179859	Trust: 0.3
url:	https://downloads.avaya.com/css/p8/documents/100179858	Trust: 0.3
url:	rubygems.org/gems/actionpack	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1036483	Trust: 0.3
url:	http://puppetlabs.com/security/cve/cve-2013-6414	Trust: 0.3
url:	http://rubygems.org/	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2014-0008.html	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2013-1794.html	Trust: 0.3
url:	https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html	Trust: 0.3
url:	http://www8.h	Trust: 0.3
url:	http://gpgtools.org	Trust: 0.2
url:	http://www8.hp.com/us/en/software-so	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0076	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2019/jan/42	Trust: 0.1
url:	https://www.debian.org/security/./dsa-2896	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/	Trust: 0.1
url:	https://usn.ubuntu.com/2165-1/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2014-0160.html	Trust: 0.1
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.1
url:	https://access.redhat.com/site/articles/11258	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/km00863916	Trust: 0.1
url:	http://www.apple.com/support/downloads/	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	http://support.apple.com/kb/ht1222	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/lid/hpsm_00556	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/km00843525	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/lid/hpsm_00560	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/lid/hpsm_00557	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/lid/hpsm_00559	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/lid/hpsm_00558	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/km00843314/binary/sa_alert_	Trust: 0.1
url:	http://eprint.iacr.org/2014/140	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160	Trust: 0.1
url:	http://slackware.com	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076	Trust: 0.1
url:	http://osuosl.org)	Trust: 0.1
url:	http://slackware.com/gpg-key	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7	Trust: 0.1
url:	https://w	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-mxp	Trust: 0.1
url:	http://www.hp.com/support/eslg3	Trust: 0.1

CREDITS

Trust: 1.0

sources: PACKETSTORM: 126261 // PACKETSTORM: 126458 // PACKETSTORM: 126418 // PACKETSTORM: 126563 // PACKETSTORM: 126123 // PACKETSTORM: 126450 // PACKETSTORM: 126208 // PACKETSTORM: 126237 // PACKETSTORM: 126186 // PACKETSTORM: 127279

SOURCES

db:	VULMON	id:	CVE-2014-0160
db:	BID	id:	66690
db:	BID	id:	64074
db:	PACKETSTORM	id:	126053
db:	PACKETSTORM	id:	126261
db:	PACKETSTORM	id:	126285
db:	PACKETSTORM	id:	126458
db:	PACKETSTORM	id:	126418
db:	PACKETSTORM	id:	126563
db:	PACKETSTORM	id:	126123
db:	PACKETSTORM	id:	126450
db:	PACKETSTORM	id:	126208
db:	PACKETSTORM	id:	126086
db:	PACKETSTORM	id:	126237
db:	PACKETSTORM	id:	126045
db:	PACKETSTORM	id:	126186
db:	PACKETSTORM	id:	126420
db:	PACKETSTORM	id:	127279
db:	NVD	id:	CVE-2014-0160

LAST UPDATE DATE

2026-02-06T21:40:44.584000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2014-0160	date:	2023-11-07T00:00:00
db:	BID	id:	66690	date:	2016-07-06T14:40:00
db:	BID	id:	64074	date:	2015-04-13T21:20:00
db:	NVD	id:	CVE-2014-0160	date:	2025-10-22T01:15:53.233

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2014-0160	date:	2014-04-07T00:00:00
db:	BID	id:	66690	date:	2014-04-07T00:00:00
db:	BID	id:	64074	date:	2013-12-02T00:00:00
db:	PACKETSTORM	id:	126053	date:	2014-04-08T21:22:00
db:	PACKETSTORM	id:	126261	date:	2014-04-22T23:42:06
db:	PACKETSTORM	id:	126285	date:	2014-04-23T21:26:11
db:	PACKETSTORM	id:	126458	date:	2014-05-03T02:17:11
db:	PACKETSTORM	id:	126418	date:	2014-05-01T02:17:53
db:	PACKETSTORM	id:	126563	date:	2014-05-09T17:31:25
db:	PACKETSTORM	id:	126123	date:	2014-04-11T22:20:26
db:	PACKETSTORM	id:	126450	date:	2014-05-02T23:02:22
db:	PACKETSTORM	id:	126208	date:	2014-04-17T22:04:49
db:	PACKETSTORM	id:	126086	date:	2014-04-09T22:48:55
db:	PACKETSTORM	id:	126237	date:	2014-04-21T19:53:13
db:	PACKETSTORM	id:	126045	date:	2014-04-07T22:44:13
db:	PACKETSTORM	id:	126186	date:	2014-04-16T20:43:08
db:	PACKETSTORM	id:	126420	date:	2014-05-01T02:18:26
db:	PACKETSTORM	id:	127279	date:	2014-06-30T23:47:20
db:	NVD	id:	CVE-2014-0160	date:	2014-04-07T22:55:03.893