ID

VAR-201404-0592


CVE

CVE-2014-0160


TITLE

OpenSSL of heartbeat Information disclosure vulnerability in expansion

Trust: 0.8

sources: JVNDB: JVNDB-2014-001920

DESCRIPTION

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL of heartbeat An information disclosure vulnerability exists in the implementation of the extension. TLS And DTLS In communication OpenSSL The memory contents of the process executing this code may be leaked to the communication partner.An important information such as a private key may be obtained by a remote third party. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to RubyGems i18n 0.6.6, and 0.5.1 are vulnerable. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Each bulletin will include a patch and/or mitigation guideline. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . No user action is required to install them. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions: 671H_GS00601 665H_GS12501 663H_GS04601 HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions: 655H_GS10201 HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below. Mitigation Instructions The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI: Product Configuration Options to Disable TLS Heartbeat Functions Secure SMI-S CVTL User Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201404-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Information Disclosure Date: April 08, 2014 Bugs: #505278, #507074 ID: 201404-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors. * The Montgomery ladder implementation of OpenSSL improperly handles swap operations (CVE-2014-0076). Workaround ========== Disabling the tls-heartbeat USE flag (enabled by default) provides a workaround for the CVE-2014-0160 issue. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1g" Note: All services using OpenSSL to provide TLS connections have to be restarted for the update to take effect. Utilities like app-admin/lib_users can aid in identifying programs using OpenSSL. As private keys may have been compromised using the Heartbleed attack, it is recommended to regenerate them. References ========== [ 1 ] CVE-2014-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0076 [ 2 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160 [ 3 ] Heartbleed bug website http://heartbleed.com/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201404-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195). The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567). The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569). The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate&#039;s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204). The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205). Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (CVE-2015-0206). Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209). The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286). The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287). The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288). The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . If bulk software or firmware updates are required, use an unaffected or patched version of HP Smart Update Manager (HP SUM) to do single or batch updates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhevm-spice-client security update Advisory ID: RHSA-2014:0416-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0416.html Issue date: 2014-04-17 CVE Names: CVE-2012-4929 CVE-2013-0169 CVE-2013-4353 CVE-2014-0160 ===================================================================== 1. Summary: Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEV-M 3.3 - noarch 3. Description: Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. The rhevm-spice-client package includes the mingw-virt-viewer Windows SPICE client. OpenSSL, a general purpose cryptography library with a TLS implementation, is bundled with mingw-virt-viewer. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0160. Upstream acknowledges Neel Mehta of Google Security as the original reporter. The updated mingw-virt-viewer Windows SPICE client further includes OpenSSL security fixes that have no security impact on mingw-virt-viewer itself. The security fixes included in this update address the following CVE numbers: CVE-2013-6449, CVE-2013-6450, CVE-2012-2686, and CVE-2013-0166 All Red Hat Enterprise Virtualization Manager users are advised to upgrade to these updated packages, which address these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 857051 - CVE-2012-4929 SSL/TLS CRIME attack against HTTPS 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1049058 - CVE-2013-4353 openssl: client NULL dereference crash on malformed handshake packets 1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets 6. Package List: RHEV-M 3.3: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/rhevm-spice-client-3.3-12.el6_5.src.rpm noarch: rhevm-spice-client-x64-cab-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x64-msi-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x86-cab-3.3-12.el6_5.noarch.rpm rhevm-spice-client-x86-msi-3.3-12.el6_5.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-4929.html https://www.redhat.com/security/data/cve/CVE-2013-0169.html https://www.redhat.com/security/data/cve/CVE-2013-4353.html https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). HP Multimedia Service Environment (MSE) 2.1.1 HP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001, 002, 003 HP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003 Only the MSE (ACM TMP) database set up with Replication using SSL is impacted for the above versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239372 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239372 Version: 4 HPSBMU02998 rev.4 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-13 Last Updated: 2014-05-13 Potential Security Impact: Remote disclosure of information, Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). References: CVE-2014-0160 (SSRT101501) Disclosure of Information - "Heartbleed" CVE-2013-4353 Denial of Service (DoS) CVE-2013-6449 Denial of Service (DoS) CVE-2013-6450 Denial of Service (DoS) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4353 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6449 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2013-6450 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH): Product version/Platform Download Location SMH 7.2.3 Windows x86 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52 SMH 7.2.3 Windows x64 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37 SMH 7.3.2.1(B) Windows x86 http://www.hp.com/swpublishing/MTX-27e03b2f9cd24e77adc9dba94a SMH 7.3.2.1(B) Windows x64 http://www.hp.com/swpublishing/MTX-37075daeead2433cb41b59ae76 SMH 7.3.2 Linux x86 http://www.hp.com/swpublishing/MTX-3d92ccccf85f404e8ba36a8178 SMH 7.3.2 Linux x64 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37 Notes SMH 7.2.3 recommended for customers running Windows 2003 OS Updated OpenSSL to version 1.0.1g Note: If you believe your SMH installation was exploited while it was running components vulnerable to heartbleed, there are some steps to perform after youve upgraded to the non-vulnerable components. These steps include revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the heartbleed vulnerability. Impact on VCA - VCRM communication: VCA configures VCRM by importing the SMH certificate from the SMH of VCA into the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if the user wants to continue with Trust by Certificate option, and the outdated certificate should be revoked (deleted) from each location where it was previously imported. If you use HPSIMs 2-way trust feature, and have imported SMH certificates into HPSIM, you will also need to revoke those SMH certificated from HPSIM and reimport the newly created SMH certificates. Though SMH uses OS credentials using OS-based APIs, user provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. If you suspect your systems using SMH were exploited while they were vulnerable to heartbleed, these passwords need to be reset. Frequently Asked Questions Will updated systems require a reboot after applying the SMH patch? No, reboot of the system will not be required. Installing the new build is sufficient to get back to the normal state. Is a Firmware Update necessary in addition to the SMH patch? No, only the SMH update is sufficient to remove the heartbleed-vulnerable version of SMH. Will new certificates be issued along with the patch, or need to be handled separately? If you suspect the certificate has been compromised due to this vulnerability, we do recommend to delete and revoke the certificate, or SMH will reuse the existing certificate. New certificate will be created when SMH service starts (at the end of the fresh / upgrade installation). Instructions on deleting the certificate are in the notes above. Where can I get SMH documentation? All major documents are available at: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library Select HP Insight Management under Product and Solutions & check HP System Management Homepage to get SMH related documents. What are the recommended upgrade paths? See the table below: SMH DVD SPP Recommended SMH update for Linux Recommended SMH update for Windows 2003 and Widows 2003 R2 Recommended SMH update for other Windows OS versions v7.1.2 v7.1.2 2012.10.0 v7.3.2 v7.2.3 v7.3.2 v7.2.0 v7.2.0 2013.02.0(B) v7.3.2 v7.2.3 v7.3.2 v7.2.1 v7.2u1 v7.3.2 v7.2.3 v7.3.2 v7.2.2 v7.2u2 2013.09.0(B) v7.3.2 v7.2.3 v7.3.2 v7.3.0 v7.3.0 v7.3.2 not supported v7.3.2 v7.3.1 v7.3.1 2014.02.0 v7.3.2 not supported v7.3.2 How can I verify whether my setup is patched successfully? SMH version can be verified by executing following command on: Windows: hp\hpsmh\bin\smhlogreader version Linux: /opt/hp/hpsmh/bin/smhlogreader version Will VCA-VCRM communication be impacted due to the SMH certificate being deleted? VCA configures VCRM by importing the SMH certificate (sslshare\cert.pem) from the SMH of VCA to the SMH of VCRM. When this certificate is deleted & regenerated (as suggested before), it needs to be (re)imported if user wants to continue with Trust by Certificate option, and remove the old, previously imported certificate. Should I reset password on all managed nodes, where SMH was/is running? Though SMH uses OS credentials using OS based APIs, user-provided credentials are passed from the client (browser) to the server (SMH) using the HTTPS protocol. Passwords need to be reset if you suspect the vulnerable version of SMH was exploited by malicious users/ hackers. HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Version:2 (rev.2) - 17 April 2014 SMH 7.2.3 and 7.3.2 released Version:3 (rev.3) - 30 April 2014 SMH 7.3.2.1(B) released Version:4 (rev.4) - 13 May 2014 Added additional remediation steps for post update installation Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlNyLMAACgkQ4B86/C0qfVm6RQCg4JuHEt+iZq+td37hPIp27qrd fm4AoKM1d7+F05Xo87Bicnmh0OHidg/O =bK11 -----END PGP SIGNATURE----- . This bulletin will give you the information needed to update your HP Insight Control server deployment solution. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 References: CVE-2014-0160 (SSRT101538) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP is actively working to address this vulnerability for the impacted versions of HP Insight Control server deployment. This bulletin may be revised. It is recommended that customers take the following approaches depending on the version of HP Insight Control server deployment: To address the vulnerability in an initial installation of HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 only follow steps 1 through Step 3 of the following procedure, before initiating an operating system deployment. To address the vulnerability in a previous installation of HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, and v7.2.2 follow all steps in the following procedure. Delete the smhamd64-*.exe/smhx86-*.exe" from Component Copy Location listed in the following table, row 1,2,3,4. Delete the affected hpsmh-7.*.rpm" from Component Copy Location listed in the following table, row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location suggested in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location 1 http://www.hp.com/swpublishing/MTX-d1488fd987894bc4ab3fe0ef52 smhx86-cp023242.exe \\express\hpfeatures\hpagents-ws\components\Win2003 2 http://www.hp.com/swpublishing/MTX-4575754bbb614b58bf0ae1ac37 smhamd64-cp023243.exe \\express\hpfeatures\hpagents-ws\components\Win2003 3 http://www.hp.com/swpublishing/MTX-2e19c856f0e84e20a14c63ecd0 smhamd64-cp023240.exe \\express\hpfeatures\hpagents-ws\components\Win2008 4 http://www.hp.com/swpublishing/MTX-41199f68c1144acb84a5798bf0 smhx86-cp023239.exe \\express\hpfeatures\hpagents-ws\components\Win2008 5 http://www.hp.com/swpublishing/MTX-bfd3c0fb11184796b9428ced37 Do not rename the downloaded component for this step. \\express\hpfeatures\hpagents-sles11-x64\components \\express\hpfeatures\hpagents-sles10-x64\components \\express\hpfeatures\hpagents-rhel5-x64\components \\express\hpfeatures\hpagents-rhel6-x64\components Table 1 Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64

Trust: 3.33

sources: NVD: CVE-2014-0160 // JVNDB: JVNDB-2014-001920 // BID: 64076 // PACKETSTORM: 126944 // PACKETSTORM: 126784 // PACKETSTORM: 127085 // PACKETSTORM: 127279 // PACKETSTORM: 126056 // PACKETSTORM: 131044 // PACKETSTORM: 126305 // VULMON: CVE-2014-0160 // PACKETSTORM: 126197 // PACKETSTORM: 126361 // PACKETSTORM: 126284 // PACKETSTORM: 127749 // PACKETSTORM: 126954 // PACKETSTORM: 126605 // PACKETSTORM: 126163 // PACKETSTORM: 126417

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:gteversion:1.0.1

Trust: 1.0

vendor:siemensmodel:cp 1543-1scope:eqversion:1.1

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.3.2.2

Trust: 1.0

vendor:riconmodel:s9922lscope:eqversion:16.10.3\(3794\)

Trust: 1.0

vendor:siemensmodel:simatic s7-1500tscope:eqversion:1.5

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.2

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.4.0.102

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:20

Trust: 1.0

vendor:redhatmodel:gluster storagescope:eqversion:2.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.6.0

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:storagescope:eqversion:2.1

Trust: 1.0

vendor:redhatmodel:virtualizationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.5

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.10

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.5

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:13.10

Trust: 1.0

vendor:siemensmodel:wincc open architecturescope:eqversion:3.12

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.1g

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.1

Trust: 1.0

vendor:siemensmodel:elan-8.2scope:ltversion:8.3.3

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.6.1

Trust: 1.0

vendor:intellianmodel:v60scope:eqversion:1.25

Trust: 1.0

vendor:intellianmodel:v60scope:eqversion:1.15

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.3.0.104

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.21

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:19

Trust: 1.0

vendor:siemensmodel:application processing enginescope:eqversion:2.0

Trust: 1.0

vendor:splunkmodel:splunkscope:ltversion:6.0.3

Trust: 1.0

vendor:filezillamodel:serverscope:ltversion:0.9.44

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.2.0.11

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.1.3.3

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.20

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.1.2.5

Trust: 1.0

vendor:siemensmodel:simatic s7-1500scope:eqversion:1.5

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.24

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:splunkmodel:splunkscope:gteversion:6.0.0

Trust: 1.0

vendor:freebsdmodel:freebsdscope:eqversion:10.0

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:1.0.1 from 1.0.1f

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4 for x86

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4 for x86_64

Trust: 0.8

vendor:cybozumodel:officescope:ltversion:10.1.0

Trust: 0.8

vendor:cybozumodel:mailwisescope:ltversion:5.1.4

Trust: 0.8

vendor:hewlett packardmodel:hp tippingpointscope:eqversion:ngfw 1.0.1

Trust: 0.8

vendor:hewlett packardmodel:hp tippingpointscope:eqversion:ngfw 1.0.2

Trust: 0.8

vendor:hewlett packardmodel:hp tippingpointscope:eqversion:ngfw 1.0.3

Trust: 0.8

vendor:hewlett packardmodel:hp tippingpointscope:eqversion:ngfw 1.1.0_4127

Trust: 0.8

vendor:susemodel:webyastscope:eqversion:1.3

Trust: 0.3

vendor:susemodel:studio onsitescope:eqversion:1.3

Trust: 0.3

vendor:susemodel:lifecycle management serverscope:eqversion:1.3

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:13.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.3

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.2

Trust: 0.3

vendor:rubygemsmodel:i18nscope:eqversion:0.6.5

Trust: 0.3

vendor:rubygemsmodel:i18nscope:eqversion:0.5.0

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:4.0.1

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:4.0

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.13

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.12

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.11

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.10

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.8

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.7

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.6

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.4

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.2

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.12

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.11

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.9

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.8

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.7

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.6

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.5

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.4

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.2

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.0.6

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.15

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.0.8

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.0.7

Trust: 0.3

vendor:redhatmodel:software collections for rhelscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:openstackscope:eqversion:3.0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1

Trust: 0.3

vendor:opscodemodel:chefscope:eqversion:11.1.2

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:51005.1.1

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:51005.1

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.2

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:rubygemsmodel:i18nscope:neversion:0.6.6

Trust: 0.3

vendor:rubygemsmodel:i18nscope:neversion:0.5.1

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:neversion:4.0.2

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:neversion:3.2.16

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:neversion:3.1.1

Trust: 0.3

vendor:opscodemodel:chefscope:neversion:11.1.3

Trust: 0.3

sources: BID: 64076 // JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0160
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2014-0160
value: HIGH

Trust: 1.0

IPA: JVNDB-2014-001920
value: MEDIUM

Trust: 0.8

VULMON: CVE-2014-0160
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0160
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2014-001920
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2014-0160
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULMON: CVE-2014-0160 // JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160 // NVD: CVE-2014-0160

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

THREAT TYPE

network

Trust: 0.3

sources: BID: 64076

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 64076

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001920

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-0160

PATCH

title:Apache Tomcat - Apache Tomcat APR/native Connector vulnerabilitiesurl:http://tomcat.apache.org/security-native.html

Trust: 0.8

title:Security/Heartbleed - Tomcat Wikiurl:http://wiki.apache.org/tomcat/Security/Heartbleed

Trust: 0.8

title:ミラクル・リナックス株式会社 の告知ページurl:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3566&sType=&sProduct=&published=1

Trust: 0.8

title:BlackBerry response to OpenSSL “Heartbleed” vulnerabilityurl:http://www.blackberry.com/btsc/KB35882

Trust: 0.8

title:Enterprise Chef 1.4.9 Releaseurl:http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Trust: 0.8

title:Chef Server Heartbleed (CVE-2014-0160) Releasesurl:http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

Trust: 0.8

title:Chef Server 11.0.12 Releaseurl:http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

Trust: 0.8

title:Enterprise Chef 11.1.3 Releaseurl:http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Trust: 0.8

title:cisco-sa-20140409-heartbleedurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

Trust: 0.8

title:Release Notesurl:http://cogentdatahub.com/ReleaseNotes.html

Trust: 0.8

title:FSC-2014-1: Notice on OpenSSL 'Heartbleed' Vulnerabilityurl:http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Trust: 0.8

title:SOL15159: OpenSSL vulnerability CVE-2014-0160url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

Trust: 0.8

title:Version historyurl:https://filezilla-project.org/versions.php?type=server

Trust: 0.8

title:OpenSSL multiple vulnerabilitiesurl:http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc

Trust: 0.8

title:HPSBHF03136 SSRT101726url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475466

Trust: 0.8

title:HPSBMU03022 SSRT101527url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04263236

Trust: 0.8

title:HPSBMU03024 SSRT101538url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04267749

Trust: 0.8

title:HPSBST03000 SSRT101513url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04260637

Trust: 0.8

title:HPSBMU03033 SSRT101550url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04272892

Trust: 0.8

title:HPSBHF03293 SSRT101846url:http://h20566.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595951&lang=en&cc=us

Trust: 0.8

title:HPSBMU02995 SSRT101499url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04236102

Trust: 0.8

title:HPSBMU03009 SSRT101520url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04249113

Trust: 0.8

title:OpenSSL Heartbleed (CVE-2014-0160) url:https://www-304.ibm.com/connections/blogs/PSIRT/entry/openssl_heartbleed_cve_2014_0160?lang=en_us

Trust: 0.8

title:1670161url:http://www-01.ibm.com/support/docview.wss?uid=swg21670161

Trust: 0.8

title:00001841url:http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Trust: 0.8

title:00001843url:http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Trust: 0.8

title:1672507url:http://www-01.ibm.com/support/docview.wss?uid=swg21672507

Trust: 0.8

title:アライドテレシス株式会社からの情報url:http://jvn.jp/vu/JVNVU94401838/522154/index.html

Trust: 0.8

title:Kerio Control Release Historyurl:http://www.kerio.com/support/kerio-control/release-history

Trust: 0.8

title:AV14-001url:http://jpn.nec.com/security-info/av14-001.html

Trust: 0.8

title:Add heartbeat extension bounds check.url:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

Trust: 0.8

title:OpenSSL Security Advisory [07 Apr 2014] - TLS heartbeat read overrun (CVE-2014-0160)url:http://www.openssl.org/news/secadv_20140407.txt

Trust: 0.8

title:OpenSSL Security Bug - Heartbleed / CVE-2014-0160url:http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Trust: 0.8

title:Oracle Security Alert for CVE-2014-0160url:http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2014url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 0.8

title:Bug 1084875url:https://bugzilla.redhat.com/show_bug.cgi?id=1084875

Trust: 0.8

title:RHSA-2014:0377url:http://rhn.redhat.com/errata/RHSA-2014-0377.html

Trust: 0.8

title:RHSA-2014:0378url:http://rhn.redhat.com/errata/RHSA-2014-0378.html

Trust: 0.8

title:RHSA-2014:0376url: http://rhn.redhat.com/errata/RHSA-2014-0376.html

Trust: 0.8

title:RHSA-2014:0396url:http://rhn.redhat.com/errata/RHSA-2014-0396.html

Trust: 0.8

title:Multiple vulnerabilities in OpenSSLurl:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5

Trust: 0.8

title:Vulnerabilities resolved in TRITON APX Version 8.0url:http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

Trust: 0.8

title:Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014url:http://www.splunk.com/view/SP-CAAAMB3

Trust: 0.8

title:日本マイクロソフト株式会社 の告知ページurl:http://blogs.technet.com/b/jpsecurity/archive/2014/04/11/microsoft-services-unaffected-by-openssl-quot-heartbleed-quot-vulnerability.aspx

Trust: 0.8

title:UIS-2014-1url:http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

Trust: 0.8

title:UIS-2014-3url:http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

Trust: 0.8

title:VMSA-2014-0012url:http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Trust: 0.8

title:OpenSSLの脆弱性に伴う弊社製品への影響についてurl:https://cs.cybozu.co.jp/2014/001064.html

Trust: 0.8

title:株式会社インターネットイニシアティブ の告知ページurl:http://www.seil.jp/support/security/140409.html

Trust: 0.8

title:cisco-sa-20140409-heartbleedurl:http://www.cisco.com/cisco/web/support/JP/112/1122/1122496_ERP-Heartbleed-j.html

Trust: 0.8

title:アラート/アドバイザリ: OpenSSL Heartbleed の脆弱性(CVE-2014-0160)についてurl:http://esupport.trendmicro.com/solution/ja-jp/1103090.aspx

Trust: 0.8

title:HIRT-PUB14005:日立製品における OpenSSL 情報漏えいを許してしまう脆弱性(CVE-2014-0160) への対応についてurl:http://www.hitachi.co.jp/hirt/publications/hirt-pub14005/index.html

Trust: 0.8

title:Systemwalker Desktop Patrol: OpenSSL の heartbeat 拡張に情報漏えいの脆弱性(CVE-2014-0160) (2014年5月8日)url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/systemwalker_dtp201401.html

Trust: 0.8

title:TA14-098Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta14-098a.html

Trust: 0.8

title:The Registerurl:https://www.theregister.co.uk/2017/01/23/heartbleed_2017/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/

Trust: 0.2

title:Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e4799ab8fe4804274ba2db4d65cd867b

Trust: 0.1

title:Debian Security Advisories: DSA-2896-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=264ec318be06a69e28012f62b2dc5bb7

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2165-1

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2014-0160

Trust: 0.1

title:exploitsurl:https://github.com/vs4vijay/exploits

Trust: 0.1

title:VULNIXurl:https://github.com/El-Palomo/VULNIX

Trust: 0.1

title:openssl-heartbleed-fixurl:https://github.com/sammyfung/openssl-heartbleed-fix

Trust: 0.1

title:cve-2014-0160url:https://github.com/cved-sources/cve-2014-0160

Trust: 0.1

title:heartbleed_checkurl:https://github.com/ehoffmann-cp/heartbleed_check

Trust: 0.1

title:heartbleedurl:https://github.com/okrutnik420/heartbleed

Trust: 0.1

title:heartbleed-test.crxurl:https://github.com/iwaffles/heartbleed-test.crx

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/te

Trust: 0.1

title:AradSocketurl:https://github.com/araditc/AradSocket

Trust: 0.1

title:sslscanurl:https://github.com/kaisenlinux/sslscan

Trust: 0.1

title:Springboard_Capstone_Projecturl:https://github.com/jonahwinninghoff/Springboard_Capstone_Project

Trust: 0.1

title: - url:https://github.com/MrE-Fog/heartbleeder

Trust: 0.1

title:buffer_overflow_exploiturl:https://github.com/olivamadrigal/buffer_overflow_exploit

Trust: 0.1

title: - url:https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening

Trust: 0.1

title:insecure_projecturl:https://github.com/turtlesec-no/insecure_project

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/ssl

Trust: 0.1

title: - url:https://github.com/H4R335HR/heartbleed

Trust: 0.1

title:nmap-scriptsurl:https://github.com/takeshixx/nmap-scripts

Trust: 0.1

title:knockbleedurl:https://github.com/siddolo/knockbleed

Trust: 0.1

title:heartbleed-masstesturl:https://github.com/musalbas/heartbleed-masstest

Trust: 0.1

title:HeartBleedDotNeturl:https://github.com/ShawInnes/HeartBleedDotNet

Trust: 0.1

title:heartbleed_test_openvpnurl:https://github.com/weisslj/heartbleed_test_openvpn

Trust: 0.1

title:paraffinurl:https://github.com/vmeurisse/paraffin

Trust: 0.1

title:sslscanurl:https://github.com/rbsec/sslscan

Trust: 0.1

title:Heartbleed_Dockerfile_with_Nginxurl:https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx

Trust: 0.1

title:heartbleed-bugurl:https://github.com/cldme/heartbleed-bug

Trust: 0.1

title: - url:https://github.com/H4CK3RT3CH/awesome-web-hacking

Trust: 0.1

title:Web-Hackingurl:https://github.com/adm0i/Web-Hacking

Trust: 0.1

title:cybersecurity-ethical-hackingurl:https://github.com/paulveillard/cybersecurity-ethical-hacking

Trust: 0.1

title:Lastest-Web-Hacking-Tools-vol-Iurl:https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I

Trust: 0.1

title:HTBValentineWriteupurl:https://github.com/zimmel15/HTBValentineWriteup

Trust: 0.1

title:heartbleed-pocurl:https://github.com/sensepost/heartbleed-poc

Trust: 0.1

title:CVE-2014-0160url:https://github.com/0x90/CVE-2014-0160

Trust: 0.1

title:Certified-Ethical-Hacker-Exam-CEH-v10url:https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10

Trust: 0.1

title:cs558heartbleedurl:https://github.com/gkaptch1/cs558heartbleed

Trust: 0.1

title:HeartBleedurl:https://github.com/archaic-magnon/HeartBleed

Trust: 0.1

title: - url:https://github.com/undacmic/heartbleed-proof-of-concept

Trust: 0.1

title:openvpn-jookkurl:https://github.com/Jeypi04/openvpn-jookk

Trust: 0.1

title:Heartbleedurl:https://github.com/Saiprasad16/Heartbleed

Trust: 0.1

title: - url:https://github.com/KickFootCode/LoveYouALL

Trust: 0.1

title: - url:https://github.com/imesecan/LeakReducer-artifacts

Trust: 0.1

title: - url:https://github.com/TVernet/Kali-Tools-liste-et-description

Trust: 0.1

title: - url:https://github.com/k4u5h41/Heartbleed

Trust: 0.1

title: - url:https://github.com/ronaldogdm/Heartbleed

Trust: 0.1

title: - url:https://github.com/rochacbruno/my-awesome-stars

Trust: 0.1

title: - url:https://github.com/asadhasan73/temp_comp_sec

Trust: 0.1

title: - url:https://github.com/Aakaashzz/Heartbleed

Trust: 0.1

title:tls-channelurl:https://github.com/marianobarrios/tls-channel

Trust: 0.1

title:fuzzx_cpp_demourl:https://github.com/guardstrikelab/fuzzx_cpp_demo

Trust: 0.1

title: - url:https://github.com/Ppamo/recon_net_tools

Trust: 0.1

title:heatbleedingurl:https://github.com/idkqh7/heatbleeding

Trust: 0.1

title:HeartBleed-Vulnerability-Checkerurl:https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker

Trust: 0.1

title:heartbleedurl:https://github.com/iSCInc/heartbleed

Trust: 0.1

title:heartbleed-dtlsurl:https://github.com/hreese/heartbleed-dtls

Trust: 0.1

title:heartbleedcheckerurl:https://github.com/roganartu/heartbleedchecker

Trust: 0.1

title:nmap-heartbleedurl:https://github.com/azet/nmap-heartbleed

Trust: 0.1

title:sslscanurl:https://github.com/delishen/sslscan

Trust: 0.1

title:web-hackingurl:https://github.com/hr-beast/web-hacking

Trust: 0.1

title: - url:https://github.com/Miss-Brain/Web-Application-Security

Trust: 0.1

title:web-hackingurl:https://github.com/Hemanthraju02/web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/QWERTSKIHACK/awesome-web-hacking

Trust: 0.1

title: - url:https://github.com/himera25/web-hacking-list

Trust: 0.1

title: - url:https://github.com/dorota-fiit/bp-Heartbleed-defense-game

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/sslscan

Trust: 0.1

title:Heart-bleedurl:https://github.com/anonymouse327311/Heart-bleed

Trust: 0.1

title:goScanurl:https://github.com/stackviolator/goScan

Trust: 0.1

title:sec-tool-listurl:https://github.com/alphaSeclab/sec-tool-list

Trust: 0.1

title: - url:https://github.com/utensil/awesome-stars-test

Trust: 0.1

title:insecure-cplusplus-dojourl:https://github.com/patricia-gallardo/insecure-cplusplus-dojo

Trust: 0.1

title: - url:https://github.com/jubalh/awesome-package-maintainer

Trust: 0.1

title: - url:https://github.com/Elnatty/tryhackme_labs

Trust: 0.1

title: - url:https://github.com/hzuiw33/OpenSSL

Trust: 0.1

title:makeItBleedurl:https://github.com/mcampa/makeItBleed

Trust: 0.1

title:CVE-2014-0160-Chrome-Pluginurl:https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin

Trust: 0.1

title:heartbleedfixer.comurl:https://github.com/reenhanced/heartbleedfixer.com

Trust: 0.1

title:CVE-2014-0160-Scannerurl:https://github.com/obayesshelton/CVE-2014-0160-Scanner

Trust: 0.1

title:openmagicurl:https://github.com/isgroup-srl/openmagic

Trust: 0.1

title:heartbleederurl:https://github.com/titanous/heartbleeder

Trust: 0.1

title:cardiac-arresturl:https://github.com/ah8r/cardiac-arrest

Trust: 0.1

title:heartbleed_openvpn_pocurl:https://github.com/tam7t/heartbleed_openvpn_poc

Trust: 0.1

title:docker-wheezy-with-heartbleedurl:https://github.com/simonswine/docker-wheezy-with-heartbleed

Trust: 0.1

title:docker-testsslurl:https://github.com/mbentley/docker-testssl

Trust: 0.1

title:heartbleedscannerurl:https://github.com/hybridus/heartbleedscanner

Trust: 0.1

title:HeartLeakurl:https://github.com/OffensivePython/HeartLeak

Trust: 0.1

title:HBLurl:https://github.com/ssc-oscar/HBL

Trust: 0.1

title:awesome-starsurl:https://github.com/utensil/awesome-stars

Trust: 0.1

title:SecurityTesting_web-hackingurl:https://github.com/mostakimur/SecurityTesting_web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/winterwolf32/awesome-web-hacking

Trust: 0.1

title:awesome-web-hacking-1url:https://github.com/winterwolf32/awesome-web-hacking-1

Trust: 0.1

title: - url:https://github.com/Mehedi-Babu/ethical_hacking_cyber

Trust: 0.1

title: - url:https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/thanshurc/awesome-web-hacking

Trust: 0.1

title:hackurl:https://github.com/nvnpsplt/hack

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/noname1007/awesome-web-hacking

Trust: 0.1

title: - url:https://github.com/ImranTheThirdEye/awesome-web-hacking

Trust: 0.1

title:web-hackingurl:https://github.com/Ondrik8/web-hacking

Trust: 0.1

title:CheckSSL-ciphersuiteurl:https://github.com/kal1gh0st/CheckSSL-ciphersuite

Trust: 0.1

title: - url:https://github.com/undacmic/HeartBleed-Demo

Trust: 0.1

title: - url:https://github.com/MrE-Fog/ssl-heartbleed.nse

Trust: 0.1

title:welivesecurityurl:https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/

Trust: 0.1

title:Threatposturl:https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/

Trust: 0.1

sources: VULMON: CVE-2014-0160 // JVNDB: JVNDB-2014-001920

EXTERNAL IDS

db:NVDid:CVE-2014-0160

Trust: 3.7

db:USCERTid:TA14-098A

Trust: 1.9

db:CERT/CCid:VU#720951

Trust: 1.9

db:SECUNIAid:57721

Trust: 1.1

db:SECUNIAid:59243

Trust: 1.1

db:SECUNIAid:57836

Trust: 1.1

db:SECUNIAid:57968

Trust: 1.1

db:SECUNIAid:59347

Trust: 1.1

db:SECUNIAid:57966

Trust: 1.1

db:SECUNIAid:57483

Trust: 1.1

db:SECUNIAid:57347

Trust: 1.1

db:SECUNIAid:59139

Trust: 1.1

db:SECTRACKid:1030079

Trust: 1.1

db:SECTRACKid:1030074

Trust: 1.1

db:SECTRACKid:1030081

Trust: 1.1

db:SECTRACKid:1030080

Trust: 1.1

db:SECTRACKid:1030026

Trust: 1.1

db:SECTRACKid:1030077

Trust: 1.1

db:SECTRACKid:1030082

Trust: 1.1

db:SECTRACKid:1030078

Trust: 1.1

db:BIDid:66690

Trust: 1.1

db:EXPLOIT-DBid:32745

Trust: 1.1

db:EXPLOIT-DBid:32764

Trust: 1.1

db:SIEMENSid:SSA-635659

Trust: 1.1

db:ICS CERTid:ICSA-14-135-02

Trust: 0.9

db:JVNid:JVNVU94401838

Trust: 0.8

db:USCERTid:TA15-119A

Trust: 0.8

db:ICS CERTid:ICSA-15-344-01

Trust: 0.8

db:ICS CERTid:ICSA-14-128-01

Trust: 0.8

db:ICS CERTid:ICSA-14-114-01

Trust: 0.8

db:ICS CERTid:ICSA-14-126-01

Trust: 0.8

db:ICS CERTid:ICSA-14-135-04

Trust: 0.8

db:ICS CERTid:ICSA-14-135-05

Trust: 0.8

db:ICS CERTid:ICSA-14-105-02A

Trust: 0.8

db:ICS CERTid:ICSA-14-105-03A

Trust: 0.8

db:ICS CERT ALERTid:ICS-ALERT-14-099-01E

Trust: 0.8

db:JVNDBid:JVNDB-2014-001920

Trust: 0.8

db:BIDid:64076

Trust: 0.3

db:VULMONid:CVE-2014-0160

Trust: 0.1

db:PACKETSTORMid:126163

Trust: 0.1

db:PACKETSTORMid:126605

Trust: 0.1

db:PACKETSTORMid:126954

Trust: 0.1

db:PACKETSTORMid:127749

Trust: 0.1

db:PACKETSTORMid:126284

Trust: 0.1

db:PACKETSTORMid:126361

Trust: 0.1

db:PACKETSTORMid:126197

Trust: 0.1

db:PACKETSTORMid:126417

Trust: 0.1

db:PACKETSTORMid:126944

Trust: 0.1

db:PACKETSTORMid:126305

Trust: 0.1

db:PACKETSTORMid:131044

Trust: 0.1

db:PACKETSTORMid:126056

Trust: 0.1

db:PACKETSTORMid:127279

Trust: 0.1

db:PACKETSTORMid:127085

Trust: 0.1

db:PACKETSTORMid:126784

Trust: 0.1

sources: VULMON: CVE-2014-0160 // BID: 64076 // PACKETSTORM: 126163 // PACKETSTORM: 126605 // PACKETSTORM: 126954 // PACKETSTORM: 127749 // PACKETSTORM: 126284 // PACKETSTORM: 126361 // PACKETSTORM: 126197 // PACKETSTORM: 126417 // PACKETSTORM: 126944 // PACKETSTORM: 126305 // PACKETSTORM: 131044 // PACKETSTORM: 126056 // PACKETSTORM: 127279 // PACKETSTORM: 127085 // PACKETSTORM: 126784 // JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

REFERENCES

url:http://heartbleed.com/

Trust: 2.0

url:http://www.us-cert.gov/ncas/alerts/ta14-098a

Trust: 1.9

url:https://code.google.com/p/mod-spdy/issues/detail?id=85

Trust: 1.9

url:http://www.kb.cert.org/vuls/id/720951

Trust: 1.9

url:https://www.cert.fi/en/reports/2014/vulnerability788210.html

Trust: 1.9

url:http://advisories.mageia.org/mgasa-2014-0165.html

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2014-0160

Trust: 1.5

url:http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Trust: 1.4

url:http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

Trust: 1.4

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 1.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 1.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=1084875

Trust: 1.1

url:http://www.openssl.org/news/secadv_20140407.txt

Trust: 1.1

url:http://www.securitytracker.com/id/1030078

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/109

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/190

Trust: 1.1

url:https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0376.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0396.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030082

Trust: 1.1

url:http://secunia.com/advisories/57347

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139722163017074&w=2

Trust: 1.1

url:http://www.securitytracker.com/id/1030077

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670161

Trust: 1.1

url:http://www.debian.org/security/2014/dsa-2896

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0377.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030080

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030074

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/90

Trust: 1.1

url:http://www.securitytracker.com/id/1030081

Trust: 1.1

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0378.html

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/91

Trust: 1.1

url:http://secunia.com/advisories/57483

Trust: 1.1

url:http://www.splunk.com/view/sp-caaamb3

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030079

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

Trust: 1.1

url:http://secunia.com/advisories/57721

Trust: 1.1

url:http://www.blackberry.com/btsc/kb35882

Trust: 1.1

url:http://www.securitytracker.com/id/1030026

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

Trust: 1.1

url:http://www.securityfocus.com/bid/66690

Trust: 1.1

url:http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

Trust: 1.1

url:http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Trust: 1.1

url:http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

Trust: 1.1

url:https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Trust: 1.1

url:http://secunia.com/advisories/57966

Trust: 1.1

url:http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/173

Trust: 1.1

url:http://secunia.com/advisories/57968

Trust: 1.1

url:http://www.exploit-db.com/exploits/32745

Trust: 1.1

url:http://www.exploit-db.com/exploits/32764

Trust: 1.1

url:http://secunia.com/advisories/57836

Trust: 1.1

url:https://gist.github.com/chapmajs/10473815

Trust: 1.1

url:http://cogentdatahub.com/releasenotes.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905458328378&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139869891830365&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139889113431619&w=2

Trust: 1.1

url:http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1

Trust: 1.1

url:http://www.kerio.com/support/kerio-control/release-history

Trust: 1.1

url:http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3

Trust: 1.1

url:https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result&javax.portlet.begcachetok=com.vignette.cachetoken&javax.portlet.endcachetok=com.vignette.cachetoken

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Trust: 1.1

url:https://filezilla-project.org/versions.php?type=server

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Trust: 1.1

url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141287864628122&w=2

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/dec/23

Trust: 1.1

url:http://www.vmware.com/security/advisories/vmsa-2014-0012.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142660345230545&w=2

Trust: 1.1

url:http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:062

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817727317190&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757726426985&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139758572430452&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905653828999&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139842151128341&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905405728262&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139833395230364&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139824993005633&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139843768401936&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905202427693&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139774054614965&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139889295732144&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139835815211508&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140724451518351&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139808058921905&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139836085512508&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139869720529462&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905868529690&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139765756720506&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140015787404650&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139824923705461&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757919027752&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139774703817488&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905243827825&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140075368411126&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905295427946&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139835844111589&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757819327350&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817685517037&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905351928096&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817782017443&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140752315422991&w=2

Trust: 1.1

url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661

Trust: 1.1

url:http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf

Trust: 1.1

url:http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf

Trust: 1.1

url:http://secunia.com/advisories/59347

Trust: 1.1

url:http://secunia.com/advisories/59243

Trust: 1.1

url:http://secunia.com/advisories/59139

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html

Trust: 1.1

url:http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01

Trust: 1.1

url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Trust: 1.1

url:http://support.citrix.com/article/ctx140605

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-2165-1

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

Trust: 1.1

url:http://www.securityfocus.com/archive/1/534161/100/0/threaded

Trust: 1.1

url:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

Trust: 1.1

url:https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

Trust: 1.1

url:https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

Trust: 1.1

url:http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

Trust: 1.1

url:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 1.1

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160

Trust: 1.0

url:http://ics-cert.us-cert.gov/advisories/icsa-14-135-02

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160

Trust: 0.9

url:http://ics-cert.us-cert.gov/advisories/icsa-14-135-04

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-14-135-05

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-14-105-03a

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-14-105-02a

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-14-114-01

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-14-126-01

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-14-128-01

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-15-344-01

Trust: 0.8

url:https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01e

Trust: 0.8

url:http://www.ipa.go.jp/security/ciadr/vul/20140408-openssl.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2014/at140013.html

Trust: 0.8

url:http://jvn.jp/ta/jvnta99041988/

Trust: 0.8

url:http://jvn.jp/vu/jvnvu94401838/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0160

Trust: 0.8

url:https://www.us-cert.gov/ncas/alerts/ta15-119a

Trust: 0.8

url:http://www.cente.jp/article/release/483.html

Trust: 0.8

url:http://www.aratana.jp/security/detail.php?id=8

Trust: 0.8

url:https://tools.ietf.org/html/rfc6520

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf

Trust: 0.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1036922

Trust: 0.3

url:http://puppetlabs.com/security/cve/cve-2013-4491

Trust: 0.3

url:http://www.rubyonrails.com/

Trust: 0.3

url:rubygems.org/gems/i18n

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2014-0008.html

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2013-1794.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21665279

Trust: 0.3

url:https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-4353

Trust: 0.2

url:http://www.hp.com/swpublishing/mtx-d1488fd987894bc4ab3fe0ef52

Trust: 0.2

url:http://www.hp.com/swpublishing/mtx-4575754bbb614b58bf0ae1ac37

Trust: 0.2

url:http://www.hp.com/swpublishing/mtx-bfd3c0fb11184796b9428ced37

Trust: 0.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n

Trust: 0.2

url:http://www.hp.com/go/insightupdates

Trust: 0.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2014-0076

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:http://seclists.org/fulldisclosure/2019/jan/42

Trust: 0.1

url:https://www.debian.org/security/./dsa-2896

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/

Trust: 0.1

url:https://usn.ubuntu.com/2165-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-6450

Trust: 0.1

url:http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-6449

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-3d92ccccf85f404e8ba36a8178

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-37075daeead2433cb41b59ae76

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-27e03b2f9cd24e77adc9dba94a

Trust: 0.1

url:http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4929

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2014-0160.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-4353.html

Trust: 0.1

url:https://access.redhat.com/security/team/key/#package

Trust: 0.1

url:https://access.redhat.com/site/articles/11258

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://rhn.redhat.com/errata/rhsa-2014-0416.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2013-0169.html

Trust: 0.1

url:https://www.redhat.com/security/data/cve/cve-2012-4929.html

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-41199f68c1144acb84a5798bf0

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-2e19c856f0e84e20a14c63ecd0

Trust: 0.1

url:http://h18013.www1.hp.com/products/servers/management/hpsim/download.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0287

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0198

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0289

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204

Trust: 0.1

url:http://openssl.org/news/secadv_20150319.txt

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-5298

Trust: 0.1

url:http://openssl.org/news/secadv_20150108.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0204

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0293

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3570

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8275

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3569

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0206

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0076

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201404-07.xml

Trust: 0.1

url:http://www.hp.com/support/eslg3

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-9c71e9ff82af4d1fbdea666d97

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-ade2403c9999459aa758e16d46

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-16533b4917c84c8c81b703f354

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-06eee9db0f4a40d98d8cb32421

Trust: 0.1

url:http://support.openview.hp.com/downloads.jsp

Trust: 0.1

url:http://www8.h

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/p

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/

Trust: 0.1

sources: VULMON: CVE-2014-0160 // BID: 64076 // PACKETSTORM: 126163 // PACKETSTORM: 126605 // PACKETSTORM: 126954 // PACKETSTORM: 127749 // PACKETSTORM: 126284 // PACKETSTORM: 126361 // PACKETSTORM: 126197 // PACKETSTORM: 126417 // PACKETSTORM: 126944 // PACKETSTORM: 126305 // PACKETSTORM: 131044 // PACKETSTORM: 126056 // PACKETSTORM: 127279 // PACKETSTORM: 127085 // PACKETSTORM: 126784 // JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

CREDITS

HP

Trust: 1.2

sources: PACKETSTORM: 126163 // PACKETSTORM: 126605 // PACKETSTORM: 126954 // PACKETSTORM: 127749 // PACKETSTORM: 126284 // PACKETSTORM: 126361 // PACKETSTORM: 126417 // PACKETSTORM: 126944 // PACKETSTORM: 126305 // PACKETSTORM: 127279 // PACKETSTORM: 127085 // PACKETSTORM: 126784

SOURCES

db:VULMONid:CVE-2014-0160
db:BIDid:64076
db:PACKETSTORMid:126163
db:PACKETSTORMid:126605
db:PACKETSTORMid:126954
db:PACKETSTORMid:127749
db:PACKETSTORMid:126284
db:PACKETSTORMid:126361
db:PACKETSTORMid:126197
db:PACKETSTORMid:126417
db:PACKETSTORMid:126944
db:PACKETSTORMid:126305
db:PACKETSTORMid:131044
db:PACKETSTORMid:126056
db:PACKETSTORMid:127279
db:PACKETSTORMid:127085
db:PACKETSTORMid:126784
db:JVNDBid:JVNDB-2014-001920
db:NVDid:CVE-2014-0160

LAST UPDATE DATE

2026-06-30T20:13:24.946000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2014-0160date:2023-11-07T00:00:00
db:BIDid:64076date:2015-04-13T21:56:00
db:JVNDBid:JVNDB-2014-001920date:2015-12-22T00:00:00
db:NVDid:CVE-2014-0160date:2026-06-17T00:02:24.467

SOURCES RELEASE DATE

db:VULMONid:CVE-2014-0160date:2014-04-07T00:00:00
db:BIDid:64076date:2013-12-03T00:00:00
db:PACKETSTORMid:126163date:2014-04-15T23:01:19
db:PACKETSTORMid:126605date:2014-05-13T18:24:00
db:PACKETSTORMid:126954date:2014-06-05T21:02:31
db:PACKETSTORMid:127749date:2014-08-05T21:06:31
db:PACKETSTORMid:126284date:2014-04-23T21:25:00
db:PACKETSTORMid:126361date:2014-04-28T20:36:00
db:PACKETSTORMid:126197date:2014-04-17T22:02:09
db:PACKETSTORMid:126417date:2014-05-01T02:16:33
db:PACKETSTORMid:126944date:2014-06-05T20:10:50
db:PACKETSTORMid:126305date:2014-04-24T22:21:23
db:PACKETSTORMid:131044date:2015-03-27T20:42:44
db:PACKETSTORMid:126056date:2014-04-08T21:22:19
db:PACKETSTORMid:127279date:2014-06-30T23:47:20
db:PACKETSTORMid:127085date:2014-06-13T13:31:03
db:PACKETSTORMid:126784date:2014-05-23T13:13:00
db:JVNDBid:JVNDB-2014-001920date:2014-04-08T00:00:00
db:NVDid:CVE-2014-0160date:2014-04-07T22:55:03.893