ID

VAR-201404-0592


CVE

CVE-2014-0160


TITLE

RubyGems i18n Cross Site Scripting Vulnerability

Trust: 0.3

sources: BID: 64076

DESCRIPTION

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. RubyGems i18n is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to RubyGems i18n 0.6.6, and 0.5.1 are vulnerable. HP Multimedia Service Environment (MSE) 2.1.1 HP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001, 002, 003 HP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003 Only the MSE (ACM TMP) database set up with Replication using SSL is impacted for the above versions. This bulletin will be revised when the software updates are released. The Virtual Connect firmware itself is not vulnerable to CVE-2014-0160 (Heartbleed), however, the installer component in versions 4.10 and 4.20 of Virtual Connect does have the vulnerability, and should be replaced with versions 4.10b or 4.20b, or the latest version of Virtual Connect Support Utility referenced below. The VCSU vulnerability is only present during the firmware upgrade process. HP recommends that customers update the impacted version of OpenSSL provided by Red Hat for RHEL6 as soon as possible. Information about CVE-2014-1060 on RHEL6 can be found here: https://access.redhat.com/site/solutions/781793 Note: since HP IceWall runs on Red Hat Enterprise Linux 6 (RHEL6), HP recommends that customers monitor and apply all relevant security updates reported by Red Hat for RHEL. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 7 HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-11 Last Updated: 2014-05-14 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. References: CVE-2014-0160 (SSRT101499) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes HP Service Manager v9.32, v9.33 Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04248997 HP Asset Manager v9.40, v9.40 CSC Security Bulletin HPSBMU03018: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260505 HP UCMDB Browser v1.x, v2.x, v3.x Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353 note: APR enabled on Tomcat includes an affected OpenSSL version HP UCMDB Configuration Manager v9.1x, v9.2x, v9.3x, v10.01, v10.10 Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353 HP CIT (ConnectIT) v9.52, v9.53 Security bulletin HPSBMU03017: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260456 HP Executive Scorecard v9.40, v9.41 HP Server Automation v10.00, v10.01 Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04250814 HP Diagnostics v9.23, v9.23 IP1 Security bulletin HPSBMU03025 : https://h20564.www2.hp.com/portal/site/hpsc/ public/kb/docDisplay?docId=emr_na-c04267775 HP Business Process Monitor v.9.23, v.9.24 HP LoadRunner v11.52, v12.0 Security bulletin HPSBMU03040: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay?docId=emr_na-c04286049 HP Performance Center v11.52, v12.0 Security bulletin HPSBMU03040: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay?docId=emr_na-c04286049 HP Autonomy WorkSite Server v9.0 SP1 (on-premises software) Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04239374 Impacted Versions table BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Version:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server as impacted. Added security bulletin pointers for Service Manager, Server Automation and Worksite Server Version:4 (rev.4) - 18 April 2014 Changed impacted version list for UCMDB Browser Version:5 (rev.5) - 23 April 2014 Added security bulletins pointers for HP Asset Manager, HP UCMDB Browser, HP UCMDB Configuration Manager and HP CIT (ConnectIT) Version:6 (rev.6) - 28 April 2014 Added security bulletin link for HP Diagnostics, added HP Business Process Monitor to the product list Version:7 (rev.7) - 14 May 2014 Added links to patches for LoadRunner and Performance Center Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlN0pmwACgkQ4B86/C0qfVm6pgCg9x7C/VRD+qhhR5HrGHNeHbYS JdoAn3DM0TJiQM9mg3xB6nU3rrWkFq1E =F8zW -----END PGP SIGNATURE----- . Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. All users are urged to upgrade their openssl packages (especially libssl1.0.0) and restart applications as soon as possible. According to the currently available information, private keys should be considered as compromised and regenerated as soon as possible. More details will be communicated at a later time. The oldstable distribution (squeeze) is not affected by this vulnerability. For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u5. For the testing distribution (jessie), this problem has been fixed in version 1.0.1g-1. For the unstable distribution (sid), this problem has been fixed in version 1.0.1g-1. We recommend that you upgrade your openssl packages. HP Insight Control 7.2.x installations HP Systems Insight Manager 7.2 hotfix available at the following location: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Note: This installer updates HP SIM, SMH, WMI Mapper, and VCA/VCRM. HP Insight Control Control 7.3.and 7.3u1 installations HP Insight Management 7.3.0a available at the following location: http://www.hp.com/go/insightupdates Note: This installer updates HP SIM, SMH, WMI Mapper, VCA/VCRM, and Insight Control server migration. References: CVE-2009-3555 Unauthorized Modification CVE-2014-0160 Heartbleed - Disclosure of Information CVE-2014-0195 Remote Code Execution, Denial of Service (DoS) CVE-2014-3505 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3506 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3507 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3508 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3509 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3510 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3511 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3512 Heartbleed - Remote Denial of Service (DoS) CVE-2014-3566 POODLE - Remote Disclosure of Information CVE-2014-5139 Shellshock - Remote Denial of Service (DoS) SSRT101846 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20140409-asa Revision 1.0 For Public Release 2014 April 9 16:00 UTC (GMT) Summary ======= Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA ASDM Privilege Escalation Vulnerability Cisco ASA SSL VPN Privilege Escalation Vulnerability Cisco ASA SSL VPN Authentication Bypass Vulnerability Cisco ASA SIP Denial of Service Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA ASDM Privilege Escalation Vulnerability and the Cisco ASA SSL VPN Privilege Escalation Vulnerability may allow an attacker or an unprivileged user to elevate privileges and gain administrative access to the affected system. Successful exploitation of the Cisco ASA SSL VPN Authentication Bypass Vulnerability may allow an attacker to obtain unauthorized access to the internal network via SSL VPN. Successful exploitation of the Cisco ASA SIP Denial of Service Vulnerability may cause the exhaustion of available memory. This may cause system instability and in some cases lead to a reload of the affected system, creating a denial of service (DoS) condition. Workarounds that mitigate these vulnerabilities are available for some of the vulnerabilities

Trust: 2.7

sources: NVD: CVE-2014-0160 // BID: 64076 // PACKETSTORM: 126516 // PACKETSTORM: 126451 // PACKETSTORM: 126461 // PACKETSTORM: 126237 // PACKETSTORM: 128618 // PACKETSTORM: 126325 // PACKETSTORM: 126300 // PACKETSTORM: 126262 // VULMON: CVE-2014-0160 // PACKETSTORM: 126647 // PACKETSTORM: 126050 // PACKETSTORM: 126945 // PACKETSTORM: 127749 // PACKETSTORM: 126421 // PACKETSTORM: 130868 // PACKETSTORM: 126089 // PACKETSTORM: 126453

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:gteversion:1.0.1

Trust: 1.0

vendor:siemensmodel:cp 1543-1scope:eqversion:1.1

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.3.2.2

Trust: 1.0

vendor:riconmodel:s9922lscope:eqversion:16.10.3\(3794\)

Trust: 1.0

vendor:siemensmodel:simatic s7-1500tscope:eqversion:1.5

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.2

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.4.0.102

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:20

Trust: 1.0

vendor:redhatmodel:gluster storagescope:eqversion:2.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.6.0

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:storagescope:eqversion:2.1

Trust: 1.0

vendor:redhatmodel:virtualizationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.5

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.10

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.5

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:13.10

Trust: 1.0

vendor:siemensmodel:wincc open architecturescope:eqversion:3.12

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.1g

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.1

Trust: 1.0

vendor:siemensmodel:elan-8.2scope:ltversion:8.3.3

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.6.1

Trust: 1.0

vendor:intellianmodel:v60scope:eqversion:1.25

Trust: 1.0

vendor:intellianmodel:v60scope:eqversion:1.15

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.3.0.104

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.21

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:19

Trust: 1.0

vendor:siemensmodel:application processing enginescope:eqversion:2.0

Trust: 1.0

vendor:splunkmodel:splunkscope:ltversion:6.0.3

Trust: 1.0

vendor:filezillamodel:serverscope:ltversion:0.9.44

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.2.0.11

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.1.3.3

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.20

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.1.2.5

Trust: 1.0

vendor:siemensmodel:simatic s7-1500scope:eqversion:1.5

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.24

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:splunkmodel:splunkscope:gteversion:6.0.0

Trust: 1.0

vendor:susemodel:webyastscope:eqversion:1.3

Trust: 0.3

vendor:susemodel:studio onsitescope:eqversion:1.3

Trust: 0.3

vendor:susemodel:lifecycle management serverscope:eqversion:1.3

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:13.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.3

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.2

Trust: 0.3

vendor:rubygemsmodel:i18nscope:eqversion:0.6.5

Trust: 0.3

vendor:rubygemsmodel:i18nscope:eqversion:0.5.0

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:4.0.1

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:4.0

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.13

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.12

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.11

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.10

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.8

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.7

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.6

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.4

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.2

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.12

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.11

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.9

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.8

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.7

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.6

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.5

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.4

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1.2

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.1

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.0.6

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2.15

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.2

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.0.8

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:eqversion:3.0.7

Trust: 0.3

vendor:redhatmodel:software collections for rhelscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:openstackscope:eqversion:3.0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1

Trust: 0.3

vendor:opscodemodel:chefscope:eqversion:11.1.2

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:51005.1.1

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:51005.1

Trust: 0.3

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.2

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:rubygemsmodel:i18nscope:neversion:0.6.6

Trust: 0.3

vendor:rubygemsmodel:i18nscope:neversion:0.5.1

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:neversion:4.0.2

Trust: 0.3

vendor:rubymodel:on rails ruby on railsscope:neversion:3.2.16

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:neversion:3.1.1

Trust: 0.3

vendor:opscodemodel:chefscope:neversion:11.1.3

Trust: 0.3

sources: BID: 64076 // NVD: CVE-2014-0160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0160
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2014-0160
value: HIGH

Trust: 1.0

VULMON: CVE-2014-0160
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0160
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2014-0160
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULMON: CVE-2014-0160 // NVD: CVE-2014-0160 // NVD: CVE-2014-0160

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2014-0160

THREAT TYPE

network

Trust: 0.3

sources: BID: 64076

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 64076

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-0160

PATCH

title:The Registerurl:https://www.theregister.co.uk/2017/01/23/heartbleed_2017/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/

Trust: 0.2

title:Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e4799ab8fe4804274ba2db4d65cd867b

Trust: 0.1

title:Debian Security Advisories: DSA-2896-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=264ec318be06a69e28012f62b2dc5bb7

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2165-1

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2014-0160

Trust: 0.1

title:exploitsurl:https://github.com/vs4vijay/exploits

Trust: 0.1

title:VULNIXurl:https://github.com/El-Palomo/VULNIX

Trust: 0.1

title:openssl-heartbleed-fixurl:https://github.com/sammyfung/openssl-heartbleed-fix

Trust: 0.1

title:cve-2014-0160url:https://github.com/cved-sources/cve-2014-0160

Trust: 0.1

title:heartbleed_checkurl:https://github.com/ehoffmann-cp/heartbleed_check

Trust: 0.1

title:heartbleedurl:https://github.com/okrutnik420/heartbleed

Trust: 0.1

title:heartbleed-test.crxurl:https://github.com/iwaffles/heartbleed-test.crx

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/te

Trust: 0.1

title:AradSocketurl:https://github.com/araditc/AradSocket

Trust: 0.1

title:sslscanurl:https://github.com/kaisenlinux/sslscan

Trust: 0.1

title:Springboard_Capstone_Projecturl:https://github.com/jonahwinninghoff/Springboard_Capstone_Project

Trust: 0.1

title: - url:https://github.com/MrE-Fog/heartbleeder

Trust: 0.1

title:buffer_overflow_exploiturl:https://github.com/olivamadrigal/buffer_overflow_exploit

Trust: 0.1

title: - url:https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening

Trust: 0.1

title:insecure_projecturl:https://github.com/turtlesec-no/insecure_project

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/ssl

Trust: 0.1

title: - url:https://github.com/H4R335HR/heartbleed

Trust: 0.1

title:nmap-scriptsurl:https://github.com/takeshixx/nmap-scripts

Trust: 0.1

title:knockbleedurl:https://github.com/siddolo/knockbleed

Trust: 0.1

title:heartbleed-masstesturl:https://github.com/musalbas/heartbleed-masstest

Trust: 0.1

title:HeartBleedDotNeturl:https://github.com/ShawInnes/HeartBleedDotNet

Trust: 0.1

title:heartbleed_test_openvpnurl:https://github.com/weisslj/heartbleed_test_openvpn

Trust: 0.1

title:paraffinurl:https://github.com/vmeurisse/paraffin

Trust: 0.1

title:sslscanurl:https://github.com/rbsec/sslscan

Trust: 0.1

title:Heartbleed_Dockerfile_with_Nginxurl:https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx

Trust: 0.1

title:heartbleed-bugurl:https://github.com/cldme/heartbleed-bug

Trust: 0.1

title: - url:https://github.com/H4CK3RT3CH/awesome-web-hacking

Trust: 0.1

title:Web-Hackingurl:https://github.com/adm0i/Web-Hacking

Trust: 0.1

title:cybersecurity-ethical-hackingurl:https://github.com/paulveillard/cybersecurity-ethical-hacking

Trust: 0.1

title:Lastest-Web-Hacking-Tools-vol-Iurl:https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I

Trust: 0.1

title:HTBValentineWriteupurl:https://github.com/zimmel15/HTBValentineWriteup

Trust: 0.1

title:heartbleed-pocurl:https://github.com/sensepost/heartbleed-poc

Trust: 0.1

title:CVE-2014-0160url:https://github.com/0x90/CVE-2014-0160

Trust: 0.1

title:Certified-Ethical-Hacker-Exam-CEH-v10url:https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10

Trust: 0.1

title:cs558heartbleedurl:https://github.com/gkaptch1/cs558heartbleed

Trust: 0.1

title:HeartBleedurl:https://github.com/archaic-magnon/HeartBleed

Trust: 0.1

title: - url:https://github.com/undacmic/heartbleed-proof-of-concept

Trust: 0.1

title:openvpn-jookkurl:https://github.com/Jeypi04/openvpn-jookk

Trust: 0.1

title:Heartbleedurl:https://github.com/Saiprasad16/Heartbleed

Trust: 0.1

title: - url:https://github.com/KickFootCode/LoveYouALL

Trust: 0.1

title: - url:https://github.com/imesecan/LeakReducer-artifacts

Trust: 0.1

title: - url:https://github.com/TVernet/Kali-Tools-liste-et-description

Trust: 0.1

title: - url:https://github.com/k4u5h41/Heartbleed

Trust: 0.1

title: - url:https://github.com/ronaldogdm/Heartbleed

Trust: 0.1

title: - url:https://github.com/rochacbruno/my-awesome-stars

Trust: 0.1

title: - url:https://github.com/asadhasan73/temp_comp_sec

Trust: 0.1

title: - url:https://github.com/Aakaashzz/Heartbleed

Trust: 0.1

title:tls-channelurl:https://github.com/marianobarrios/tls-channel

Trust: 0.1

title:fuzzx_cpp_demourl:https://github.com/guardstrikelab/fuzzx_cpp_demo

Trust: 0.1

title: - url:https://github.com/Ppamo/recon_net_tools

Trust: 0.1

title:heatbleedingurl:https://github.com/idkqh7/heatbleeding

Trust: 0.1

title:HeartBleed-Vulnerability-Checkerurl:https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker

Trust: 0.1

title:heartbleedurl:https://github.com/iSCInc/heartbleed

Trust: 0.1

title:heartbleed-dtlsurl:https://github.com/hreese/heartbleed-dtls

Trust: 0.1

title:heartbleedcheckerurl:https://github.com/roganartu/heartbleedchecker

Trust: 0.1

title:nmap-heartbleedurl:https://github.com/azet/nmap-heartbleed

Trust: 0.1

title:sslscanurl:https://github.com/delishen/sslscan

Trust: 0.1

title:web-hackingurl:https://github.com/hr-beast/web-hacking

Trust: 0.1

title: - url:https://github.com/Miss-Brain/Web-Application-Security

Trust: 0.1

title:web-hackingurl:https://github.com/Hemanthraju02/web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/QWERTSKIHACK/awesome-web-hacking

Trust: 0.1

title: - url:https://github.com/himera25/web-hacking-list

Trust: 0.1

title: - url:https://github.com/dorota-fiit/bp-Heartbleed-defense-game

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/sslscan

Trust: 0.1

title:Heart-bleedurl:https://github.com/anonymouse327311/Heart-bleed

Trust: 0.1

title:goScanurl:https://github.com/stackviolator/goScan

Trust: 0.1

title:sec-tool-listurl:https://github.com/alphaSeclab/sec-tool-list

Trust: 0.1

title: - url:https://github.com/utensil/awesome-stars-test

Trust: 0.1

title:insecure-cplusplus-dojourl:https://github.com/patricia-gallardo/insecure-cplusplus-dojo

Trust: 0.1

title: - url:https://github.com/jubalh/awesome-package-maintainer

Trust: 0.1

title: - url:https://github.com/Elnatty/tryhackme_labs

Trust: 0.1

title: - url:https://github.com/hzuiw33/OpenSSL

Trust: 0.1

title:makeItBleedurl:https://github.com/mcampa/makeItBleed

Trust: 0.1

title:CVE-2014-0160-Chrome-Pluginurl:https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin

Trust: 0.1

title:heartbleedfixer.comurl:https://github.com/reenhanced/heartbleedfixer.com

Trust: 0.1

title:CVE-2014-0160-Scannerurl:https://github.com/obayesshelton/CVE-2014-0160-Scanner

Trust: 0.1

title:openmagicurl:https://github.com/isgroup-srl/openmagic

Trust: 0.1

title:heartbleederurl:https://github.com/titanous/heartbleeder

Trust: 0.1

title:cardiac-arresturl:https://github.com/ah8r/cardiac-arrest

Trust: 0.1

title:heartbleed_openvpn_pocurl:https://github.com/tam7t/heartbleed_openvpn_poc

Trust: 0.1

title:docker-wheezy-with-heartbleedurl:https://github.com/simonswine/docker-wheezy-with-heartbleed

Trust: 0.1

title:docker-testsslurl:https://github.com/mbentley/docker-testssl

Trust: 0.1

title:heartbleedscannerurl:https://github.com/hybridus/heartbleedscanner

Trust: 0.1

title:HeartLeakurl:https://github.com/OffensivePython/HeartLeak

Trust: 0.1

title:HBLurl:https://github.com/ssc-oscar/HBL

Trust: 0.1

title:awesome-starsurl:https://github.com/utensil/awesome-stars

Trust: 0.1

title:SecurityTesting_web-hackingurl:https://github.com/mostakimur/SecurityTesting_web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/winterwolf32/awesome-web-hacking

Trust: 0.1

title:awesome-web-hacking-1url:https://github.com/winterwolf32/awesome-web-hacking-1

Trust: 0.1

title: - url:https://github.com/Mehedi-Babu/ethical_hacking_cyber

Trust: 0.1

title: - url:https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/thanshurc/awesome-web-hacking

Trust: 0.1

title:hackurl:https://github.com/nvnpsplt/hack

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/noname1007/awesome-web-hacking

Trust: 0.1

title: - url:https://github.com/ImranTheThirdEye/awesome-web-hacking

Trust: 0.1

title:web-hackingurl:https://github.com/Ondrik8/web-hacking

Trust: 0.1

title:CheckSSL-ciphersuiteurl:https://github.com/kal1gh0st/CheckSSL-ciphersuite

Trust: 0.1

title: - url:https://github.com/undacmic/HeartBleed-Demo

Trust: 0.1

title: - url:https://github.com/MrE-Fog/ssl-heartbleed.nse

Trust: 0.1

title:welivesecurityurl:https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/

Trust: 0.1

title:Threatposturl:https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/

Trust: 0.1

sources: VULMON: CVE-2014-0160

EXTERNAL IDS

db:NVDid:CVE-2014-0160

Trust: 3.0

db:SECUNIAid:57721

Trust: 1.1

db:SECUNIAid:59243

Trust: 1.1

db:SECUNIAid:57836

Trust: 1.1

db:SECUNIAid:57968

Trust: 1.1

db:SECUNIAid:59347

Trust: 1.1

db:SECUNIAid:57966

Trust: 1.1

db:SECUNIAid:57483

Trust: 1.1

db:SECUNIAid:57347

Trust: 1.1

db:SECUNIAid:59139

Trust: 1.1

db:SECTRACKid:1030079

Trust: 1.1

db:SECTRACKid:1030074

Trust: 1.1

db:SECTRACKid:1030081

Trust: 1.1

db:SECTRACKid:1030080

Trust: 1.1

db:SECTRACKid:1030026

Trust: 1.1

db:SECTRACKid:1030077

Trust: 1.1

db:SECTRACKid:1030082

Trust: 1.1

db:SECTRACKid:1030078

Trust: 1.1

db:BIDid:66690

Trust: 1.1

db:EXPLOIT-DBid:32745

Trust: 1.1

db:EXPLOIT-DBid:32764

Trust: 1.1

db:USCERTid:TA14-098A

Trust: 1.1

db:SIEMENSid:SSA-635659

Trust: 1.1

db:CERT/CCid:VU#720951

Trust: 1.1

db:BIDid:64076

Trust: 0.3

db:ICS CERTid:ICSA-14-135-02

Trust: 0.1

db:VULMONid:CVE-2014-0160

Trust: 0.1

db:PACKETSTORMid:126089

Trust: 0.1

db:PACKETSTORMid:130868

Trust: 0.1

db:PACKETSTORMid:126421

Trust: 0.1

db:PACKETSTORMid:127749

Trust: 0.1

db:PACKETSTORMid:126945

Trust: 0.1

db:PACKETSTORMid:126050

Trust: 0.1

db:PACKETSTORMid:126647

Trust: 0.1

db:PACKETSTORMid:126453

Trust: 0.1

db:PACKETSTORMid:126516

Trust: 0.1

db:PACKETSTORMid:126262

Trust: 0.1

db:PACKETSTORMid:126300

Trust: 0.1

db:PACKETSTORMid:126325

Trust: 0.1

db:PACKETSTORMid:128618

Trust: 0.1

db:PACKETSTORMid:126237

Trust: 0.1

db:PACKETSTORMid:126461

Trust: 0.1

db:PACKETSTORMid:126451

Trust: 0.1

sources: VULMON: CVE-2014-0160 // BID: 64076 // PACKETSTORM: 126089 // PACKETSTORM: 130868 // PACKETSTORM: 126421 // PACKETSTORM: 127749 // PACKETSTORM: 126945 // PACKETSTORM: 126050 // PACKETSTORM: 126647 // PACKETSTORM: 126453 // PACKETSTORM: 126516 // PACKETSTORM: 126262 // PACKETSTORM: 126300 // PACKETSTORM: 126325 // PACKETSTORM: 128618 // PACKETSTORM: 126237 // PACKETSTORM: 126461 // PACKETSTORM: 126451 // NVD: CVE-2014-0160

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2014-0160

Trust: 1.6

url:http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Trust: 1.4

url:http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

Trust: 1.4

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed

Trust: 1.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 1.3

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 1.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 1.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=1084875

Trust: 1.1

url:http://www.openssl.org/news/secadv_20140407.txt

Trust: 1.1

url:http://heartbleed.com/

Trust: 1.1

url:http://www.securitytracker.com/id/1030078

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/109

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/190

Trust: 1.1

url:https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0376.html

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0396.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030082

Trust: 1.1

url:http://secunia.com/advisories/57347

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139722163017074&w=2

Trust: 1.1

url:http://www.securitytracker.com/id/1030077

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670161

Trust: 1.1

url:http://www.debian.org/security/2014/dsa-2896

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0377.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030080

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030074

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/90

Trust: 1.1

url:http://www.securitytracker.com/id/1030081

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0378.html

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/91

Trust: 1.1

url:http://secunia.com/advisories/57483

Trust: 1.1

url:http://www.splunk.com/view/sp-caaamb3

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030079

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

Trust: 1.1

url:http://secunia.com/advisories/57721

Trust: 1.1

url:http://www.blackberry.com/btsc/kb35882

Trust: 1.1

url:http://www.securitytracker.com/id/1030026

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

Trust: 1.1

url:http://www.securityfocus.com/bid/66690

Trust: 1.1

url:http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

Trust: 1.1

url:http://www.us-cert.gov/ncas/alerts/ta14-098a

Trust: 1.1

url:http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Trust: 1.1

url:http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

Trust: 1.1

url:https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Trust: 1.1

url:http://secunia.com/advisories/57966

Trust: 1.1

url:http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/173

Trust: 1.1

url:http://secunia.com/advisories/57968

Trust: 1.1

url:https://code.google.com/p/mod-spdy/issues/detail?id=85

Trust: 1.1

url:http://www.exploit-db.com/exploits/32745

Trust: 1.1

url:http://www.kb.cert.org/vuls/id/720951

Trust: 1.1

url:https://www.cert.fi/en/reports/2014/vulnerability788210.html

Trust: 1.1

url:http://www.exploit-db.com/exploits/32764

Trust: 1.1

url:http://secunia.com/advisories/57836

Trust: 1.1

url:https://gist.github.com/chapmajs/10473815

Trust: 1.1

url:http://cogentdatahub.com/releasenotes.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905458328378&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139869891830365&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139889113431619&w=2

Trust: 1.1

url:http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1

Trust: 1.1

url:http://www.kerio.com/support/kerio-control/release-history

Trust: 1.1

url:http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3

Trust: 1.1

url:http://advisories.mageia.org/mgasa-2014-0165.html

Trust: 1.1

url:https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result&javax.portlet.begcachetok=com.vignette.cachetoken&javax.portlet.endcachetok=com.vignette.cachetoken

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Trust: 1.1

url:https://filezilla-project.org/versions.php?type=server

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Trust: 1.1

url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141287864628122&w=2

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/dec/23

Trust: 1.1

url:http://www.vmware.com/security/advisories/vmsa-2014-0012.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142660345230545&w=2

Trust: 1.1

url:http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:062

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817727317190&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757726426985&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139758572430452&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905653828999&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139842151128341&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905405728262&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139833395230364&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139824993005633&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139843768401936&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905202427693&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139774054614965&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139889295732144&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139835815211508&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140724451518351&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139808058921905&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139836085512508&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139869720529462&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905868529690&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139765756720506&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140015787404650&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139824923705461&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757919027752&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139774703817488&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905243827825&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140075368411126&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905295427946&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139835844111589&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757819327350&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817685517037&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905351928096&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817782017443&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140752315422991&w=2

Trust: 1.1

url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661

Trust: 1.1

url:http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf

Trust: 1.1

url:http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf

Trust: 1.1

url:http://secunia.com/advisories/59347

Trust: 1.1

url:http://secunia.com/advisories/59243

Trust: 1.1

url:http://secunia.com/advisories/59139

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html

Trust: 1.1

url:http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01

Trust: 1.1

url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Trust: 1.1

url:http://support.citrix.com/article/ctx140605

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-2165-1

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

Trust: 1.1

url:http://www.securityfocus.com/archive/1/534161/100/0/threaded

Trust: 1.1

url:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

Trust: 1.1

url:https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

Trust: 1.1

url:https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

Trust: 1.1

url:http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

Trust: 1.1

url:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160

Trust: 1.0

url:https://bugzilla.redhat.com/show_bug.cgi?id=1036922

Trust: 0.3

url:http://puppetlabs.com/security/cve/cve-2013-4491

Trust: 0.3

url:http://www.rubyonrails.com/

Trust: 0.3

url:rubygems.org/gems/i18n

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2014-0008.html

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2013-1794.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21665279

Trust: 0.3

url:https://www.suse.com/support/update/announcement/2014/suse-su-20140734-1.html

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_

Trust: 0.3

url:http://support.openview.hp.com/downloads.jsp

Trust: 0.3

url:http://www8.h

Trust: 0.3

url:http://gpgtools.org

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:http://seclists.org/fulldisclosure/2019/jan/42

Trust: 0.1

url:https://www.debian.org/security/./dsa-2896

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/

Trust: 0.1

url:https://ics-cert.us-cert.gov/advisories/icsa-14-135-02

Trust: 0.1

url:https://usn.ubuntu.com/2165-1/

Trust: 0.1

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-asa

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3505

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3555

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-5139

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3508

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3510

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3509

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3507

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3506

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3511

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 0.1

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-tcte

Trust: 0.1

url:http://h18013.www1.hp.com/products/servers/management/hpsim/download.html

Trust: 0.1

url:http://www.hp.com/go/insightupdates

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/p

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km00864100

Trust: 0.1

url:https://access.redhat.com/site/security/updates

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-1060

Trust: 0.1

url:https://access.redhat.com/site/solutions/781793

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail

Trust: 0.1

url:https://tmc.tippingpoint.com/tmc/

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km00880036

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km00879992

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetai

Trust: 0.1

sources: VULMON: CVE-2014-0160 // BID: 64076 // PACKETSTORM: 126089 // PACKETSTORM: 130868 // PACKETSTORM: 126421 // PACKETSTORM: 127749 // PACKETSTORM: 126945 // PACKETSTORM: 126050 // PACKETSTORM: 126647 // PACKETSTORM: 126453 // PACKETSTORM: 126516 // PACKETSTORM: 126262 // PACKETSTORM: 126300 // PACKETSTORM: 126325 // PACKETSTORM: 128618 // PACKETSTORM: 126237 // PACKETSTORM: 126461 // PACKETSTORM: 126451 // NVD: CVE-2014-0160

CREDITS

HP

Trust: 1.3

sources: PACKETSTORM: 130868 // PACKETSTORM: 127749 // PACKETSTORM: 126945 // PACKETSTORM: 126647 // PACKETSTORM: 126453 // PACKETSTORM: 126516 // PACKETSTORM: 126262 // PACKETSTORM: 126300 // PACKETSTORM: 126325 // PACKETSTORM: 128618 // PACKETSTORM: 126237 // PACKETSTORM: 126461 // PACKETSTORM: 126451

SOURCES

db:VULMONid:CVE-2014-0160
db:BIDid:64076
db:PACKETSTORMid:126089
db:PACKETSTORMid:130868
db:PACKETSTORMid:126421
db:PACKETSTORMid:127749
db:PACKETSTORMid:126945
db:PACKETSTORMid:126050
db:PACKETSTORMid:126647
db:PACKETSTORMid:126453
db:PACKETSTORMid:126516
db:PACKETSTORMid:126262
db:PACKETSTORMid:126300
db:PACKETSTORMid:126325
db:PACKETSTORMid:128618
db:PACKETSTORMid:126237
db:PACKETSTORMid:126461
db:PACKETSTORMid:126451
db:NVDid:CVE-2014-0160

LAST UPDATE DATE

2026-07-09T22:48:36.725000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2014-0160date:2023-11-07T00:00:00
db:BIDid:64076date:2015-04-13T21:56:00
db:NVDid:CVE-2014-0160date:2026-06-17T00:02:24.467

SOURCES RELEASE DATE

db:VULMONid:CVE-2014-0160date:2014-04-07T00:00:00
db:BIDid:64076date:2013-12-03T00:00:00
db:PACKETSTORMid:126089date:2014-04-09T22:56:37
db:PACKETSTORMid:130868date:2015-03-18T00:44:34
db:PACKETSTORMid:126421date:2014-05-01T02:20:18
db:PACKETSTORMid:127749date:2014-08-05T21:06:31
db:PACKETSTORMid:126945date:2014-06-05T20:15:29
db:PACKETSTORMid:126050date:2014-04-08T21:21:41
db:PACKETSTORMid:126647date:2014-05-16T04:43:57
db:PACKETSTORMid:126453date:2014-05-03T02:06:02
db:PACKETSTORMid:126516date:2014-05-06T20:32:13
db:PACKETSTORMid:126262date:2014-04-22T23:42:26
db:PACKETSTORMid:126300date:2014-04-24T22:19:40
db:PACKETSTORMid:126325date:2014-04-25T17:53:00
db:PACKETSTORMid:128618date:2014-10-09T23:55:36
db:PACKETSTORMid:126237date:2014-04-21T19:53:13
db:PACKETSTORMid:126461date:2014-05-03T02:17:58
db:PACKETSTORMid:126451date:2014-05-02T23:55:55
db:NVDid:CVE-2014-0160date:2014-04-07T22:55:03.893