ID

VAR-201404-0592


CVE

CVE-2014-0160


TITLE

OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities

Trust: 0.3

sources: BID: 66690

DESCRIPTION

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. Versions prior to LibYAML 0.1.6 are vulnerable. OpenSSL is prone to multiple information disclosure vulnerabilities. An attacker can exploit these issues to gain access to sensitive information that may aid in further attacks. OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and 1.0.1 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04263236 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04263236 Version: 3 HPSBMU03022 rev.3 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-25 Last Updated: 2014-05-19 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. References: CVE-2014-0160, SSRT101527 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Systems Insight Manager 7.2, 7.2.1, 7.2.2, 7.3, and 7.3.1 bundled with the following software: HP Smart Update Manager (SUM) 6.0.0 through 6.3.0 HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows WMI Mapper for HP Systems Insight Manager v7.2.1, v7.2.2, v7.3, and v7.3.1 HP Version Control Agent (VCA) v7.2.0, v7.2.1, v7.2.2, v7.3.0, and v7.3.1 for Windows HP Version Control Agent (VCA) v7.2.2, v7.3.0, and v7.3.1 for Linux HP Version Control Repository Manager (VCRM) v7.2.0, v7.2.1, v7.2.2, v7.3.0, and v7.3.1 for Windows BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has released the following software updates to resolve the vulnerability for HP Systems Insight Manager (SIM). HP SIM 7.2 and HP SIM 7.3 Hotfix kits applicable to HP SIM 7.2.x and 7.3.x installations are available at the following location: http://h18013.www1.hp.com/products/servers/management/hpsim/download.html Note: Please read through the readme.txt file before proceeding with the installation. HP has addressed this vulnerability for the impacted software components bundled with HP Systems Insight Manager (SIM) in the following HP Security Bulletins: HP SIM Component HP Security Bulletin Security Bulletin Location HP Smart Update Manager (SUM) HPSBMU02997 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04239375 HP System Management Homepage (SMH) HPSBMU02998 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04239372 WMI Mapper for HP Systems Insight Manager HPSBMU03013 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04260385 HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) on Linux and Windows, HPSBMU03020 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_ na-c04262472 Note: If customers believe that the HP SIM installation was compromised while it was running components vulnerable to Heartbleed then the following actions should be done after upgrading to the non-vulnerable components. This includes revoking, recreating, and re-importing certificates and resetting passwords that might have been harvested by a malicious attacker using the Heartbleed vulnerability. After installing SIM72_hotfix_2014_Apr_win.exe hotfix, HP Systems Management Homepage has to be manually upgraded if it is already installed on the CMS. HP SMH installer for 32-bit and 64-bit can be found in the CMS under the location SIM_INSTALL_DIR\smartcomponents . The installer filenames are cp023242.exe and cp023243.exe. In case it is suspected that the infrastructure has been compromised, the user needs to create new HP SIM Server certificate and Single Sign-on (SSO) certificates. To create new server and SSO certificates, refer the HP SIM 7.2 Command Line Interface guide which can be found in the below URL: ttp://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/inde x Refer to the mxcert command section which has the details to create new server and SSO certificates. Once the new server certificate is created, it will invalidate any trust relationship between CMS and any other system that depend on this certificate, such as browsers. The user must re-establish the trust between CMS and other system that uses this certificate, and revoke any previous SIM certificates from any device previously configured to trust SIM (Onboard Administrator, Virtual Connect Module, iLOs, and SMH instances). Once the new sso certificate is created, the user must re-establish the trust between HP SIM and managed devices (HP SMH, ILO, OA. VC) for Single Sign-on to work. To reestablish trust with the SSO certificate, refer to HP SIM 7.2 user guide and HP SIM Online help (under security section). HP SIM 7.2 user guide is located in the below URL: http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03651392-3.pdf HP SIM 7.3 user guide is located in the below URL: http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c04030739-2.pdf CMS Reconfigure Tool (aka mxrefconfig) In case it is suspected that CMS OS credentials are also compromised, then it is recommended that credentials are changed. The SIM User Guide (Chapter 19 "CMS Reconfigure Tool" page 93) provides two procedures to change the service account password along with other related accounts. The procedures to follow are: Procedure 18 - Changing the CMS password for HP SIM and Insight Control Procedure 19 - Changing CMS password for Matrix OE and Operations Orchestration Note: If the customer has Insight Control server deployment installed, procedures to change the password are documented in the HP Insight Control Server Deployment User Guide. Frequently Asked Questions: Will updated systems require a reboot after applying the SIM hotfix? No, reboot of the system will not be required. Installing the new build would be sufficient to get back to the normal state. Will new certificates be issued along with the patch, or need to be handled separately? If you suspect the certificate has been compromised due to this vulnerability, we do recommend creating new certificates for server and Single Sign-on and revoking previous certificates. Instructions on creating new certificate and re-establishing trust between CMS and managed devices are in the notes above. - From where can I get HP SIM documentation? All major documents are available at: http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind ex.aspx?cat=insightmanagement&subcat=sim#.U2yioSi20tM HISTORY Version:1 (rev.1) - 25 April 2014 Initial release Version:2 (rev.2) - 13 May 2014 Added additional remediation steps and v7.2 Hotfix kit Version:3 (rev.3) - 19 May 2014 Added information for v7.2 and v7.3 Hotfix kits Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlN6P/QACgkQ4B86/C0qfVnuAQCeI7fIbEVZ3psS/bGTkbKt830p hlYAoK2lTFy3eec1QTcHx8P2hfhZV+b2 =LUKv -----END PGP SIGNATURE----- . Update to version 0.2.4.22 solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the heartbleed bug in OpenSSL (CVE-2014-0160). - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. - The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy. - Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others. - Clients now try to advertise the same list of ciphersuites as Firefox 28. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions: 671H_GS00601 665H_GS12501 663H_GS04601 HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions: 655H_GS10201 HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below. Mitigation Instructions The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI: Product Configuration Options to Disable TLS Heartbeat Functions Secure SMI-S CVTL User Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:062 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : openssl Date : March 27, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in openssl: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298). The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198). The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221). The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470). Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513). The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566). Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567). The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569). The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572). OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate&#039;s unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275). The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204). The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205). Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (CVE-2015-0206). Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209). The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286). The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287). The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288). The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289). The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293). The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Each bulletin will include a patch and/or mitigation guideline. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . Until the software update is available, HP recommends limiting 3PAR OS Management Tools to use only on a secure and isolated private management network. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This bulletin will be revised when the software updates are released. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: rhev-hypervisor6 security update Advisory ID: RHSA-2014:0396-01 Product: Red Hat Enterprise Virtualization Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0396.html Issue date: 2014-04-10 CVE Names: CVE-2014-0160 ===================================================================== 1. Summary: An updated rhev-hypervisor6 package that fixes one security issue is now available for Red Hat Enterprise Virtualization Hypervisor 3.2. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. Description: The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Important: This update is an emergency security fix being provided outside the scope of the published support policy for Red Hat Enterprise Virtualization listed in the References section. In accordance with the support policy for Red Hat Enterprise Virtualization, Red Hat Enterprise Virtualization Hypervisor 3.2 will not receive future security updates. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects this issue. 4. Solution: This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To upgrade Hypervisors in Red Hat Enterprise Virtualization environments using the disk image provided by this package, refer to: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html 5. Bugs fixed (https://bugzilla.redhat.com/): 1084875 - CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets 1085357 - Packaging of RHEV-H for RHEV 3.2.6 ASYNC 6. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/support/policy/updates/rhev/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. HP has made Onboard Administrator (OA) v4.12 available to resolve the vulnerability here: 1) Go to: http://www.hp.com/go/oa 2) Click "Onboard Administrator Firmware" 3) Select "HP BLc3000 Onboard Administrator Option" or "HP BLc7000 Onboard Administrator Option" 4) Select an appropriate operating system from the list of choices 5) On the page, find Firmware 4.12 for download Notes Customers running OA v4.20 also have the option to downgrade OA firmware to OA v4.12 if that meets the requisite Hardware/feature support for the enclosure configuration. No action is required unless the OA is running the firmware versions explicitly listed as vulnerable

Trust: 2.88

sources: NVD: CVE-2014-0160 // BID: 66478 // BID: 66690 // PACKETSTORM: 126732 // PACKETSTORM: 127069 // PACKETSTORM: 127279 // PACKETSTORM: 126461 // PACKETSTORM: 131044 // PACKETSTORM: 126210 // PACKETSTORM: 128618 // VULMON: CVE-2014-0160 // PACKETSTORM: 126301 // PACKETSTORM: 126054 // PACKETSTORM: 126453 // PACKETSTORM: 126945 // PACKETSTORM: 126280 // PACKETSTORM: 126347 // PACKETSTORM: 126109 // PACKETSTORM: 126244

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:gteversion:1.0.1

Trust: 1.0

vendor:siemensmodel:cp 1543-1scope:eqversion:1.1

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.3.2.2

Trust: 1.0

vendor:riconmodel:s9922lscope:eqversion:16.10.3\(3794\)

Trust: 1.0

vendor:siemensmodel:simatic s7-1500tscope:eqversion:1.5

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:12.3

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.2

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.4.0.102

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:20

Trust: 1.0

vendor:redhatmodel:gluster storagescope:eqversion:2.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.6.0

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.3

Trust: 1.0

vendor:redhatmodel:storagescope:eqversion:2.1

Trust: 1.0

vendor:redhatmodel:virtualizationscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:6.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.5

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.10

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.5

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:6.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:13.10

Trust: 1.0

vendor:siemensmodel:wincc open architecturescope:eqversion:3.12

Trust: 1.0

vendor:opensslmodel:opensslscope:ltversion:1.0.1g

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.1

Trust: 1.0

vendor:siemensmodel:elan-8.2scope:ltversion:8.3.3

Trust: 1.0

vendor:broadcommodel:symantec messaging gatewayscope:eqversion:10.6.1

Trust: 1.0

vendor:intellianmodel:v60scope:eqversion:1.25

Trust: 1.0

vendor:intellianmodel:v60scope:eqversion:1.15

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.3.0.104

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.21

Trust: 1.0

vendor:redhatmodel:enterprise linux server eusscope:eqversion:6.5

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:19

Trust: 1.0

vendor:siemensmodel:application processing enginescope:eqversion:2.0

Trust: 1.0

vendor:splunkmodel:splunkscope:ltversion:6.0.3

Trust: 1.0

vendor:filezillamodel:serverscope:ltversion:0.9.44

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.2.0.11

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.1.3.3

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.20

Trust: 1.0

vendor:mitelmodel:mivoicescope:eqversion:1.1.2.5

Trust: 1.0

vendor:siemensmodel:simatic s7-1500scope:eqversion:1.5

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:intellianmodel:v100scope:eqversion:1.24

Trust: 1.0

vendor:mitelmodel:micollabscope:eqversion:7.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:13.1

Trust: 1.0

vendor:splunkmodel:splunkscope:gteversion:6.0.0

Trust: 1.0

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.6

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.6

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.6

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.6

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.6

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.6

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:5.3.1

Trust: 0.3

vendor:applemodel:airport extremescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:css11500 content services switchscope:neversion: -

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.7.2

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.5.3

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:1.6.1

Trust: 0.3

vendor:attachmatemodel:reflection for ibmscope:eqversion:14.0.5

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:x14.0.5

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:bluemodel:coat systems policy centerscope:neversion:0

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.6.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.0

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.26

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.4.1

Trust: 0.3

vendor:redmodel:hat enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1ascope: - version: -

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.4.3

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:x14.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.02

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.5

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.7

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2.1

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:3.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.5.5

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.4.5

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:14.1

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.1.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:attachmatemodel:reflection for hpscope:eqversion:14.0.5

Trust: 0.3

vendor:bluecatmodel:networks adonisscope:eqversion:4.1.43

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.2.3

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.3

Trust: 0.3

vendor:cerberusmodel:ftp serverscope:eqversion:4.0.9.8

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.1.1

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0.0.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.6

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.3.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.3

Trust: 0.3

vendor:bluemodel:coat systems directorscope:neversion:0

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:3.3

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.4

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:1.6

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.4.2

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.4

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:ipswitchmodel:imail serverscope:eqversion:11.01

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.1cscope: - version: -

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.2.1

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.4.4

Trust: 0.3

vendor:mcafeemodel:epolicy orchestratorscope:eqversion:4.5

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.8

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.3.5

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:3.2

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:ciscomodel:telepresence video communication serverscope:eqversion:0

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.0

Trust: 0.3

vendor:attachmatemodel:reflection sp1scope:eqversion:14.0

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:8.0

Trust: 0.3

vendor:ciscomodel:wireless location appliancescope:eqversion:0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:attachmatemodel:reflection for ibmscope:eqversion:14

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.2

Trust: 0.3

vendor:operamodel:software operascope:eqversion:11.10

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.2

Trust: 0.3

vendor:redmodel:hat enterprise virtualization hypervisor for rhelscope:eqversion:60

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.6.5

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.3.2

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:3.0.1

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.2.2

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.5.1

Trust: 0.3

vendor:ibmmodel:tivoli management frameworkscope:eqversion:4.1.1

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.3.4

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.9

Trust: 0.3

vendor:keriomodel:controlscope:eqversion:7.1.0

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:3.1.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:5.3

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.3

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:3.1

Trust: 0.3

vendor:ipswitchmodel:imail serverscope:eqversion:11.02

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:14.0

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.6

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:attachmatemodel:reflection for the multi-host enterprise proscope:eqversion:14.0.5

Trust: 0.3

vendor:ciscomodel:ace modulescope:neversion:0

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:1.5.2

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.10

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.1.3

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.1.0

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.0.1

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.5.2

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.2

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.2

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0.1

Trust: 0.3

vendor:ibmmodel:rational clearcasescope:eqversion:7.1.2.2

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.3.3

Trust: 0.3

vendor:keriomodel:control patchscope:eqversion:7.1.01

Trust: 0.3

vendor:mcafeemodel:security for microsoft exchangescope:eqversion:7.6

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.5

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:3.1.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:attachmatemodel:reflection suite forscope:eqversion:x14.0.5

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.1.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:7.0.1.5

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.3.6

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.5

Trust: 0.3

vendor:bluemodel:coat systems packetshaperscope:neversion:0

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.0.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.4

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.7

Trust: 0.3

vendor:ibmmodel:rational clearquestscope:eqversion:7.1.2.1

Trust: 0.3

vendor:ibmmodel:websphere mqscope:eqversion:6.0.2.11

Trust: 0.3

vendor:pythonmodel:software foundation pythonscope:eqversion:2.5.6

Trust: 0.3

vendor:attachmatemodel:reflectionscope:eqversion:x14.0

Trust: 0.3

vendor:attachmatemodel:reflection for unix and openvmsscope:eqversion:14.0.5

Trust: 0.3

vendor:bluemodel:coat systems intelligence centerscope:neversion:0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.2

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:neversion:0.1.6

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:neversion:3.2.2

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:opscodemodel:chefscope:neversion:1.4.9

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.0

Trust: 0.3

vendor:opscodemodel:chefscope:eqversion:1.4.8

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.5.2

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:13.10

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:neversion:2.8.6

Trust: 0.3

vendor:aaronmodel:patterson psychscope:neversion:2.0.5

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.7.2

Trust: 0.3

vendor:redhatmodel:common for rhel serverscope:eqversion:6

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.2

Trust: 0.3

vendor:redhatmodel:openstackscope:eqversion:4.0

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:12.10

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.0

Trust: 0.3

vendor:aaronmodel:patterson psychscope:eqversion:2.0.4

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.0.2

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.0.1

Trust: 0.3

vendor:opscodemodel:chefscope:neversion:11.1.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.5.1

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.2

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.0.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.0.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.7.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.4

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:opscodemodel:chefscope:eqversion:11.1.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.9

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.9.5

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:3.1

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.6

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.7

Trust: 0.3

vendor:redhatmodel:openstackscope:eqversion:3.0

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.4

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.3

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.6.1

Trust: 0.3

vendor:opscodemodel:chefscope:neversion:11.0.12

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:redhatmodel:software collections for rhelscope:eqversion:160

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.0.1

Trust: 0.3

vendor:pyyamlmodel:libyamlscope:eqversion:0.1.5

Trust: 0.3

vendor:opscodemodel:chefscope:eqversion:11.0.11

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:0

Trust: 0.3

vendor:puppetlabsmodel:puppet enterprisescope:eqversion:2.8.2

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:12.10

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

sources: BID: 66690 // BID: 66478 // NVD: CVE-2014-0160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0160
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2014-0160
value: HIGH

Trust: 1.0

VULMON: CVE-2014-0160
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0160
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2014-0160
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULMON: CVE-2014-0160 // NVD: CVE-2014-0160 // NVD: CVE-2014-0160

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

sources: NVD: CVE-2014-0160

THREAT TYPE

network

Trust: 0.6

sources: BID: 66690 // BID: 66478

TYPE

Design Error

Trust: 0.3

sources: BID: 66690

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-0160

PATCH

title:The Registerurl:https://www.theregister.co.uk/2017/01/23/heartbleed_2017/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/

Trust: 0.2

title:The Registerurl:https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/

Trust: 0.2

title:Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e4799ab8fe4804274ba2db4d65cd867b

Trust: 0.1

title:Debian Security Advisories: DSA-2896-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=264ec318be06a69e28012f62b2dc5bb7

Trust: 0.1

title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2165-1

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2014-0160

Trust: 0.1

title:exploitsurl:https://github.com/vs4vijay/exploits

Trust: 0.1

title:VULNIXurl:https://github.com/El-Palomo/VULNIX

Trust: 0.1

title:openssl-heartbleed-fixurl:https://github.com/sammyfung/openssl-heartbleed-fix

Trust: 0.1

title:cve-2014-0160url:https://github.com/cved-sources/cve-2014-0160

Trust: 0.1

title:heartbleed_checkurl:https://github.com/ehoffmann-cp/heartbleed_check

Trust: 0.1

title:heartbleedurl:https://github.com/okrutnik420/heartbleed

Trust: 0.1

title:heartbleed-test.crxurl:https://github.com/iwaffles/heartbleed-test.crx

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/te

Trust: 0.1

title:AradSocketurl:https://github.com/araditc/AradSocket

Trust: 0.1

title:sslscanurl:https://github.com/kaisenlinux/sslscan

Trust: 0.1

title:Springboard_Capstone_Projecturl:https://github.com/jonahwinninghoff/Springboard_Capstone_Project

Trust: 0.1

title: - url:https://github.com/MrE-Fog/heartbleeder

Trust: 0.1

title:buffer_overflow_exploiturl:https://github.com/olivamadrigal/buffer_overflow_exploit

Trust: 0.1

title: - url:https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening

Trust: 0.1

title:insecure_projecturl:https://github.com/turtlesec-no/insecure_project

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/ssl

Trust: 0.1

title: - url:https://github.com/H4R335HR/heartbleed

Trust: 0.1

title:nmap-scriptsurl:https://github.com/takeshixx/nmap-scripts

Trust: 0.1

title:knockbleedurl:https://github.com/siddolo/knockbleed

Trust: 0.1

title:heartbleed-masstesturl:https://github.com/musalbas/heartbleed-masstest

Trust: 0.1

title:HeartBleedDotNeturl:https://github.com/ShawInnes/HeartBleedDotNet

Trust: 0.1

title:heartbleed_test_openvpnurl:https://github.com/weisslj/heartbleed_test_openvpn

Trust: 0.1

title:paraffinurl:https://github.com/vmeurisse/paraffin

Trust: 0.1

title:sslscanurl:https://github.com/rbsec/sslscan

Trust: 0.1

title:Heartbleed_Dockerfile_with_Nginxurl:https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx

Trust: 0.1

title:heartbleed-bugurl:https://github.com/cldme/heartbleed-bug

Trust: 0.1

title: - url:https://github.com/H4CK3RT3CH/awesome-web-hacking

Trust: 0.1

title:Web-Hackingurl:https://github.com/adm0i/Web-Hacking

Trust: 0.1

title:cybersecurity-ethical-hackingurl:https://github.com/paulveillard/cybersecurity-ethical-hacking

Trust: 0.1

title:Lastest-Web-Hacking-Tools-vol-Iurl:https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I

Trust: 0.1

title:HTBValentineWriteupurl:https://github.com/zimmel15/HTBValentineWriteup

Trust: 0.1

title:heartbleed-pocurl:https://github.com/sensepost/heartbleed-poc

Trust: 0.1

title:CVE-2014-0160url:https://github.com/0x90/CVE-2014-0160

Trust: 0.1

title:Certified-Ethical-Hacker-Exam-CEH-v10url:https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10

Trust: 0.1

title:cs558heartbleedurl:https://github.com/gkaptch1/cs558heartbleed

Trust: 0.1

title:HeartBleedurl:https://github.com/archaic-magnon/HeartBleed

Trust: 0.1

title: - url:https://github.com/undacmic/heartbleed-proof-of-concept

Trust: 0.1

title:openvpn-jookkurl:https://github.com/Jeypi04/openvpn-jookk

Trust: 0.1

title:Heartbleedurl:https://github.com/Saiprasad16/Heartbleed

Trust: 0.1

title: - url:https://github.com/KickFootCode/LoveYouALL

Trust: 0.1

title: - url:https://github.com/imesecan/LeakReducer-artifacts

Trust: 0.1

title: - url:https://github.com/TVernet/Kali-Tools-liste-et-description

Trust: 0.1

title: - url:https://github.com/k4u5h41/Heartbleed

Trust: 0.1

title: - url:https://github.com/ronaldogdm/Heartbleed

Trust: 0.1

title: - url:https://github.com/rochacbruno/my-awesome-stars

Trust: 0.1

title: - url:https://github.com/asadhasan73/temp_comp_sec

Trust: 0.1

title: - url:https://github.com/Aakaashzz/Heartbleed

Trust: 0.1

title:tls-channelurl:https://github.com/marianobarrios/tls-channel

Trust: 0.1

title:fuzzx_cpp_demourl:https://github.com/guardstrikelab/fuzzx_cpp_demo

Trust: 0.1

title: - url:https://github.com/Ppamo/recon_net_tools

Trust: 0.1

title:heatbleedingurl:https://github.com/idkqh7/heatbleeding

Trust: 0.1

title:HeartBleed-Vulnerability-Checkerurl:https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker

Trust: 0.1

title:heartbleedurl:https://github.com/iSCInc/heartbleed

Trust: 0.1

title:heartbleed-dtlsurl:https://github.com/hreese/heartbleed-dtls

Trust: 0.1

title:heartbleedcheckerurl:https://github.com/roganartu/heartbleedchecker

Trust: 0.1

title:nmap-heartbleedurl:https://github.com/azet/nmap-heartbleed

Trust: 0.1

title:sslscanurl:https://github.com/delishen/sslscan

Trust: 0.1

title:web-hackingurl:https://github.com/hr-beast/web-hacking

Trust: 0.1

title: - url:https://github.com/Miss-Brain/Web-Application-Security

Trust: 0.1

title:web-hackingurl:https://github.com/Hemanthraju02/web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/QWERTSKIHACK/awesome-web-hacking

Trust: 0.1

title: - url:https://github.com/himera25/web-hacking-list

Trust: 0.1

title: - url:https://github.com/dorota-fiit/bp-Heartbleed-defense-game

Trust: 0.1

title: - url:https://github.com/Maheshmaske111/sslscan

Trust: 0.1

title:Heart-bleedurl:https://github.com/anonymouse327311/Heart-bleed

Trust: 0.1

title:goScanurl:https://github.com/stackviolator/goScan

Trust: 0.1

title:sec-tool-listurl:https://github.com/alphaSeclab/sec-tool-list

Trust: 0.1

title: - url:https://github.com/utensil/awesome-stars-test

Trust: 0.1

title:insecure-cplusplus-dojourl:https://github.com/patricia-gallardo/insecure-cplusplus-dojo

Trust: 0.1

title: - url:https://github.com/jubalh/awesome-package-maintainer

Trust: 0.1

title: - url:https://github.com/Elnatty/tryhackme_labs

Trust: 0.1

title: - url:https://github.com/hzuiw33/OpenSSL

Trust: 0.1

title:makeItBleedurl:https://github.com/mcampa/makeItBleed

Trust: 0.1

title:CVE-2014-0160-Chrome-Pluginurl:https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin

Trust: 0.1

title:heartbleedfixer.comurl:https://github.com/reenhanced/heartbleedfixer.com

Trust: 0.1

title:CVE-2014-0160-Scannerurl:https://github.com/obayesshelton/CVE-2014-0160-Scanner

Trust: 0.1

title:openmagicurl:https://github.com/isgroup-srl/openmagic

Trust: 0.1

title:heartbleederurl:https://github.com/titanous/heartbleeder

Trust: 0.1

title:cardiac-arresturl:https://github.com/ah8r/cardiac-arrest

Trust: 0.1

title:heartbleed_openvpn_pocurl:https://github.com/tam7t/heartbleed_openvpn_poc

Trust: 0.1

title:docker-wheezy-with-heartbleedurl:https://github.com/simonswine/docker-wheezy-with-heartbleed

Trust: 0.1

title:docker-testsslurl:https://github.com/mbentley/docker-testssl

Trust: 0.1

title:heartbleedscannerurl:https://github.com/hybridus/heartbleedscanner

Trust: 0.1

title:HeartLeakurl:https://github.com/OffensivePython/HeartLeak

Trust: 0.1

title:HBLurl:https://github.com/ssc-oscar/HBL

Trust: 0.1

title:awesome-starsurl:https://github.com/utensil/awesome-stars

Trust: 0.1

title:SecurityTesting_web-hackingurl:https://github.com/mostakimur/SecurityTesting_web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/winterwolf32/awesome-web-hacking

Trust: 0.1

title:awesome-web-hacking-1url:https://github.com/winterwolf32/awesome-web-hacking-1

Trust: 0.1

title: - url:https://github.com/Mehedi-Babu/ethical_hacking_cyber

Trust: 0.1

title: - url:https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/thanshurc/awesome-web-hacking

Trust: 0.1

title:hackurl:https://github.com/nvnpsplt/hack

Trust: 0.1

title:awesome-web-hackingurl:https://github.com/noname1007/awesome-web-hacking

Trust: 0.1

title: - url:https://github.com/ImranTheThirdEye/awesome-web-hacking

Trust: 0.1

title:web-hackingurl:https://github.com/Ondrik8/web-hacking

Trust: 0.1

title:CheckSSL-ciphersuiteurl:https://github.com/kal1gh0st/CheckSSL-ciphersuite

Trust: 0.1

title: - url:https://github.com/undacmic/HeartBleed-Demo

Trust: 0.1

title: - url:https://github.com/MrE-Fog/ssl-heartbleed.nse

Trust: 0.1

title:welivesecurityurl:https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/

Trust: 0.1

title:Threatposturl:https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/

Trust: 0.1

sources: VULMON: CVE-2014-0160

EXTERNAL IDS

db:NVDid:CVE-2014-0160

Trust: 3.2

db:BIDid:66690

Trust: 1.4

db:CERT/CCid:VU#720951

Trust: 1.4

db:SECUNIAid:57721

Trust: 1.1

db:SECUNIAid:59243

Trust: 1.1

db:SECUNIAid:57836

Trust: 1.1

db:SECUNIAid:57968

Trust: 1.1

db:SECUNIAid:59347

Trust: 1.1

db:SECUNIAid:57966

Trust: 1.1

db:SECUNIAid:57483

Trust: 1.1

db:SECUNIAid:57347

Trust: 1.1

db:SECUNIAid:59139

Trust: 1.1

db:SECTRACKid:1030079

Trust: 1.1

db:SECTRACKid:1030074

Trust: 1.1

db:SECTRACKid:1030081

Trust: 1.1

db:SECTRACKid:1030080

Trust: 1.1

db:SECTRACKid:1030026

Trust: 1.1

db:SECTRACKid:1030077

Trust: 1.1

db:SECTRACKid:1030082

Trust: 1.1

db:SECTRACKid:1030078

Trust: 1.1

db:EXPLOIT-DBid:32745

Trust: 1.1

db:EXPLOIT-DBid:32764

Trust: 1.1

db:USCERTid:TA14-098A

Trust: 1.1

db:SIEMENSid:SSA-635659

Trust: 1.1

db:ICS CERTid:ICSA-14-135-02

Trust: 0.4

db:ICS CERT ALERTid:ICS-ALERT-14-099-01E

Trust: 0.3

db:ICS CERT ALERTid:ICS-ALERT-14-099-01B

Trust: 0.3

db:ICS CERT ALERTid:ICS-ALERT-14-099-01C

Trust: 0.3

db:ICS CERT ALERTid:ICS-ALERT-14-099-01D

Trust: 0.3

db:ICS CERT ALERTid:ICS-ALERT-14-099-01F

Trust: 0.3

db:ICS CERT ALERTid:ICS-ALERT-14-099-01A

Trust: 0.3

db:ICS CERTid:ICSA-14-105-02A

Trust: 0.3

db:ICS CERTid:ICSA-14-126-01A

Trust: 0.3

db:ICS CERTid:ICSA-14-135-04

Trust: 0.3

db:ICS CERTid:ICSA-14-105-03

Trust: 0.3

db:ICS CERTid:ICSA-14-105-03B

Trust: 0.3

db:ICS CERTid:ICSA-14-135-05

Trust: 0.3

db:ICS CERTid:ICSA-14-128-01

Trust: 0.3

db:ICS CERTid:ICSA-14-126-01

Trust: 0.3

db:ICS CERTid:ICSA-14-114-01

Trust: 0.3

db:ICS CERTid:ICSA-14-105-02

Trust: 0.3

db:ICS CERTid:ICSA-15-344-01

Trust: 0.3

db:ICS CERTid:ICSA-14-105-03A

Trust: 0.3

db:JUNIPERid:JSA10623

Trust: 0.3

db:DLINKid:SAP10022

Trust: 0.3

db:MCAFEEid:SB10071

Trust: 0.3

db:OCERTid:OCERT-2014-003

Trust: 0.3

db:BIDid:66478

Trust: 0.3

db:VULMONid:CVE-2014-0160

Trust: 0.1

db:PACKETSTORMid:126109

Trust: 0.1

db:PACKETSTORMid:126347

Trust: 0.1

db:PACKETSTORMid:126280

Trust: 0.1

db:PACKETSTORMid:126945

Trust: 0.1

db:PACKETSTORMid:126453

Trust: 0.1

db:PACKETSTORMid:126054

Trust: 0.1

db:PACKETSTORMid:126244

Trust: 0.1

db:PACKETSTORMid:126301

Trust: 0.1

db:PACKETSTORMid:126732

Trust: 0.1

db:PACKETSTORMid:128618

Trust: 0.1

db:PACKETSTORMid:126210

Trust: 0.1

db:PACKETSTORMid:131044

Trust: 0.1

db:PACKETSTORMid:126461

Trust: 0.1

db:PACKETSTORMid:127279

Trust: 0.1

db:PACKETSTORMid:127069

Trust: 0.1

sources: VULMON: CVE-2014-0160 // BID: 66690 // BID: 66478 // PACKETSTORM: 126109 // PACKETSTORM: 126347 // PACKETSTORM: 126280 // PACKETSTORM: 126945 // PACKETSTORM: 126453 // PACKETSTORM: 126054 // PACKETSTORM: 126244 // PACKETSTORM: 126301 // PACKETSTORM: 126732 // PACKETSTORM: 128618 // PACKETSTORM: 126210 // PACKETSTORM: 131044 // PACKETSTORM: 126461 // PACKETSTORM: 127279 // PACKETSTORM: 127069 // NVD: CVE-2014-0160

REFERENCES

url:http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Trust: 1.7

url:http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

Trust: 1.7

url:http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Trust: 1.7

url:http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Trust: 1.7

url:http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

Trust: 1.7

url:http://rhn.redhat.com/errata/rhsa-2014-0377.html

Trust: 1.5

url:https://nvd.nist.gov/vuln/detail/cve-2014-0160

Trust: 1.5

url:http://www.openssl.org/news/secadv_20140407.txt

Trust: 1.4

url:http://heartbleed.com/

Trust: 1.4

url:https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670161

Trust: 1.4

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed

Trust: 1.4

url:http://www.splunk.com/view/sp-caaamb3

Trust: 1.4

url:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

Trust: 1.4

url:http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Trust: 1.4

url:http://www.kb.cert.org/vuls/id/720951

Trust: 1.4

url:http://www.kerio.com/support/kerio-control/release-history

Trust: 1.4

url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

Trust: 1.4

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661

Trust: 1.4

url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Trust: 1.4

url:http://support.citrix.com/article/ctx140605

Trust: 1.4

url:http://rhn.redhat.com/errata/rhsa-2014-0396.html

Trust: 1.2

url:https://bugzilla.redhat.com/show_bug.cgi?id=1084875

Trust: 1.1

url:http://www.securitytracker.com/id/1030078

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/109

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/190

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0376.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030082

Trust: 1.1

url:http://secunia.com/advisories/57347

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139722163017074&w=2

Trust: 1.1

url:http://www.securitytracker.com/id/1030077

Trust: 1.1

url:http://www.debian.org/security/2014/dsa-2896

Trust: 1.1

url:http://www.securitytracker.com/id/1030080

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030074

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/90

Trust: 1.1

url:http://www.securitytracker.com/id/1030081

Trust: 1.1

url:http://rhn.redhat.com/errata/rhsa-2014-0378.html

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/91

Trust: 1.1

url:http://secunia.com/advisories/57483

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html

Trust: 1.1

url:http://www.securitytracker.com/id/1030079

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

Trust: 1.1

url:http://secunia.com/advisories/57721

Trust: 1.1

url:http://www.blackberry.com/btsc/kb35882

Trust: 1.1

url:http://www.securitytracker.com/id/1030026

Trust: 1.1

url:http://www.securityfocus.com/bid/66690

Trust: 1.1

url:http://www.us-cert.gov/ncas/alerts/ta14-098a

Trust: 1.1

url:http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

Trust: 1.1

url:https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Trust: 1.1

url:http://secunia.com/advisories/57966

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/apr/173

Trust: 1.1

url:http://secunia.com/advisories/57968

Trust: 1.1

url:https://code.google.com/p/mod-spdy/issues/detail?id=85

Trust: 1.1

url:http://www.exploit-db.com/exploits/32745

Trust: 1.1

url:https://www.cert.fi/en/reports/2014/vulnerability788210.html

Trust: 1.1

url:http://www.exploit-db.com/exploits/32764

Trust: 1.1

url:http://secunia.com/advisories/57836

Trust: 1.1

url:https://gist.github.com/chapmajs/10473815

Trust: 1.1

url:http://cogentdatahub.com/releasenotes.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905458328378&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139869891830365&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139889113431619&w=2

Trust: 1.1

url:http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1

Trust: 1.1

url:http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3

Trust: 1.1

url:http://advisories.mageia.org/mgasa-2014-0165.html

Trust: 1.1

url:https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result&javax.portlet.begcachetok=com.vignette.cachetoken&javax.portlet.endcachetok=com.vignette.cachetoken

Trust: 1.1

url:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Trust: 1.1

url:https://filezilla-project.org/versions.php?type=server

Trust: 1.1

url:http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Trust: 1.1

url:https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=141287864628122&w=2

Trust: 1.1

url:http://seclists.org/fulldisclosure/2014/dec/23

Trust: 1.1

url:http://www.vmware.com/security/advisories/vmsa-2014-0012.html

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=142660345230545&w=2

Trust: 1.1

url:http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0

Trust: 1.1

url:http://www.mandriva.com/security/advisories?name=mdvsa-2015:062

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817727317190&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757726426985&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139758572430452&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905653828999&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139842151128341&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905405728262&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139833395230364&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139824993005633&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139843768401936&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905202427693&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139774054614965&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139889295732144&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139835815211508&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140724451518351&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139808058921905&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139836085512508&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139869720529462&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905868529690&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139765756720506&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140015787404650&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139824923705461&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757919027752&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139774703817488&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905243827825&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140075368411126&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905295427946&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139835844111589&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139757819327350&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817685517037&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139905351928096&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=139817782017443&w=2

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=140752315422991&w=2

Trust: 1.1

url:http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf

Trust: 1.1

url:http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf

Trust: 1.1

url:http://secunia.com/advisories/59347

Trust: 1.1

url:http://secunia.com/advisories/59243

Trust: 1.1

url:http://secunia.com/advisories/59139

Trust: 1.1

url:http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html

Trust: 1.1

url:http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01

Trust: 1.1

url:http://www.ubuntu.com/usn/usn-2165-1

Trust: 1.1

url:http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

Trust: 1.1

url:http://www.securityfocus.com/archive/1/534161/100/0/threaded

Trust: 1.1

url:https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

Trust: 1.1

url:https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

Trust: 1.1

url:https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

Trust: 1.1

url:http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

Trust: 1.1

url:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e

Trust: 1.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 1.1

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 1.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 1.1

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160

Trust: 1.0

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04236062

Trust: 0.9

url:https://www.stunnel.org/sdf_changelog.html

Trust: 0.6

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04250814

Trust: 0.6

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04236102

Trust: 0.6

url:http://ics-cert.us-cert.gov/advisories/icsa-14-135-02

Trust: 0.4

url:http://kb.parallels.com/en/121129/?=en

Trust: 0.3

url:https://support.tenable.com/support-center/advisory2.php

Trust: 0.3

url:http://watchguardsecuritycenter.com/2014/04/09/11-8-3-update-1-now-available-to-fix-heartbleed-vulnerabilty-in-fireware-xtm-os/

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10623&cat=sirt_1&actp=list&showdraft=false

Trust: 0.3

url:https://openvpn.net/index.php/access-server/download-openvpn-as-sw/532-release-notes-v200.html

Trust: 0.3

url:http://www.sophos.com/en-us/support/knowledgebase/120854.aspx

Trust: 0.3

url:http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&id=3489

Trust: 0.3

url:http://community.microfocus.com/microfocus/corba/artix/w/knowledge_base/25633.artix-openssl-heartbleed-vulnerability-fix-available.aspx

Trust: 0.3

url:http://support.attachmate.com/techdocs/2724.html

Trust: 0.3

url:http://support.attachmate.com/techdocs/2725.html

Trust: 0.3

url:https://bitcoin.org/en/release/v0.9.1

Trust: 0.3

url:http://www.blackberry.com/btsc/kb35955

Trust: 0.3

url:http://www.cerberusftp.com/products/releasenotes.html

Trust: 0.3

url:http://learn.extremenetworks.com/rs/extreme/images/cert_vu%23720951_vulnerability_advisory_04_11_2014v2.pdf

Trust: 0.3

url:http://tomcat.apache.org/native-doc/miscellaneous/changelog.html

Trust: 0.3

url:https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk100173&src=securityalerts

Trust: 0.3

url:http://www.libreoffice.org/about-us/security/advisories/cve-2014-0160/

Trust: 0.3

url:http://nvidia.custhelp.com/app/answers/detail/a_id/3492

Trust: 0.3

url:http://www.sonicwall.com/us/shared/download/ell_sonicwall_-_support_bulletin_-_cve-20140-1016_openssl_large_heartbeat_response_vulnerability.pdf

Trust: 0.3

url:http://www.enterprisedb.com/products-services-training/pgdownload

Trust: 0.3

url:learn.extremenetworks.com/rs/extreme/images/cert_vu%23720951_vulnerability_advisory_04_11_2014v2.pdf

Trust: 0.3

url:http://help.filemaker.com/app/answers/detail/a_id/13384/

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095202

Trust: 0.3

url:http://www.nowsms.com/heartbeat-ssltls-fix-for-nowsms

Trust: 0.3

url:http://blogs.opera.com/security/2014/04/heartbleed-heartaches/

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04236102

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04268240

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095218

Trust: 0.3

url:http://www.symantec.com/business/support/index?page=content&id=tech216555

Trust: 0.3

url:http://www.atvise.com/en/news-events/news/260-important-security-update-heartbleed-bug

Trust: 0.3

url:http://www.fortiguard.com/advisory/fg-ir-14-011/

Trust: 0.3

url:https://support.norton.com/sp/en/us/home/current/solutions/v98431836_enduserprofile_en_us

Trust: 0.3

url:http://blogs.intel.com/application-security/2014/04/10/intelr-expressway-service-gateway-heartbleed-security-update/

Trust: 0.3

url:http://www.symantec.com/business/support/index?page=content&id=tech216558

Trust: 0.3

url:http://www.globalscape.com/file-sharing/

Trust: 0.3

url:https://community.rapid7.com/docs/doc-2736

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas3bf6e25d1260a4de686257cc100631528

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas3824bd213d0f7c3d086257cc10063152c

Trust: 0.3

url:https://support.microsoft.com/kb/2962393

Trust: 0.3

url:https://code.google.com/p/mod-spdy/

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5

Trust: 0.3

url:https://www.nomachine.com/forums/topic/nomachine-version-4-2-19-now-available

Trust: 0.3

url:http://www.arubanetworks.com/support/alerts/aid-040814.asc

Trust: 0.3

url:https://6d860c942a745b5a2e22-2435f2f08e773abe005b52170fce6d94.ssl.cf2.rackcdn.com/security/ruckus-security-advisory-041414.txt

Trust: 0.3

url:http://support.lexmark.com/index?page=content&id=te597&locale=en&userlocale=en_us

Trust: 0.3

url:http://scn.sap.com/community/sql-anywhere/blog/2014/04/11/openssl-heartbleed-and-sql-anywhere

Trust: 0.3

url:http://www.bmc.com/support/support-news/openssl_cve-2014-0160.html

Trust: 0.3

url:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid={967f13f1-5720-4592-9beb-42ad69ea14dc}

Trust: 0.3

url:http://openssl.org/

Trust: 0.3

url:http://www.symantec.com/business/support/index?page=content&id=tech216630

Trust: 0.3

url:http://securityadvisories.dlink.com/security/publication.aspx?name=sap10022

Trust: 0.3

url:http://www.openssl.org/news/vulnerabilities.html

Trust: 0.3

url:http://www.sybase.com/detail?id=1099387

Trust: 0.3

url:https://openvpn.net/index.php/download/community-downloads.html

Trust: 0.3

url:http://openvpn.net/index.php/open-source/downloads.html

Trust: 0.3

url:http://blogs.opera.com/desktop/2014/04/opera-12-17/

Trust: 0.3

url:http://www.opera.com/docs/changelogs/windows/1217/

Trust: 0.3

url:http://www.pexip.com/sites/pexip/files/cve-2014-0160_security_bulletin_2014-04-09_1.pdf

Trust: 0.3

url:https://blog.pfsense.org/?p=1253

Trust: 0.3

url:http://blog.proofpoint.com/2014/04/heartbleed-issue-security-update.html

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=swg21686583

Trust: 0.3

url:https://www.python.org/download/releases/3.4.1

Trust: 0.3

url:https://gist.github.com/sh1n0b1/10100394

Trust: 0.3

url:http://www.trianglemicroworks.com/products/scada-data-gateway/what%27s-new

Trust: 0.3

url:http://webserver.docs.gopivotal.com/security/cve-2014-0160-advisory.pdf

Trust: 0.3

url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_bulletin_aix_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095187

Trust: 0.3

url:http://support.attachmate.com/techdocs/1708.html

Trust: 0.3

url:https://www-304.ibm.com/connections/blogs/psirt/entry/security_vulnerabilities_have_been_discovered_in_the_openssl_libraries_which_a_customer_may_use_with_cloudant?lang=en_us

Trust: 0.3

url:http://help.filemaker.com/app/answers/detail/a_id/13386/

Trust: 0.3

url:http://www.netwinsite.com/surgemail/help/updates.htm

Trust: 0.3

url:http://www.symantec.com/content/en/us/enterprise/other_resources/b-symantec-product-list-heartbleed.pdf

Trust: 0.3

url:http://www.synology.com/en-global/releasenote/model/ds114

Trust: 0.3

url:http://kb.globalscape.com/knowledgebasearticle11166.aspx

Trust: 0.3

url:https://blog.torproject.org/blog/tor-browser-354-released

Trust: 0.3

url:https://www.whatsupgold.com/blog/2014/04/10/ipswitchs-response-heartbleed-ssl-vulnerability/

Trust: 0.3

url:http://freecode.com/projects/palantir-server/releases/363060

Trust: 0.3

url:http://winscp.net/eng/docs/history#5.5.3

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-126-01a

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04249113

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04268239

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04272594

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04272892

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04275280

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04264595

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04239375

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04271396

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670738

Trust: 0.3

url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00037&languageid=en-fr

Trust: 0.3

url:http://forum.gta.com/forum/user-community-support/firewall-general/1463-openssl-heartbeat-heart-bleed-vulnerability-vu-720951-cve-2014-0160

Trust: 0.3

url:http://support.citrix.com/article/ctx140698

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-105-02

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-105-03

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-114-01

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04259321

Trust: 0.3

url:http://seclists.org/bugtraq/2015/mar/84

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10623&cat=sirt_1&actp=list

Trust: 0.3

url:https://kb.juniper.net/infocenter/index?page=content&id=jsa10623

Trust: 0.3

url:https://blogs.oracle.com/security/entry/heartbleed_cve_2014_0160_vulnerability

Trust: 0.3

url:https://www.adtran.com/pub/library/security%20advisory/adtsa-hb1001-20140410.pdf

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-105-03b

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-126-01

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-135-04

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-135-05

Trust: 0.3

url:http://support.apple.com/kb/ht6203

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670303

Trust: 0.3

url:https://www.barracuda.com/blogs/pmblog?bid=2279#.u012w_msyso

Trust: 0.3

url:http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalid=kb35882

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095124

Trust: 0.3

url:http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-18.html

Trust: 0.3

url:http://blogs.citrix.com/2014/04/15/citrix-xenmobile-security-advisory-for-heartbleed/

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21672075

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004581

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004611

Trust: 0.3

url:http://www.freebsd.org/security/advisories/freebsd-sa-14:06.openssl.asc

Trust: 0.3

url:http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to-address.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1020681

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1020683

Trust: 0.3

url:https://support.software.dell.com/foglight/kb/122982

Trust: 0.3

url:http://kb.tableausoftware.com/articles/knowledgebase/heartbleed-issue

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670321

Trust: 0.3

url: http://www.hitachi.com/hirt/publications/hirt-pub14005/index.html

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04248997

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na- c04262670

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04475466

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04236062

Trust: 0.3

url:https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04236102-5%257cdoclocale%253d%

Trust: 0.3

url:https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04239375-2%257cdoclocale%253d%

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04239372

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04239374

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04255796

Trust: 0.3

url:http://seclists.org/bugtraq/2014/apr/139

Trust: 0.3

url:http://seclists.org/bugtraq/2014/apr/130

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260456-2%257cdoclocale%253de

Trust: 0.3

url:http://seclists.org/bugtraq/2014/apr/131

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04260505

Trust: 0.3

url:http://seclists.org/bugtraq/2014/apr/129

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na- c04262472

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04263236

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04264271

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04267749

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04267775

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04286049

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04307186

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04262495

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04272043

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04260637

Trust: 0.3

url:http://seclists.org/bugtraq/2014/apr/136

Trust: 0.3

url:http://seclists.org/bugtraq/2014/apr/138

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04263038

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04273303

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037392

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670066

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004643

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21674447

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671096

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670176

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670015

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670164

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670300

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671128

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671127

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670640

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21670640

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671100

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671098

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670316

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671059

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671783

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670018

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21669839

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670203

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01a

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-128-01

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-15-344-01

Trust: 0.3

url:http://www.vandyke.com/support/advisory/2014/05/index.html

Trust: 0.3

url:http://www.soliton.co.jp/support/news/important/20140410.html

Trust: 0.3

url:https://www.support.nec.co.jp/view.aspx?id=3010100835

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-105-02a

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=kb29007

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=kb29004

Trust: 0.3

url:http://support.kaspersky.com/10235#block0

Trust: 0.3

url:http://www.kerio.com/kerio-connect-release-history

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=sb10071

Trust: 0.3

url:https://technet.microsoft.com/en-us/library/security/2962393

Trust: 0.3

url:http://ftp.openbsd.org/pub/openbsd/patches/5.3/common/014_openssl.patch

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21676672

Trust: 0.3

url:https://kb.bluecoat.com/index?page=content&id=sa79&actp=list

Trust: 0.3

url:http://www.hmailserver.com/devnet/?page=issuetracker_display&issueid=424

Trust: 0.3

url:search.abb.com/library/download.aspx?documentid=1mrg016193&languagecode=en&documentpartid=&action=launch

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100179670

Trust: 0.3

url:http://www.websense.com/content/support/library/ni/shared/security-alerts/openssl-vul-2014.pdf

Trust: 0.3

url:http://www.websense.com/content/support/library/ni/shared/security-alerts/openssl-vul-2014.pdfweb

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1020021

Trust: 0.3

url:http://www-304.ibm.com/support/docview.wss?uid=isg3t1020707

Trust: 0.3

url:http://www.qnap.com/en/index.php?lang=en&sn=845&c=3034&sc=&n=21724

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670388

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21669763

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037380

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037382

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037384

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21666414

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037379

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037381

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037383

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671130

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037391

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg24037393

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21670165

Trust: 0.3

url:https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140423-0_wd_arkeia_path_traversal_v10.txt

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2014-0416.html

Trust: 0.3

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-332187.htm

Trust: 0.3

url:http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-332187.htm

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004582

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095143

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095144

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671745

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671197

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004632

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21673481

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1020715

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1020714&aid=1

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670301

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670302

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670485

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670576

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21669859

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004616

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095217

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21672507

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670339

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095203

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671338

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670864

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004577

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21669907

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=nas8n1020034

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004608

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1020694

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670750

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670560

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21669666

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670858

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004599

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004610

Trust: 0.3

url:https://support.asperasoft.com/entries/50381253

Trust: 0.3

url:http://ics-cert.us-cert.gov/advisories/icsa-14-105-03a

Trust: 0.3

url:http://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01b

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01c

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01d

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01e

Trust: 0.3

url:https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01f

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670242

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21671954

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg21670750

Trust: 0.3

url:http://blogs.sophos.com/2014/04/09/sophos-utm-manager-and-openssl-vulnerability/

Trust: 0.3

url:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095066

Trust: 0.3

url:https://documentsmart.com/security/wp-content/uploads/2014/04/cert_heartbleed-openssl_vulnerability_document_v1.31.pdf

Trust: 0.3

url:http://www.maxum.com/rumpus/blog/sslvulnerabilities.html

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004615

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21669664

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg21670060

Trust: 0.3

url:http://files.trendmicro.com/documentation/readme/osce%20docs/critical%20patch%201044%20readme.txt

Trust: 0.3

url:http://blogs.sophos.com/2014/04/09/utm-up2date-9-111-released-fix-for-openssl-vulnerability-heartbleed/

Trust: 0.3

url:http://www.vmware.com/security/advisories/vmsa-2014-0004.html

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100179859

Trust: 0.3

url:https://downloads.avaya.com/css/p8/documents/100179858

Trust: 0.3

url:http://www.ocert.org/advisories/ocert-2014-003.html

Trust: 0.3

url:https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048

Trust: 0.3

url:https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/

Trust: 0.3

url:http://pyyaml.org/wiki/libyaml

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2014-0353.html

Trust: 0.3

url:http://puppetlabs.com/security/cve/cve-2014-2525

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2014-0354.html

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2014-0355.html

Trust: 0.3

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://www.redhat.com/security/data/cve/cve-2014-0160.html

Trust: 0.2

url:https://access.redhat.com/security/team/key/#package

Trust: 0.2

url:https://access.redhat.com/site/articles/11258

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:http://www.hp.com/go/oa

Trust: 0.2

url:http://h18013.www1.hp.com/products/servers/management/hpsim/download.html

Trust: 0.2

url:https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n

Trust: 0.2

url:http://support.openview.hp.com/downloads.jsp

Trust: 0.2

url:http://www8.h

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160

Trust: 0.2

url:http://www.mandriva.com/en/support/security/

Trust: 0.2

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:http://seclists.org/fulldisclosure/2019/jan/42

Trust: 0.1

url:https://www.debian.org/security/./dsa-2896

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/

Trust: 0.1

url:https://usn.ubuntu.com/2165-1/

Trust: 0.1

url:https://access.redhat.com/site/support/policy/updates/rhev/

Trust: 0.1

url:https://access.redhat.com/site/documentation/en-us/red_hat_enterprise_linux/6/html/hypervisor_deployment_guide/chap-deployment_guide-upgrading_red_hat_enterprise_virtualization_hypervisors.html

Trust: 0.1

url:http://www.hp.com/go/insightupdates

Trust: 0.1

url:http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c03651392-3.pdf

Trust: 0.1

url:http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na-c04030739-2.pdf

Trust: 0.1

url:http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind

Trust: 0.1

url:https://tmc.tippingpoint.com/tmc/

Trust: 0.1

url:https://h20564.www2.hp.com/portal/site/hpsc/p

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0288

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0287

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0076

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0198

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0209

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0289

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204

Trust: 0.1

url:http://openssl.org/news/secadv_20150319.txt

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-5298

Trust: 0.1

url:http://openssl.org/news/secadv_20150108.txt

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0204

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0293

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3570

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-8275

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3569

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3470

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-0195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0286

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3566

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0206

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km00880036

Trust: 0.1

url:http://support.openview.hp.com/selfsolve/document/km00879992

Trust: 0.1

url:http://www.hp.com/support/eslg3

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7295

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-7295

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0059.html

Trust: 0.1

url:http://advisories.mageia.org/mgasa-2014-0256.html

Trust: 0.1

sources: VULMON: CVE-2014-0160 // BID: 66690 // BID: 66478 // PACKETSTORM: 126109 // PACKETSTORM: 126347 // PACKETSTORM: 126280 // PACKETSTORM: 126945 // PACKETSTORM: 126453 // PACKETSTORM: 126054 // PACKETSTORM: 126244 // PACKETSTORM: 126301 // PACKETSTORM: 126732 // PACKETSTORM: 128618 // PACKETSTORM: 126210 // PACKETSTORM: 131044 // PACKETSTORM: 126461 // PACKETSTORM: 127279 // PACKETSTORM: 127069 // NVD: CVE-2014-0160

CREDITS

HP

Trust: 1.1

sources: PACKETSTORM: 126347 // PACKETSTORM: 126280 // PACKETSTORM: 126945 // PACKETSTORM: 126453 // PACKETSTORM: 126244 // PACKETSTORM: 126301 // PACKETSTORM: 126732 // PACKETSTORM: 128618 // PACKETSTORM: 126210 // PACKETSTORM: 126461 // PACKETSTORM: 127279

SOURCES

db:VULMONid:CVE-2014-0160
db:BIDid:66690
db:BIDid:66478
db:PACKETSTORMid:126109
db:PACKETSTORMid:126347
db:PACKETSTORMid:126280
db:PACKETSTORMid:126945
db:PACKETSTORMid:126453
db:PACKETSTORMid:126054
db:PACKETSTORMid:126244
db:PACKETSTORMid:126301
db:PACKETSTORMid:126732
db:PACKETSTORMid:128618
db:PACKETSTORMid:126210
db:PACKETSTORMid:131044
db:PACKETSTORMid:126461
db:PACKETSTORMid:127279
db:PACKETSTORMid:127069
db:NVDid:CVE-2014-0160

LAST UPDATE DATE

2026-07-08T20:55:03.326000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2014-0160date:2023-11-07T00:00:00
db:BIDid:66690date:2016-07-06T14:40:00
db:BIDid:66478date:2017-05-02T04:07:00
db:NVDid:CVE-2014-0160date:2026-06-17T00:02:24.467

SOURCES RELEASE DATE

db:VULMONid:CVE-2014-0160date:2014-04-07T00:00:00
db:BIDid:66690date:2014-04-07T00:00:00
db:BIDid:66478date:2014-03-26T00:00:00
db:PACKETSTORMid:126109date:2014-04-10T22:54:11
db:PACKETSTORMid:126347date:2014-04-26T19:01:16
db:PACKETSTORMid:126280date:2014-04-23T21:23:59
db:PACKETSTORMid:126945date:2014-06-05T20:15:29
db:PACKETSTORMid:126453date:2014-05-03T02:06:02
db:PACKETSTORMid:126054date:2014-04-08T21:22:06
db:PACKETSTORMid:126244date:2014-04-21T20:03:21
db:PACKETSTORMid:126301date:2014-04-24T22:19:56
db:PACKETSTORMid:126732date:2014-05-20T19:22:00
db:PACKETSTORMid:128618date:2014-10-09T23:55:36
db:PACKETSTORMid:126210date:2014-04-17T22:05:20
db:PACKETSTORMid:131044date:2015-03-27T20:42:44
db:PACKETSTORMid:126461date:2014-05-03T02:17:58
db:PACKETSTORMid:127279date:2014-06-30T23:47:20
db:PACKETSTORMid:127069date:2014-06-12T13:43:49
db:NVDid:CVE-2014-0160date:2014-04-07T22:55:03.893