7.5

CVE-2014-0160 (Heartbleed)

Warnung
Exploit
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version >= 1.0.1 < 1.0.1g
Filezilla-projectFilezilla Server Version < 0.9.44
SiemensCp 1543-1 Firmware Version1.1
   SiemensCp 1543-1 Version-
SiemensSimatic S7-1500 Firmware Version1.5
   SiemensSimatic S7-1500 Version-
SiemensSimatic S7-1500t Firmware Version1.5
   SiemensSimatic S7-1500t Version-
SiemensElan-8.2 Version < 8.3.3
IntellianV100 Firmware Version1.20
   IntellianV100 Version-
IntellianV100 Firmware Version1.21
   IntellianV100 Version-
IntellianV100 Firmware Version1.24
   IntellianV100 Version-
IntellianV60 Firmware Version1.15
   IntellianV60 Version-
IntellianV60 Firmware Version1.25
   IntellianV60 Version-
MitelMicollab Version6.0
MitelMicollab Version7.0
MitelMicollab Version7.1
MitelMicollab Version7.2
MitelMicollab Version7.3
MitelMicollab Version7.3.0.104
MitelMivoice Version1.1.2.5 SwPlatformlync
MitelMivoice Version1.1.3.3 SwPlatformskype_for_business
MitelMivoice Version1.2.0.11 SwPlatformskype_for_business
MitelMivoice Version1.3.2.2 SwPlatformskype_for_business
MitelMivoice Version1.4.0.102 SwPlatformskype_for_business
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
FedoraprojectFedora Version19
FedoraprojectFedora Version20
RedhatGluster Storage Version2.1
RedhatStorage Version2.1
RedhatVirtualization Version6.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
SplunkSplunk SwEditionenterprise Version >= 6.0.0 < 6.0.3

04.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

OpenSSL Information Disclosure Vulnerability

Schwachstelle

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 100% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E
Patch
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E
Patch
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=142660345230545&w=2
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E
Patch
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E
Patch
Third Party Advisory
Mailing List
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
Third Party Advisory
Broken Link
http://seclists.org/fulldisclosure/2014/Dec/23
Third Party Advisory
Mailing List
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Patch
Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
Not Applicable
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Broken Link
http://secunia.com/advisories/57836
Third Party Advisory
Broken Link
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
Release Notes
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
Third Party Advisory
Mailing List
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Third Party Advisory
http://www.splunk.com/view/SP-CAAAMB3
Third Party Advisory
http://secunia.com/advisories/57966
Third Party Advisory
Broken Link
http://secunia.com/advisories/57968
Third Party Advisory
Broken Link
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
Release Notes
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
Release Notes
http://advisories.mageia.org/MGASA-2014-0165.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2
Third Party Advisory
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
Third Party Advisory
Broken Link
http://www.ubuntu.com/usn/USN-2165-1
Third Party Advisory
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
Third Party Advisory
Issue Tracking
http://cogentdatahub.com/ReleaseNotes.html
Release Notes
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
Broken Link
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3
Broken Link
http://heartbleed.com/
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
Third Party Advisory
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
Third Party Advisory
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139722163017074&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139757726426985&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139757819327350&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139757919027752&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139758572430452&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139765756720506&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139774054614965&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139774703817488&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139808058921905&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139817685517037&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139817727317190&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139817782017443&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139824923705461&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139824993005633&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139833395230364&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139835815211508&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139835844111589&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139836085512508&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139842151128341&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139843768401936&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139869720529462&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139869891830365&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139889113431619&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139889295732144&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139905202427693&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139905243827825&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139905295427946&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139905351928096&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139905405728262&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139905458328378&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139905653828999&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=139905868529690&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=140015787404650&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=140075368411126&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=140724451518351&w=2
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=141287864628122&w=2
Third Party Advisory
Mailing List
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
Third Party Advisory
Permissions Required
http://rhn.redhat.com/errata/RHSA-2014-0376.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0377.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.html
Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/109
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2014/Apr/173
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2014/Apr/190
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2014/Apr/90
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2014/Apr/91
Third Party Advisory
Mailing List
http://secunia.com/advisories/57347
Third Party Advisory
Broken Link
http://secunia.com/advisories/57483
Third Party Advisory
Broken Link
http://secunia.com/advisories/57721
Third Party Advisory
Broken Link
http://secunia.com/advisories/59139
Third Party Advisory
Broken Link
http://secunia.com/advisories/59243
Third Party Advisory
Broken Link
http://secunia.com/advisories/59347
Third Party Advisory
Broken Link
http://support.citrix.com/article/CTX140605
Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
Broken Link
http://www.blackberry.com/btsc/KB35882
Broken Link
http://www.debian.org/security/2014/dsa-2896
Third Party Advisory
Mailing List
http://www.exploit-db.com/exploits/32745
Third Party Advisory
Exploit
VDB Entry
http://www.exploit-db.com/exploits/32764
Third Party Advisory
Exploit
VDB Entry
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
Third Party Advisory
Broken Link
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
Third Party Advisory
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
Not Applicable
http://www.kb.cert.org/vuls/id/720951
Third Party Advisory
US Government Resource
http://www.kerio.com/support/kerio-control/release-history
Third Party Advisory
Broken Link
http://www.openssl.org/news/secadv_20140407.txt
Vendor Advisory
Broken Link
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
Patch
Third Party Advisory
http://www.securityfocus.com/bid/66690
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030026
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030074
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030077
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030078
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030079
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030080
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030081
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1030082
Third Party Advisory
Broken Link
VDB Entry
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-098A
Third Party Advisory
US Government Resource
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
Broken Link
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
Third Party Advisory
Issue Tracking
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
Third Party Advisory
https://code.google.com/p/mod-spdy/issues/detail?id=85
Issue Tracking
https://filezilla-project.org/versions.php?type=server
Release Notes
https://gist.github.com/chapmajs/10473815
Exploit
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
Broken Link
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
Third Party Advisory
Mailing List
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
Third Party Advisory
Exploit
Permissions Required
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
Third Party Advisory
https://www.cert.fi/en/reports/2014/vulnerability788210.html
Third Party Advisory
Not Applicable
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
Third Party Advisory
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd
Third Party Advisory
Exploit
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160
US Government Resource