CVE-2014-0160

Warning

Exploit

EPSS 94.48%
Published 07.04.2014 22:55:03
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Affected products Warnungen 1 Metrics 4 CWE 1 References 131

Data is provided by the National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version >= 1.0.1 < 1.0.1g

Filezilla-project ≫ Filezilla Server Version < 0.9.44

Siemens ≫ Application Processing Engine Firmware Version2.0

Siemens ≫ Application Processing Engine Version-

Siemens ≫ Cp 1543-1 Firmware Version1.1

Siemens ≫ Cp 1543-1 Version-

Siemens ≫ Simatic S7-1500 Firmware Version1.5

Siemens ≫ Simatic S7-1500 Version-

Siemens ≫ Simatic S7-1500t Firmware Version1.5

Siemens ≫ Simatic S7-1500t Version-

Siemens ≫ Elan-8.2 Version < 8.3.3

Siemens ≫ Wincc Open Architecture Version3.12

Intellian ≫ V100 Firmware Version1.20

Intellian ≫ V100 Version-

Intellian ≫ V100 Firmware Version1.21

Intellian ≫ V100 Version-

Intellian ≫ V100 Firmware Version1.24

Intellian ≫ V100 Version-

Intellian ≫ V60 Firmware Version1.15

Intellian ≫ V60 Version-

Intellian ≫ V60 Firmware Version1.25

Intellian ≫ V60 Version-

Mitel ≫ Micollab Version6.0

Mitel ≫ Micollab Version7.0

Mitel ≫ Micollab Version7.1

Mitel ≫ Micollab Version7.2

Mitel ≫ Micollab Version7.3

Mitel ≫ Micollab Version7.3.0.104

Mitel ≫ Mivoice Version1.1.2.5 SwPlatformlync

Mitel ≫ Mivoice Version1.1.3.3 SwPlatformskype_for_business

Mitel ≫ Mivoice Version1.2.0.11 SwPlatformskype_for_business

Mitel ≫ Mivoice Version1.3.2.2 SwPlatformskype_for_business

Mitel ≫ Mivoice Version1.4.0.102 SwPlatformskype_for_business

Opensuse ≫ Opensuse Version12.3

Opensuse ≫ Opensuse Version13.1

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version12.10

Canonical ≫ Ubuntu Linux Version13.10

Fedoraproject ≫ Fedora Version19

Fedoraproject ≫ Fedora Version20

Redhat ≫ Gluster Storage Version2.1

Redhat ≫ Storage Version2.1

Redhat ≫ Virtualization Version6.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Aus Version6.5

Redhat ≫ Enterprise Linux Server Eus Version6.5

Redhat ≫ Enterprise Linux Server Tus Version6.5

Redhat ≫ Enterprise Linux Workstation Version6.0

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Broadcom ≫ Symantec Messaging Gateway Version10.6.0

Broadcom ≫ Symantec Messaging Gateway Version10.6.1

Splunk ≫ Splunk SwEditionenterprise Version >= 6.0.0 < 6.0.3

04.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

OpenSSL Information Disclosure Vulnerability

Vulnerability

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.48%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E

Patch

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E

Patch

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=142660345230545&w=2

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E

Patch

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E

Patch

Third Party Advisory

Mailing List

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

Third Party Advisory

Broken Link

http://seclists.org/fulldisclosure/2014/Dec/23

Third Party Advisory

Mailing List

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Patch

Third Party Advisory

http://www.securityfocus.com/archive/1/534161/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

Not Applicable

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Broken Link

http://secunia.com/advisories/57836

Third Party Advisory

Broken Link

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

Release Notes

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

Third Party Advisory

Mailing List

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

Third Party Advisory

http://www.splunk.com/view/SP-CAAAMB3

Third Party Advisory

http://secunia.com/advisories/57966

Third Party Advisory

Broken Link

http://secunia.com/advisories/57968

Third Party Advisory

Broken Link

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

Release Notes

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

Release Notes

http://advisories.mageia.org/MGASA-2014-0165.html

Third Party Advisory

http://marc.info/?l=bugtraq&m=140752315422991&w=2

Third Party Advisory

Mailing List

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

Third Party Advisory

Broken Link

http://www.ubuntu.com/usn/USN-2165-1

Third Party Advisory

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

Third Party Advisory

Issue Tracking

http://cogentdatahub.com/ReleaseNotes.html

Release Notes

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

Broken Link

http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3

Broken Link

http://heartbleed.com/

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

Third Party Advisory

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

Third Party Advisory

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139722163017074&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139757726426985&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139757819327350&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139757919027752&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139758572430452&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139765756720506&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139774054614965&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139774703817488&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139808058921905&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139817685517037&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139817727317190&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139817782017443&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139824923705461&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139824993005633&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139833395230364&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139835815211508&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139835844111589&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139836085512508&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139842151128341&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139843768401936&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139869720529462&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139869891830365&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139889113431619&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139889295732144&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139905202427693&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139905243827825&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139905295427946&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139905351928096&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139905405728262&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139905458328378&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139905653828999&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=139905868529690&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=140015787404650&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=140075368411126&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=140724451518351&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=141287864628122&w=2

Third Party Advisory

Mailing List

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

Third Party Advisory

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

Third Party Advisory

Permissions Required

http://rhn.redhat.com/errata/RHSA-2014-0376.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-0377.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-0378.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2014-0396.html

Third Party Advisory

http://seclists.org/fulldisclosure/2014/Apr/109

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2014/Apr/173

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2014/Apr/190

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2014/Apr/90

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2014/Apr/91

Third Party Advisory

Mailing List

http://secunia.com/advisories/57347

Third Party Advisory

Broken Link

http://secunia.com/advisories/57483

Third Party Advisory

Broken Link

http://secunia.com/advisories/57721

Third Party Advisory

Broken Link

http://secunia.com/advisories/59139

Third Party Advisory

Broken Link

http://secunia.com/advisories/59243

Third Party Advisory

Broken Link

http://secunia.com/advisories/59347

Third Party Advisory

Broken Link

http://support.citrix.com/article/CTX140605

Third Party Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21670161

Broken Link

http://www.blackberry.com/btsc/KB35882

Broken Link

http://www.debian.org/security/2014/dsa-2896

Third Party Advisory

Mailing List

http://www.exploit-db.com/exploits/32745

Third Party Advisory

Exploit

VDB Entry

http://www.exploit-db.com/exploits/32764

Third Party Advisory

Exploit

VDB Entry

http://www.f-secure.com/en/web/labs_global/fsc-2014-1

Third Party Advisory

Broken Link

http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

Third Party Advisory

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

Not Applicable

http://www.kb.cert.org/vuls/id/720951

Third Party Advisory

US Government Resource

http://www.kerio.com/support/kerio-control/release-history

Third Party Advisory

Broken Link

http://www.openssl.org/news/secadv_20140407.txt

Vendor Advisory

Broken Link

http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Patch

Third Party Advisory

http://www.securityfocus.com/bid/66690

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030026

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030074

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030077

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030078

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030079

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030080

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030081

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1030082

Third Party Advisory

Broken Link

VDB Entry

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

Third Party Advisory

http://www.us-cert.gov/ncas/alerts/TA14-098A

Third Party Advisory

US Government Resource

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

Broken Link

https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1084875

Third Party Advisory

Issue Tracking

https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

Third Party Advisory

https://code.google.com/p/mod-spdy/issues/detail?id=85

Issue Tracking

https://filezilla-project.org/versions.php?type=server

Release Notes

https://gist.github.com/chapmajs/10473815

Exploit

https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Broken Link

https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html

Third Party Advisory

Mailing List

https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

Third Party Advisory

Exploit

Permissions Required

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Third Party Advisory

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

Third Party Advisory

https://www.cert.fi/en/reports/2014/vulnerability788210.html

Third Party Advisory

Not Applicable

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

Third Party Advisory

https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd

Third Party Advisory

Exploit

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2014-0160

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0160

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0160

EUVD