Details of VAR-201404-0592

ID

VAR-201404-0592

CVE

CVE-2014-0160

TITLE

OpenSSL of heartbeat Information disclosure vulnerability in expansion

Trust: 0.8

sources: JVNDB: JVNDB-2014-001920

DESCRIPTION

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. OpenSSL of heartbeat An information disclosure vulnerability exists in the implementation of the extension. TLS And DTLS In communication OpenSSL The memory contents of the process executing this code may be leaked to the communication partner.An important information such as a private key may be obtained by a remote third party. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 3 HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-11 Last Updated: 2014-04-17 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. References: CVE-2014-0160 (SSRT101499) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes HP Service Manager v9.32, v9.33 Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04248997 HP Asset Manager v9.40, v9.40 CSC HP UCMDB Browser v1.x, v2.x, v3.1 APR enabled on Tomcat includes an affected OpenSSL version HP UCMDB Configuration Manager v9.1x, v9.2x, v9.3x, v10.01, v10.10 HP CIT (ConnectIT) v9.52, v9.53 HP Executive Scorecard v9.40, v9.41 HP Server Automation v10.00, v10.01 Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04250814 HP Diagnostics v9.23, v9.23 IP1 HP LoadRunner v11.52, v12.0 Controller/load generator communication channel HP Performance Center v11.52, v12.0 Controller/load generator communication channel HP Autonomy WorkSite Server v9.0 SP1 (on-premises software) Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04239374 Impacted Versions table BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Version:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server as impacted. Added security bulletin pointers for Service Manager, Server Automation and Worksite Server Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:123 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : tor Date : June 11, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated tor packages fix multiple vulnerabilities: Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors (CVE-2013-7295). Update to version 0.2.4.22 solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the heartbleed bug in OpenSSL (CVE-2014-0160). - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. - The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy. - Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others. - Clients now try to advertise the same list of ciphersuites as Firefox 28. For other changes see the upstream change log _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7295 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://advisories.mageia.org/MGASA-2014-0059.html http://advisories.mageia.org/MGASA-2014-0256.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 77035fd2ff3c6df5effbaf9ee78bdaf4 mbs1/x86_64/tor-0.2.4.22-1.mbs1.x86_64.rpm cccaec1a8425ebfce0bb7d8057d38d6e mbs1/SRPMS/tor-0.2.4.22-1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTmDAPmqjQ0CJFipgRAqq4AJ9ZIEn/fqUynENotuSA2kTLnKwpJgCgkh59 ssWQCdn4l3H2KyxX+IQBsxw= =fSis -----END PGP SIGNATURE----- . https://w orksitesupport.autonomy.com/worksite/Scripts/GetDoc.aspx?latest=0%26nrtid=!nr tdms:0:!session:10.253.1.101:!database:SUPPORT:!document:1351832,1 Note: after applying the update, HP recommends these additional steps to assure the vulnerability is addressed. HP CloudSystem Foundation v8.02 is available at the following Software Depot download location: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =Z7550-63210 Notes: The HP CloudSystem Foundation v8.02 also applies to HP CloudSystem Enterprise software. All other HP CloudSystem Foundation and HP CloudSystem Enterprise software download files remain at version 8.0. The combination of these files available at the link above makes up the overall CloudSystem solution. Customers who had downloaded a version of CloudSystem prior to this most recent update are encouraged to obtain the updated files from the Software Depot download location. Summary: Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-perl-1.0.1e-16.el6_5.7.i686.rpm openssl-static-1.0.1e-16.el6_5.7.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm x86_64: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm ppc64: openssl-1.0.1e-16.el6_5.7.ppc.rpm openssl-1.0.1e-16.el6_5.7.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.7.ppc.rpm openssl-devel-1.0.1e-16.el6_5.7.ppc64.rpm s390x: openssl-1.0.1e-16.el6_5.7.s390.rpm openssl-1.0.1e-16.el6_5.7.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.s390x.rpm openssl-devel-1.0.1e-16.el6_5.7.s390.rpm openssl-devel-1.0.1e-16.el6_5.7.s390x.rpm x86_64: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-perl-1.0.1e-16.el6_5.7.i686.rpm openssl-static-1.0.1e-16.el6_5.7.i686.rpm ppc64: openssl-debuginfo-1.0.1e-16.el6_5.7.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.7.ppc64.rpm openssl-static-1.0.1e-16.el6_5.7.ppc64.rpm s390x: openssl-debuginfo-1.0.1e-16.el6_5.7.s390x.rpm openssl-perl-1.0.1e-16.el6_5.7.s390x.rpm openssl-static-1.0.1e-16.el6_5.7.s390x.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm x86_64: openssl-1.0.1e-16.el6_5.7.i686.rpm openssl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.7.i686.rpm openssl-devel-1.0.1e-16.el6_5.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openssl-1.0.1e-16.el6_5.7.src.rpm i386: openssl-debuginfo-1.0.1e-16.el6_5.7.i686.rpm openssl-perl-1.0.1e-16.el6_5.7.i686.rpm openssl-static-1.0.1e-16.el6_5.7.i686.rpm x86_64: openssl-debuginfo-1.0.1e-16.el6_5.7.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.7.x86_64.rpm openssl-static-1.0.1e-16.el6_5.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0160.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. Relevant releases/architectures: RHEV Hypervisor for RHEL-6 - noarch 3. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. HP Multimedia Service Environment (MSE) 2.1.1 HP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001, 002, 003 HP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003 Only the MSE (ACM TMP) database set up with Replication using SSL is impacted for the above versions. This bulletin will be revised when an update for v4.20 software is released. HP has made Onboard Administrator (OA) v4.12 available to resolve the vulnerability here: 1) Go to: http://www.hp.com/go/oa 2) Click "Onboard Administrator Firmware" 3) Select "HP BLc3000 Onboard Administrator Option" or "HP BLc7000 Onboard Administrator Option" 4) Select an appropriate operating system from the list of choices 5) On the page, find Firmware 4.12 for download Notes Customers running OA v4.20 also have the option to downgrade OA firmware to OA v4.12 if that meets the requisite Hardware/feature support for the enclosure configuration. No action is required unless the OA is running the firmware versions explicitly listed as vulnerable. Patch 40013 available through StoreVirtual Online Upgrades. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability Issued: April 13, 2014 Updated: May 12, 2014 CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CVE identifier CVE-2014-0160 has been assigned to this vulnerability. CA Technologies has confirmed that the majority of our product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected. CA Technologies will update this security notice as additional information becomes available. Risk Rating High These products may be affected CA ARCserve D2D for Windows 16.5 CA ARCserve D2D for Linux 16.5, 16.5SP1 CA ARCserve High Availability 16.5, 16.5SP1, 16.5SP2 (SP2 build less than 3800) CA ARCserve Replication 16.5, 16.5SP1, 16.5SP2 (SP2 build less than 3800) CA ARCserve Unified Data Protection (Release Candidate) CA ecoMeter 3.1.1, 3.1.2, 4.0.00, 4.0.01, 4.0.02, 4.1.00, 4.1.01, 4.2.00 CA eHealth 6.3.0.05 thru 6.3.2.04 (all platforms affected) CA Layer 7 API Gateway 8.1 (installed but not used by default) CA Layer 7 API Portal 2.6 CA Layer 7 Mobile Access Gateway 8.1 (installed but not used by default) CA Mobile Device Management 2014 Q1 CA XCOM Data Transport - Only the Windows 64-bit XCOM application is affected. Note: At this time, no other CA Technologies products have been identified as potentially vulnerable. Solution CA ARCserve D2D for Windows 16.5: Apply fix RO69431. CA ARCserve D2D for Linux 16.5 and 16.5SP1: Apply fix RO69417. Note that r16.5 SP1 is a prerequisite for this fix. CA ARCserve High Availability 16.5, 16.5SP1, 16.5SP2 (SP2 build less than 3800): Apply Service Pack 2 (build 3800), which includes the fix for the OpenSSL Heartbleed vulnerability: RI69547. CA ARCserve Replication 16.5, 16.5SP1, 16.5SP2 (SP2 build less than 3800): Apply Service Pack 2 (build 3800), which includes the fix for the OpenSSL Heartbleed vulnerability: RI69547. CA ARCserve Unified Data Protection (Release Candidate): CA expects to provide a solution with the GA release on May 14, 2014 CA ecoMeter 3.1.1, 3.1.2: These versions of CA ecoMeter use eHealth as the data collection platform. Apply the appropriate fix listed below. Important note: Do not apply this patch to CA eHealth releases prior to 6.3.0.05 and/or systems utilizing CAC. Customers who use eHealth with CAC should wait for further notification as the testing for that configuration has not been completed. Windows: RO69554 Linux: RO69556 Solaris: RO69555 CA ecoMeter 4.0.00, 4.0.01, 4.0.02, 4.1.00, 4.1.01, 4.2.00: These versions of CA ecoMeter use eHealth as the data collection platform. Apply the appropriate fix listed below. Important note: The current CA eHealth / CA SiteMinder integration is not compatible with release 6.3.1.02 thru 6.3.2.04. Do not apply this patch to CA eHealth released prior to 6.3.1.02 and/or system utilizing CAC. Customers who use eHealth with CAC should wait for further notification as the testing for that configuration has not been completed. Windows: RO69442 Linux: RO69443 Solaris: RO69444 CA eHealth 6.3.0.05 - 6.3.1.01 (all platforms): Apply the appropriate fix listed below. Important note: Do not apply this patch to CA eHealth releases prior to 6.3.0.05 and/or systems utilizing CAC. Customers who use eHealth with CAC should wait for further notification as the testing for that configuration has not been completed. Windows: RO69554 Linux: RO69556 Solaris: RO69555 CA eHealth 6.3.1.02 - 6.3.2.04 (all platforms): Apply the appropriate fix listed below. Important note: The current CA eHealth / CA SiteMinder integration is not compatible with release 6.3.1.02 thru 6.3.2.04. Do not apply this patch to CA eHealth released prior to 6.3.1.02 and/or system utilizing CAC. Customers who use eHealth with CAC should wait for further notification as the testing for that configuration has not been completed. Windows: RO69442 Linux: RO69443 Solaris: RO69444 CA Layer 7 API Gateway 8.1: Solution was delivered on April 10, 2014 Refer to the Layer 7 Technologies Support site for solution. CA Layer 7 API Portal 2.6: Solution was delivered on April 10, 2014 Refer to the Layer 7 Technologies Support site for solution. CA Layer 7 Mobile Access Gateway 8.1: Solution was delivered on April 10, 2014 Refer to the Layer 7 Technologies Support site for solution. CA Mobile Device Management 2014 Q1: Apply Hotfix 1: CA MDM 2014Q1 Hotfix 1 CA XCOM Data Transport (only Windows 64-bit platform is affected): Solution RO69230 was published on April 11, 2014 Workaround None References CVE-2014-0160 - OpenSSL Heartbleed vulnerability Change History v1.0: 2014-04-13, Initial Release v1.1: 2014-04-14, Updated Layer 7 affected products and solution. v1.2: 2014-04-14, Updated XCOM Data Transport affected product info. v1.3: 2014-04-19, Modified affected versions for ARCserve D2D for Windows, ARCserve High Availability, ARCserve Replication, eHealth. Added ecoMeter to affected products. Modified solutions for ARCserve D2D for Windows, ARCserve D2D for Linux, ARCserve High Availability, ARCserve Replication, eHealth. Added ecoMeter 3.x and 4.x solution information. Added fixes for eHealth 6.3.1.02 – 6.3.2.04, and ecoMeter 4.x. v1.4: 2014-04-24, Modified ARCserve RHA affected versions. Added solutions for ARCserve D2D (Windows and Linux), ARCserve RHA, ecoMeter, eHealth. v1.5: 2014-05-12, Added fix for MDM. Fixes are now available for all potentially affected CA products. If additional information is required, please contact CA Technologies Support at https://support.ca.com/ . If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at vuln@ca.com . PGP key: support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Security Notices https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Ken Williams Director, Product Vulnerability Response Team CA Technologies | One CA Plaza | Islandia, NY 11749 | www.ca.com Ken.Williams@ca.com | vuln@ca.com Copyright © 2014 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15238) Charset: utf-8 wj8DBQFTdhtEeSWR3+KUGYURAqHSAJ9DSbzijtuMxwyes6kJ21iJwHkXVQCZARiM GEWBqKGKzMXNkvtf/sUGm1Q= =C6WK -----END PGP SIGNATURE-----

Trust: 3.15

sources: NVD: CVE-2014-0160 // JVNDB: JVNDB-2014-001920 // PACKETSTORM: 126210 // PACKETSTORM: 127069 // PACKETSTORM: 126451 // PACKETSTORM: 126303 // PACKETSTORM: 126186 // PACKETSTORM: 126790 // PACKETSTORM: 126164 // VULMON: CVE-2014-0160 // PACKETSTORM: 126053 // PACKETSTORM: 126057 // PACKETSTORM: 126516 // PACKETSTORM: 126244 // PACKETSTORM: 126460 // PACKETSTORM: 126284 // PACKETSTORM: 126498 // PACKETSTORM: 126452 // PACKETSTORM: 126705

AFFECTED PRODUCTS

vendor:	mitel	model:	mivoice	scope:	eq	version:	1.3.2.2	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	20	Trust: 1.0
vendor:	intellian	model:	v60	scope:	eq	version:	1.15	Trust: 1.0
vendor:	ricon	model:	s9922l	scope:	eq	version:	16.10.3\(3794\)	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.1.2.5	Trust: 1.0
vendor:	redhat	model:	gluster storage	scope:	eq	version:	2.1	Trust: 1.0
vendor:	siemens	model:	application processing engine	scope:	eq	version:	2.0	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.24	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	lt	version:	1.0.1g	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500	scope:	eq	version:	1.5	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	12.3	Trust: 1.0
vendor:	splunk	model:	splunk	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	19	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.10	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.1.3.3	Trust: 1.0
vendor:	broadcom	model:	symantec messaging gateway	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	redhat	model:	virtualization	scope:	eq	version:	6.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	gte	version:	1.0.1	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.20	Trust: 1.0
vendor:	intellian	model:	v60	scope:	eq	version:	1.25	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	13.10	Trust: 1.0
vendor:	siemens	model:	cp 1543-1	scope:	eq	version:	1.1	Trust: 1.0
vendor:	siemens	model:	wincc open architecture	scope:	eq	version:	3.12	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.3.0.104	Trust: 1.0
vendor:	splunk	model:	splunk	scope:	lt	version:	6.0.3	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.2.0.11	Trust: 1.0
vendor:	siemens	model:	elan-8.2	scope:	lt	version:	8.3.3	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	storage	scope:	eq	version:	2.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.0
vendor:	filezilla	model:	server	scope:	lt	version:	0.9.44	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.1	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500t	scope:	eq	version:	1.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	mitel	model:	mivoice	scope:	eq	version:	1.4.0.102	Trust: 1.0
vendor:	intellian	model:	v100	scope:	eq	version:	1.21	Trust: 1.0
vendor:	broadcom	model:	symantec messaging gateway	scope:	eq	version:	10.6.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	6.5	Trust: 1.0
vendor:	mitel	model:	micollab	scope:	eq	version:	7.3	Trust: 1.0
vendor:	freebsd	model:	freebsd	scope:	eq	version:	10.0	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	lte	version:	1.0.1 from 1.0.1f	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4 for x86	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4 for x86_64	Trust: 0.8
vendor:	cybozu	model:	office	scope:	lt	version:	10.1.0	Trust: 0.8
vendor:	cybozu	model:	mailwise	scope:	lt	version:	5.1.4	Trust: 0.8
vendor:	hewlett packard	model:	hp tippingpoint	scope:	eq	version:	ngfw 1.0.1	Trust: 0.8
vendor:	hewlett packard	model:	hp tippingpoint	scope:	eq	version:	ngfw 1.0.2	Trust: 0.8
vendor:	hewlett packard	model:	hp tippingpoint	scope:	eq	version:	ngfw 1.0.3	Trust: 0.8
vendor:	hewlett packard	model:	hp tippingpoint	scope:	eq	version:	ngfw 1.1.0_4127	Trust: 0.8

sources: JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0160
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2014-0160
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2014-001920
value:	MEDIUM
Trust: 0.8
VULMON:	CVE-2014-0160
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0160
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
IPA:	JVNDB-2014-001920
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2014-0160
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0

sources: VULMON: CVE-2014-0160 // JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160 // NVD: CVE-2014-0160

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 126186 // PACKETSTORM: 127069

TYPE

info disclosure

Trust: 0.2

sources: PACKETSTORM: 126053 // PACKETSTORM: 126057

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001920

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2014-0160

PATCH

title:	Apache Tomcat - Apache Tomcat APR/native Connector vulnerabilities	url:	http://tomcat.apache.org/security-native.html	Trust: 0.8
title:	Security/Heartbleed - Tomcat Wiki	url:	http://wiki.apache.org/tomcat/Security/Heartbleed	Trust: 0.8
title:	ミラクル・リナックス株式会社の告知ページ	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=3566&sType=&sProduct=&published=1	Trust: 0.8
title:	BlackBerry response to OpenSSL “Heartbleed” vulnerability	url:	http://www.blackberry.com/btsc/KB35882	Trust: 0.8
title:	Enterprise Chef 1.4.9 Release	url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/	Trust: 0.8
title:	Chef Server Heartbleed (CVE-2014-0160) Releases	url:	http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/	Trust: 0.8
title:	Chef Server 11.0.12 Release	url:	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/	Trust: 0.8
title:	Enterprise Chef 11.1.3 Release	url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/	Trust: 0.8
title:	cisco-sa-20140409-heartbleed	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed	Trust: 0.8
title:	Release Notes	url:	http://cogentdatahub.com/ReleaseNotes.html	Trust: 0.8
title:	FSC-2014-1: Notice on OpenSSL 'Heartbleed' Vulnerability	url:	http://www.f-secure.com/en/web/labs_global/fsc-2014-1	Trust: 0.8
title:	SOL15159: OpenSSL vulnerability CVE-2014-0160	url:	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217	Trust: 0.8
title:	Version history	url:	https://filezilla-project.org/versions.php?type=server	Trust: 0.8
title:	OpenSSL multiple vulnerabilities	url:	http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc	Trust: 0.8
title:	HPSBHF03136 SSRT101726	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04475466	Trust: 0.8
title:	HPSBMU03022 SSRT101527	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04263236	Trust: 0.8
title:	HPSBMU03024 SSRT101538	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04267749	Trust: 0.8
title:	HPSBST03000 SSRT101513	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04260637	Trust: 0.8
title:	HPSBMU03033 SSRT101550	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04272892	Trust: 0.8
title:	HPSBHF03293 SSRT101846	url:	http://h20566.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04595951&lang=en&cc=us	Trust: 0.8
title:	HPSBMU02995 SSRT101499	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04236102	Trust: 0.8
title:	HPSBMU03009 SSRT101520	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04249113	Trust: 0.8
title:	OpenSSL Heartbleed (CVE-2014-0160)	url:	https://www-304.ibm.com/connections/blogs/PSIRT/entry/openssl_heartbleed_cve_2014_0160?lang=en_us	Trust: 0.8
title:	1670161	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670161	Trust: 0.8
title:	00001841	url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001841	Trust: 0.8
title:	00001843	url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001843	Trust: 0.8
title:	1672507	url:	http://www-01.ibm.com/support/docview.wss?uid=swg21672507	Trust: 0.8
title:	アライドテレシス株式会社からの情報	url:	http://jvn.jp/vu/JVNVU94401838/522154/index.html	Trust: 0.8
title:	Kerio Control Release History	url:	http://www.kerio.com/support/kerio-control/release-history	Trust: 0.8
title:	AV14-001	url:	http://jpn.nec.com/security-info/av14-001.html	Trust: 0.8
title:	Add heartbeat extension bounds check.	url:	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3	Trust: 0.8
title:	OpenSSL Security Advisory [07 Apr 2014] - TLS heartbeat read overrun (CVE-2014-0160)	url:	http://www.openssl.org/news/secadv_20140407.txt	Trust: 0.8
title:	OpenSSL Security Bug - Heartbleed / CVE-2014-0160	url:	http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html	Trust: 0.8
title:	Oracle Security Alert for CVE-2014-0160	url:	http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - July 2014	url:	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Trust: 0.8
title:	Bug 1084875	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1084875	Trust: 0.8
title:	RHSA-2014:0377	url:	http://rhn.redhat.com/errata/RHSA-2014-0377.html	Trust: 0.8
title:	RHSA-2014:0378	url:	http://rhn.redhat.com/errata/RHSA-2014-0378.html	Trust: 0.8
title:	RHSA-2014:0376	url:	http://rhn.redhat.com/errata/RHSA-2014-0376.html	Trust: 0.8
title:	RHSA-2014:0396	url:	http://rhn.redhat.com/errata/RHSA-2014-0396.html	Trust: 0.8
title:	Multiple vulnerabilities in OpenSSL	url:	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5	Trust: 0.8
title:	Vulnerabilities resolved in TRITON APX Version 8.0	url:	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	Trust: 0.8
title:	Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014	url:	http://www.splunk.com/view/SP-CAAAMB3	Trust: 0.8
title:	日本マイクロソフト株式会社の告知ページ	url:	http://blogs.technet.com/b/jpsecurity/archive/2014/04/11/microsoft-services-unaffected-by-openssl-quot-heartbleed-quot-vulnerability.aspx	Trust: 0.8
title:	UIS-2014-1	url:	http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1	Trust: 0.8
title:	UIS-2014-3	url:	http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3	Trust: 0.8
title:	VMSA-2014-0012	url:	http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Trust: 0.8
title:	OpenSSLの脆弱性に伴う弊社製品への影響について	url:	https://cs.cybozu.co.jp/2014/001064.html	Trust: 0.8
title:	株式会社インターネットイニシアティブの告知ページ	url:	http://www.seil.jp/support/security/140409.html	Trust: 0.8
title:	cisco-sa-20140409-heartbleed	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122496_ERP-Heartbleed-j.html	Trust: 0.8
title:	アラート/アドバイザリ: OpenSSL Heartbleed の脆弱性(CVE-2014-0160)について	url:	http://esupport.trendmicro.com/solution/ja-jp/1103090.aspx	Trust: 0.8
title:	HIRT-PUB14005：日立製品における OpenSSL 情報漏えいを許してしまう脆弱性(CVE-2014-0160) への対応について	url:	http://www.hitachi.co.jp/hirt/publications/hirt-pub14005/index.html	Trust: 0.8
title:	Systemwalker Desktop Patrol: OpenSSL の heartbeat 拡張に情報漏えいの脆弱性(CVE-2014-0160) (2014年5月8日)	url:	http://software.fujitsu.com/jp/security/products-fujitsu/solution/systemwalker_dtp201401.html	Trust: 0.8
title:	TA14-098A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta14-098a.html	Trust: 0.8
title:	The Register	url:	https://www.theregister.co.uk/2017/01/23/heartbleed_2017/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/	Trust: 0.2
title:	The Register	url:	https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/	Trust: 0.2
title:	Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e4799ab8fe4804274ba2db4d65cd867b	Trust: 0.1
title:	Debian Security Advisories: DSA-2896-1 openssl -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=264ec318be06a69e28012f62b2dc5bb7	Trust: 0.1
title:	Ubuntu Security Notice: openssl vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2165-1	Trust: 0.1
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2014-0160	Trust: 0.1
title:	exploits	url:	https://github.com/vs4vijay/exploits	Trust: 0.1
title:	VULNIX	url:	https://github.com/El-Palomo/VULNIX	Trust: 0.1
title:	openssl-heartbleed-fix	url:	https://github.com/sammyfung/openssl-heartbleed-fix	Trust: 0.1
title:	cve-2014-0160	url:	https://github.com/cved-sources/cve-2014-0160	Trust: 0.1
title:	heartbleed_check	url:	https://github.com/ehoffmann-cp/heartbleed_check	Trust: 0.1
title:	heartbleed	url:	https://github.com/okrutnik420/heartbleed	Trust: 0.1
title:	heartbleed-test.crx	url:	https://github.com/iwaffles/heartbleed-test.crx	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/te	Trust: 0.1
title:	AradSocket	url:	https://github.com/araditc/AradSocket	Trust: 0.1
title:	sslscan	url:	https://github.com/kaisenlinux/sslscan	Trust: 0.1
title:	Springboard_Capstone_Project	url:	https://github.com/jonahwinninghoff/Springboard_Capstone_Project	Trust: 0.1
title:	-	url:	https://github.com/MrE-Fog/heartbleeder	Trust: 0.1
title:	buffer_overflow_exploit	url:	https://github.com/olivamadrigal/buffer_overflow_exploit	Trust: 0.1
title:	-	url:	https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening	Trust: 0.1
title:	insecure_project	url:	https://github.com/turtlesec-no/insecure_project	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/ssl	Trust: 0.1
title:	-	url:	https://github.com/H4R335HR/heartbleed	Trust: 0.1
title:	nmap-scripts	url:	https://github.com/takeshixx/nmap-scripts	Trust: 0.1
title:	knockbleed	url:	https://github.com/siddolo/knockbleed	Trust: 0.1
title:	heartbleed-masstest	url:	https://github.com/musalbas/heartbleed-masstest	Trust: 0.1
title:	HeartBleedDotNet	url:	https://github.com/ShawInnes/HeartBleedDotNet	Trust: 0.1
title:	heartbleed_test_openvpn	url:	https://github.com/weisslj/heartbleed_test_openvpn	Trust: 0.1
title:	paraffin	url:	https://github.com/vmeurisse/paraffin	Trust: 0.1
title:	sslscan	url:	https://github.com/rbsec/sslscan	Trust: 0.1
title:	Heartbleed_Dockerfile_with_Nginx	url:	https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx	Trust: 0.1
title:	heartbleed-bug	url:	https://github.com/cldme/heartbleed-bug	Trust: 0.1
title:	-	url:	https://github.com/H4CK3RT3CH/awesome-web-hacking	Trust: 0.1
title:	Web-Hacking	url:	https://github.com/adm0i/Web-Hacking	Trust: 0.1
title:	cybersecurity-ethical-hacking	url:	https://github.com/paulveillard/cybersecurity-ethical-hacking	Trust: 0.1
title:	Lastest-Web-Hacking-Tools-vol-I	url:	https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I	Trust: 0.1
title:	HTBValentineWriteup	url:	https://github.com/zimmel15/HTBValentineWriteup	Trust: 0.1
title:	heartbleed-poc	url:	https://github.com/sensepost/heartbleed-poc	Trust: 0.1
title:	CVE-2014-0160	url:	https://github.com/0x90/CVE-2014-0160	Trust: 0.1
title:	Certified-Ethical-Hacker-Exam-CEH-v10	url:	https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10	Trust: 0.1
title:	cs558heartbleed	url:	https://github.com/gkaptch1/cs558heartbleed	Trust: 0.1
title:	HeartBleed	url:	https://github.com/archaic-magnon/HeartBleed	Trust: 0.1
title:	-	url:	https://github.com/undacmic/heartbleed-proof-of-concept	Trust: 0.1
title:	openvpn-jookk	url:	https://github.com/Jeypi04/openvpn-jookk	Trust: 0.1
title:	Heartbleed	url:	https://github.com/Saiprasad16/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/KickFootCode/LoveYouALL	Trust: 0.1
title:	-	url:	https://github.com/imesecan/LeakReducer-artifacts	Trust: 0.1
title:	-	url:	https://github.com/TVernet/Kali-Tools-liste-et-description	Trust: 0.1
title:	-	url:	https://github.com/k4u5h41/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/ronaldogdm/Heartbleed	Trust: 0.1
title:	-	url:	https://github.com/rochacbruno/my-awesome-stars	Trust: 0.1
title:	-	url:	https://github.com/asadhasan73/temp_comp_sec	Trust: 0.1
title:	-	url:	https://github.com/Aakaashzz/Heartbleed	Trust: 0.1
title:	tls-channel	url:	https://github.com/marianobarrios/tls-channel	Trust: 0.1
title:	fuzzx_cpp_demo	url:	https://github.com/guardstrikelab/fuzzx_cpp_demo	Trust: 0.1
title:	-	url:	https://github.com/Ppamo/recon_net_tools	Trust: 0.1
title:	heatbleeding	url:	https://github.com/idkqh7/heatbleeding	Trust: 0.1
title:	HeartBleed-Vulnerability-Checker	url:	https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker	Trust: 0.1
title:	heartbleed	url:	https://github.com/iSCInc/heartbleed	Trust: 0.1
title:	heartbleed-dtls	url:	https://github.com/hreese/heartbleed-dtls	Trust: 0.1
title:	heartbleedchecker	url:	https://github.com/roganartu/heartbleedchecker	Trust: 0.1
title:	nmap-heartbleed	url:	https://github.com/azet/nmap-heartbleed	Trust: 0.1
title:	sslscan	url:	https://github.com/delishen/sslscan	Trust: 0.1
title:	web-hacking	url:	https://github.com/hr-beast/web-hacking	Trust: 0.1
title:	-	url:	https://github.com/Miss-Brain/Web-Application-Security	Trust: 0.1
title:	web-hacking	url:	https://github.com/Hemanthraju02/web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/QWERTSKIHACK/awesome-web-hacking	Trust: 0.1
title:	-	url:	https://github.com/himera25/web-hacking-list	Trust: 0.1
title:	-	url:	https://github.com/dorota-fiit/bp-Heartbleed-defense-game	Trust: 0.1
title:	-	url:	https://github.com/Maheshmaske111/sslscan	Trust: 0.1
title:	Heart-bleed	url:	https://github.com/anonymouse327311/Heart-bleed	Trust: 0.1
title:	goScan	url:	https://github.com/stackviolator/goScan	Trust: 0.1
title:	sec-tool-list	url:	https://github.com/alphaSeclab/sec-tool-list	Trust: 0.1
title:	-	url:	https://github.com/utensil/awesome-stars-test	Trust: 0.1
title:	insecure-cplusplus-dojo	url:	https://github.com/patricia-gallardo/insecure-cplusplus-dojo	Trust: 0.1
title:	-	url:	https://github.com/jubalh/awesome-package-maintainer	Trust: 0.1
title:	-	url:	https://github.com/Elnatty/tryhackme_labs	Trust: 0.1
title:	-	url:	https://github.com/hzuiw33/OpenSSL	Trust: 0.1
title:	makeItBleed	url:	https://github.com/mcampa/makeItBleed	Trust: 0.1
title:	CVE-2014-0160-Chrome-Plugin	url:	https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin	Trust: 0.1
title:	heartbleedfixer.com	url:	https://github.com/reenhanced/heartbleedfixer.com	Trust: 0.1
title:	CVE-2014-0160-Scanner	url:	https://github.com/obayesshelton/CVE-2014-0160-Scanner	Trust: 0.1
title:	openmagic	url:	https://github.com/isgroup-srl/openmagic	Trust: 0.1
title:	heartbleeder	url:	https://github.com/titanous/heartbleeder	Trust: 0.1
title:	cardiac-arrest	url:	https://github.com/ah8r/cardiac-arrest	Trust: 0.1
title:	heartbleed_openvpn_poc	url:	https://github.com/tam7t/heartbleed_openvpn_poc	Trust: 0.1
title:	docker-wheezy-with-heartbleed	url:	https://github.com/simonswine/docker-wheezy-with-heartbleed	Trust: 0.1
title:	docker-testssl	url:	https://github.com/mbentley/docker-testssl	Trust: 0.1
title:	heartbleedscanner	url:	https://github.com/hybridus/heartbleedscanner	Trust: 0.1
title:	HeartLeak	url:	https://github.com/OffensivePython/HeartLeak	Trust: 0.1
title:	HBL	url:	https://github.com/ssc-oscar/HBL	Trust: 0.1
title:	awesome-stars	url:	https://github.com/utensil/awesome-stars	Trust: 0.1
title:	SecurityTesting_web-hacking	url:	https://github.com/mostakimur/SecurityTesting_web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/winterwolf32/awesome-web-hacking	Trust: 0.1
title:	awesome-web-hacking-1	url:	https://github.com/winterwolf32/awesome-web-hacking-1	Trust: 0.1
title:	-	url:	https://github.com/Mehedi-Babu/ethical_hacking_cyber	Trust: 0.1
title:	-	url:	https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/thanshurc/awesome-web-hacking	Trust: 0.1
title:	hack	url:	https://github.com/nvnpsplt/hack	Trust: 0.1
title:	awesome-web-hacking	url:	https://github.com/noname1007/awesome-web-hacking	Trust: 0.1
title:	-	url:	https://github.com/ImranTheThirdEye/awesome-web-hacking	Trust: 0.1
title:	web-hacking	url:	https://github.com/Ondrik8/web-hacking	Trust: 0.1
title:	CheckSSL-ciphersuite	url:	https://github.com/kal1gh0st/CheckSSL-ciphersuite	Trust: 0.1
title:	-	url:	https://github.com/undacmic/HeartBleed-Demo	Trust: 0.1
title:	-	url:	https://github.com/MrE-Fog/ssl-heartbleed.nse	Trust: 0.1
title:	welivesecurity	url:	https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/	Trust: 0.1

sources: VULMON: CVE-2014-0160 // JVNDB: JVNDB-2014-001920

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0160	Trust: 3.5
db:	USCERT	id:	TA14-098A	Trust: 1.9
db:	CERT/CC	id:	VU#720951	Trust: 1.9
db:	SECUNIA	id:	57721	Trust: 1.1
db:	SECUNIA	id:	59243	Trust: 1.1
db:	SECUNIA	id:	57836	Trust: 1.1
db:	SECUNIA	id:	57968	Trust: 1.1
db:	SECUNIA	id:	59347	Trust: 1.1
db:	SECUNIA	id:	57966	Trust: 1.1
db:	SECUNIA	id:	57483	Trust: 1.1
db:	SECUNIA	id:	57347	Trust: 1.1
db:	SECUNIA	id:	59139	Trust: 1.1
db:	SECTRACK	id:	1030079	Trust: 1.1
db:	SECTRACK	id:	1030074	Trust: 1.1
db:	SECTRACK	id:	1030081	Trust: 1.1
db:	SECTRACK	id:	1030080	Trust: 1.1
db:	SECTRACK	id:	1030026	Trust: 1.1
db:	SECTRACK	id:	1030077	Trust: 1.1
db:	SECTRACK	id:	1030082	Trust: 1.1
db:	SECTRACK	id:	1030078	Trust: 1.1
db:	BID	id:	66690	Trust: 1.1
db:	EXPLOIT-DB	id:	32745	Trust: 1.1
db:	EXPLOIT-DB	id:	32764	Trust: 1.1
db:	SIEMENS	id:	SSA-635659	Trust: 1.1
db:	ICS CERT	id:	ICSA-14-135-02	Trust: 0.9
db:	JVN	id:	JVNVU94401838	Trust: 0.8
db:	USCERT	id:	TA15-119A	Trust: 0.8
db:	ICS CERT	id:	ICSA-15-344-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-128-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-114-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-126-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-135-04	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-135-05	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-105-02A	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-105-03A	Trust: 0.8
db:	ICS CERT ALERT	id:	ICS-ALERT-14-099-01E	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001920	Trust: 0.8
db:	VULMON	id:	CVE-2014-0160	Trust: 0.1
db:	PACKETSTORM	id:	126053	Trust: 0.1
db:	PACKETSTORM	id:	126452	Trust: 0.1
db:	PACKETSTORM	id:	126498	Trust: 0.1
db:	PACKETSTORM	id:	126284	Trust: 0.1
db:	PACKETSTORM	id:	126460	Trust: 0.1
db:	PACKETSTORM	id:	126244	Trust: 0.1
db:	PACKETSTORM	id:	126516	Trust: 0.1
db:	PACKETSTORM	id:	126057	Trust: 0.1
db:	PACKETSTORM	id:	126705	Trust: 0.1
db:	PACKETSTORM	id:	126210	Trust: 0.1
db:	PACKETSTORM	id:	126164	Trust: 0.1
db:	PACKETSTORM	id:	126790	Trust: 0.1
db:	PACKETSTORM	id:	126186	Trust: 0.1
db:	PACKETSTORM	id:	126303	Trust: 0.1
db:	PACKETSTORM	id:	126451	Trust: 0.1
db:	PACKETSTORM	id:	127069	Trust: 0.1

sources: VULMON: CVE-2014-0160 // PACKETSTORM: 126053 // PACKETSTORM: 126452 // PACKETSTORM: 126498 // PACKETSTORM: 126284 // PACKETSTORM: 126460 // PACKETSTORM: 126244 // PACKETSTORM: 126516 // PACKETSTORM: 126057 // PACKETSTORM: 126705 // PACKETSTORM: 126210 // PACKETSTORM: 126164 // PACKETSTORM: 126790 // PACKETSTORM: 126186 // PACKETSTORM: 126303 // PACKETSTORM: 126451 // PACKETSTORM: 127069 // JVNDB: JVNDB-2014-001920 // NVD: CVE-2014-0160

REFERENCES

url:	http://heartbleed.com/	Trust: 1.9
url:	http://www.us-cert.gov/ncas/alerts/ta14-098a	Trust: 1.9
url:	https://code.google.com/p/mod-spdy/issues/detail?id=85	Trust: 1.9
url:	http://www.kb.cert.org/vuls/id/720951	Trust: 1.9
url:	https://www.cert.fi/en/reports/2014/vulnerability788210.html	Trust: 1.9
url:	http://advisories.mageia.org/mgasa-2014-0165.html	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0160	Trust: 1.6
url:	http://rhn.redhat.com/errata/rhsa-2014-0376.html	Trust: 1.2
url:	http://rhn.redhat.com/errata/rhsa-2014-0378.html	Trust: 1.2
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 1.2
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 1.2
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 1.2
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1084875	Trust: 1.1
url:	http://www.openssl.org/news/secadv_20140407.txt	Trust: 1.1
url:	http://www.securitytracker.com/id/1030078	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/109	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/190	Trust: 1.1
url:	https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-0396.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030082	Trust: 1.1
url:	http://secunia.com/advisories/57347	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139722163017074&w=2	Trust: 1.1
url:	http://www.securitytracker.com/id/1030077	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21670161	Trust: 1.1
url:	http://www.debian.org/security/2014/dsa-2896	Trust: 1.1
url:	http://rhn.redhat.com/errata/rhsa-2014-0377.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030080	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030074	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/90	Trust: 1.1
url:	http://www.securitytracker.com/id/1030081	Trust: 1.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/91	Trust: 1.1
url:	http://secunia.com/advisories/57483	Trust: 1.1
url:	http://www.splunk.com/view/sp-caaamb3	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html	Trust: 1.1
url:	http://www.securitytracker.com/id/1030079	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html	Trust: 1.1
url:	http://secunia.com/advisories/57721	Trust: 1.1
url:	http://www.blackberry.com/btsc/kb35882	Trust: 1.1
url:	http://www.securitytracker.com/id/1030026	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/66690	Trust: 1.1
url:	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/	Trust: 1.1
url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/	Trust: 1.1
url:	http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/	Trust: 1.1
url:	https://blog.torproject.org/blog/openssl-bug-cve-2014-0160	Trust: 1.1
url:	http://secunia.com/advisories/57966	Trust: 1.1
url:	http://www.f-secure.com/en/web/labs_global/fsc-2014-1	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/apr/173	Trust: 1.1
url:	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/	Trust: 1.1
url:	http://secunia.com/advisories/57968	Trust: 1.1
url:	http://www.exploit-db.com/exploits/32745	Trust: 1.1
url:	http://www.exploit-db.com/exploits/32764	Trust: 1.1
url:	http://secunia.com/advisories/57836	Trust: 1.1
url:	https://gist.github.com/chapmajs/10473815	Trust: 1.1
url:	http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/	Trust: 1.1
url:	http://cogentdatahub.com/releasenotes.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905458328378&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139869891830365&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139889113431619&w=2	Trust: 1.1
url:	http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1	Trust: 1.1
url:	http://www.kerio.com/support/kerio-control/release-history	Trust: 1.1
url:	http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3	Trust: 1.1
url:	https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result&javax.portlet.begcachetok=com.vignette.cachetoken&javax.portlet.endcachetok=com.vignette.cachetoken	Trust: 1.1
url:	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001843	Trust: 1.1
url:	https://filezilla-project.org/versions.php?type=server	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=isg400001841	Trust: 1.1
url:	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=141287864628122&w=2	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2014/dec/23	Trust: 1.1
url:	http://www.vmware.com/security/advisories/vmsa-2014-0012.html	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 1.1
url:	http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0	Trust: 1.1
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2015:062	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817727317190&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757726426985&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139758572430452&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905653828999&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139842151128341&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905405728262&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139833395230364&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139824993005633&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139843768401936&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905202427693&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139774054614965&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139889295732144&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139835815211508&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140724451518351&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139808058921905&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139836085512508&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139869720529462&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905868529690&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139765756720506&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140015787404650&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139824923705461&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757919027752&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139774703817488&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905243827825&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140075368411126&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905295427946&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139835844111589&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139757819327350&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817685517037&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139905351928096&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=139817782017443&w=2	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=140752315422991&w=2	Trust: 1.1
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00	Trust: 1.1
url:	http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661	Trust: 1.1
url:	http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf	Trust: 1.1
url:	http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf	Trust: 1.1
url:	http://secunia.com/advisories/59347	Trust: 1.1
url:	http://secunia.com/advisories/59243	Trust: 1.1
url:	http://secunia.com/advisories/59139	Trust: 1.1
url:	http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html	Trust: 1.1
url:	http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01	Trust: 1.1
url:	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html	Trust: 1.1
url:	http://support.citrix.com/article/ctx140605	Trust: 1.1
url:	http://www.ubuntu.com/usn/usn-2165-1	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/534161/100/0/threaded	Trust: 1.1
url:	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008	Trust: 1.1
url:	https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf	Trust: 1.1
url:	https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd	Trust: 1.1
url:	http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3	Trust: 1.1
url:	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e	Trust: 1.1
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2014-0160	Trust: 1.0
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-02	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160	Trust: 0.9
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-04	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-135-05	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-03a	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-02a	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-114-01	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-126-01	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-128-01	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-344-01	Trust: 0.8
url:	https://ics-cert.us-cert.gov/alerts/ics-alert-14-099-01e	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140408-openssl.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140013.html	Trust: 0.8
url:	http://jvn.jp/ta/jvnta99041988/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94401838/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0160	Trust: 0.8
url:	https://www.us-cert.gov/ncas/alerts/ta15-119a	Trust: 0.8
url:	http://www.cente.jp/article/release/483.html	Trust: 0.8
url:	http://www.aratana.jp/security/detail.php?id=8	Trust: 0.8
url:	https://tools.ietf.org/html/rfc6520	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf	Trust: 0.8
url:	http://support.openview.hp.com/downloads.jsp	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://www.redhat.com/security/data/cve/cve-2014-0160.html	Trust: 0.2
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.2
url:	https://access.redhat.com/site/articles/11258	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n	Trust: 0.2
url:	http://www8.h	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	http://seclists.org/fulldisclosure/2019/jan/42	Trust: 0.1
url:	https://www.debian.org/security/./dsa-2896	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/	Trust: 0.1
url:	https://usn.ubuntu.com/2165-1/	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/km00843314/binary/sa_alert_	Trust: 0.1
url:	http://support.openview.hp.com/selfsolve/document/lid/srva_00174	Trust: 0.1
url:	http://www8.hp.com/us/en/software-so	Trust: 0.1
url:	http://h20565.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail	Trust: 0.1
url:	http://www.hp.com/go/oa	Trust: 0.1
url:	https://access.redhat.com/site/documentation/en-us/red_hat_enterprise_linux	Trust: 0.1
url:	https://access.redhat.com/site/documentation/en-us/red_hat_enterprise_linux/6/html/hypervisor_deployment_guide/chap-deployment_guide-upgrading_red_hat_enterprise_virtualization_hypervisors.html	Trust: 0.1
url:	https://support.ca.com/	Trust: 0.1
url:	https://www.ca.com	Trust: 0.1
url:	https://support.ca.com/irj/portal/anonymous/phpsbpldgpg	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/p	Trust: 0.1
url:	http://h18013.www1.hp.com/products/servers/management/agents/index.html	Trust: 0.1
url:	https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber	Trust: 0.1
url:	https://w	Trust: 0.1
url:	http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetai	Trust: 0.1
url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7295	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-7295	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	http://advisories.mageia.org/mgasa-2014-0059.html	Trust: 0.1
url:	http://advisories.mageia.org/mgasa-2014-0256.html	Trust: 0.1

CREDITS

Trust: 1.2

sources: PACKETSTORM: 126452 // PACKETSTORM: 126498 // PACKETSTORM: 126284 // PACKETSTORM: 126460 // PACKETSTORM: 126244 // PACKETSTORM: 126516 // PACKETSTORM: 126210 // PACKETSTORM: 126164 // PACKETSTORM: 126790 // PACKETSTORM: 126186 // PACKETSTORM: 126303 // PACKETSTORM: 126451

SOURCES

db:	VULMON	id:	CVE-2014-0160
db:	PACKETSTORM	id:	126053
db:	PACKETSTORM	id:	126452
db:	PACKETSTORM	id:	126498
db:	PACKETSTORM	id:	126284
db:	PACKETSTORM	id:	126460
db:	PACKETSTORM	id:	126244
db:	PACKETSTORM	id:	126516
db:	PACKETSTORM	id:	126057
db:	PACKETSTORM	id:	126705
db:	PACKETSTORM	id:	126210
db:	PACKETSTORM	id:	126164
db:	PACKETSTORM	id:	126790
db:	PACKETSTORM	id:	126186
db:	PACKETSTORM	id:	126303
db:	PACKETSTORM	id:	126451
db:	PACKETSTORM	id:	127069
db:	JVNDB	id:	JVNDB-2014-001920
db:	NVD	id:	CVE-2014-0160

LAST UPDATE DATE

2026-02-07T19:48:24.121000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2014-0160	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001920	date:	2015-12-22T00:00:00
db:	NVD	id:	CVE-2014-0160	date:	2025-10-22T01:15:53.233

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2014-0160	date:	2014-04-07T00:00:00
db:	PACKETSTORM	id:	126053	date:	2014-04-08T21:22:00
db:	PACKETSTORM	id:	126452	date:	2014-05-03T02:05:11
db:	PACKETSTORM	id:	126498	date:	2014-05-06T00:18:04
db:	PACKETSTORM	id:	126284	date:	2014-04-23T21:25:00
db:	PACKETSTORM	id:	126460	date:	2014-05-03T02:17:44
db:	PACKETSTORM	id:	126244	date:	2014-04-21T20:03:21
db:	PACKETSTORM	id:	126516	date:	2014-05-06T20:32:13
db:	PACKETSTORM	id:	126057	date:	2014-04-08T21:22:25
db:	PACKETSTORM	id:	126705	date:	2014-05-19T04:30:01
db:	PACKETSTORM	id:	126210	date:	2014-04-17T22:05:20
db:	PACKETSTORM	id:	126164	date:	2014-04-15T23:01:44
db:	PACKETSTORM	id:	126790	date:	2014-05-24T13:22:00
db:	PACKETSTORM	id:	126186	date:	2014-04-16T20:43:08
db:	PACKETSTORM	id:	126303	date:	2014-04-24T22:20:36
db:	PACKETSTORM	id:	126451	date:	2014-05-02T23:55:55
db:	PACKETSTORM	id:	127069	date:	2014-06-12T13:43:49
db:	JVNDB	id:	JVNDB-2014-001920	date:	2014-04-08T00:00:00
db:	NVD	id:	CVE-2014-0160	date:	2014-04-07T22:55:03.893