CVE-2014-0160
KEV
🔴 Łataj teraz
Błąd w OpenSSL umożliwia zdalne pozyskanie wrażliwych danych z pamięci.
CVSS
7.5
EPSS
94.5%
Exploit
weaponized
Vendor
mitel
Opis źródłowy (NVD)
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 94.5% |
| Opublikowano (NVD) | 2014-04-07 22:55:03 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 20:07:16 UTC |
Referencje
- http://advisories.mageia.org/MGASA-2014-0165.html (secalert@redhat.com) [Third Party Advisory]
- http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ (secalert@redhat.com) [Issue Tracking, Third Party Advisory]
- http://cogentdatahub.com/ReleaseNotes.html (secalert@redhat.com) [Release Notes]
- http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 (secalert@redhat.com) [Broken Link]
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3 (secalert@redhat.com) [Broken Link]
- http://heartbleed.com/ (secalert@redhat.com) [Third Party Advisory]
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139722163017074&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139757726426985&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139757819327350&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139757919027752&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139758572430452&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139765756720506&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139774054614965&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139774703817488&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139808058921905&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139817685517037&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139817727317190&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139817782017443&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139824923705461&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139824993005633&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139833395230364&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139835815211508&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139835844111589&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139836085512508&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139842151128341&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139843768401936&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139869720529462&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139869891830365&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139889113431619&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139889295732144&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139905202427693&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139905243827825&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139905295427946&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139905351928096&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139905405728262&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139905458328378&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139905653828999&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=139905868529690&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=140015787404650&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=140075368411126&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=140724451518351&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=140752315422991&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=141287864628122&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=142660345230545&w=2 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1 (secalert@redhat.com) [Third Party Advisory]
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3 (secalert@redhat.com) [Permissions Required, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2014-0376.html (secalert@redhat.com) [Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2014-0377.html (secalert@redhat.com) [Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2014-0378.html (secalert@redhat.com) [Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2014-0396.html (secalert@redhat.com) [Third Party Advisory]
- http://seclists.org/fulldisclosure/2014/Apr/109 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://seclists.org/fulldisclosure/2014/Apr/173 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://seclists.org/fulldisclosure/2014/Apr/190 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://seclists.org/fulldisclosure/2014/Apr/90 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://seclists.org/fulldisclosure/2014/Apr/91 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://seclists.org/fulldisclosure/2014/Dec/23 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://secunia.com/advisories/57347 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://secunia.com/advisories/57483 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://secunia.com/advisories/57721 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://secunia.com/advisories/57836 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://secunia.com/advisories/57966 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://secunia.com/advisories/57968 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://secunia.com/advisories/59139 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://secunia.com/advisories/59243 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://secunia.com/advisories/59347 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://support.citrix.com/article/CTX140605 (secalert@redhat.com) [Third Party Advisory]
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed (secalert@redhat.com) [Third Party Advisory]
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841 (secalert@redhat.com) [Third Party Advisory]
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843 (secalert@redhat.com) [Third Party Advisory]
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 (secalert@redhat.com) [Third Party Advisory]
- http://www-01.ibm.com/support/docview.wss?uid=swg21670161 (secalert@redhat.com) [Broken Link]
- http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://www.blackberry.com/btsc/KB35882 (secalert@redhat.com) [Broken Link]
- http://www.debian.org/security/2014/dsa-2896 (secalert@redhat.com) [Mailing List, Third Party Advisory]
- http://www.exploit-db.com/exploits/32745 (secalert@redhat.com) [Exploit, Third Party Advisory, VDB Entry]
- http://www.exploit-db.com/exploits/32764 (secalert@redhat.com) [Exploit, Third Party Advisory, VDB Entry]
- http://www.f-secure.com/en/web/labs_global/fsc-2014-1 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ (secalert@redhat.com) [Release Notes]
- http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/ (secalert@redhat.com) [Third Party Advisory]
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ (secalert@redhat.com) [Release Notes]
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ (secalert@redhat.com) [Release Notes]
- http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf (secalert@redhat.com) [Not Applicable]
- http://www.kb.cert.org/vuls/id/720951 (secalert@redhat.com) [Third Party Advisory, US Government Resource]
- http://www.kerio.com/support/kerio-control/release-history (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 (secalert@redhat.com) [Broken Link, Third Party Advisory]
- http://www.openssl.org/news/secadv_20140407.txt (secalert@redhat.com) [Broken Link, Vendor Advisory]
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html (secalert@redhat.com) [Patch, Third Party Advisory]
- http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html (secalert@redhat.com) [Patch, Third Party Advisory]
- http://www.securityfocus.com/archive/1/534161/100/0/threaded (secalert@redhat.com) [Broken Link, Not Applicable, Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/bid/66690 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1030026 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1030074 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1030077 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1030078 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1030079 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1030080 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1030081 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1030082 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.splunk.com/view/SP-CAAAMB3 (secalert@redhat.com) [Third Party Advisory]
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 (secalert@redhat.com) [Third Party Advisory]
- http://www.ubuntu.com/usn/USN-2165-1 (secalert@redhat.com) [Third Party Advisory]
- http://www.us-cert.gov/ncas/alerts/TA14-098A (secalert@redhat.com) [Third Party Advisory, US Government Resource]
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html (secalert@redhat.com) [Broken Link]
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 (secalert@redhat.com) [Broken Link]
- https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 (secalert@redhat.com) [Issue Tracking]
- https://bugzilla.redhat.com/show_bug.cgi?id=1084875 (secalert@redhat.com) [Issue Tracking, Third Party Advisory]
- https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf (secalert@redhat.com) [Third Party Advisory]
- https://code.google.com/p/mod-spdy/issues/detail?id=85 (secalert@redhat.com) [Issue Tracking]
- https://filezilla-project.org/versions.php?type=server (secalert@redhat.com) [Release Notes]
- https://gist.github.com/chapmajs/10473815 (secalert@redhat.com) [Exploit]
- https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken (secalert@redhat.com) [Broken Link]
- https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E (secalert@redhat.com) [Mailing List, Patch, Third Party Advisory]
- https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E (secalert@redhat.com) [Mailing List, Patch, Third Party Advisory]
- https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E (secalert@redhat.com) [Mailing List, Patch, Third Party Advisory]
- https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E (secalert@redhat.com) [Mailing List, Patch, Third Party Advisory]
- https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html (secalert@redhat.com) [Mailing List, Third Party Advisory]
- https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html (secalert@redhat.com) [Exploit, Permissions Required, Third Party Advisory]
- https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html (secalert@redhat.com) [Third Party Advisory]
- https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217 (secalert@redhat.com) [Third Party Advisory]
- https://www.cert.fi/en/reports/2014/vulnerability788210.html (secalert@redhat.com) [Not Applicable, Third Party Advisory]
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 (secalert@redhat.com) [Third Party Advisory]
- https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd (secalert@redhat.com) [Broken Link, Exploit, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0160 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]