Summary
OpenSSL is prone to an information disclosure vulnerability.
Impact
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
Solution
Updates are available.
Insight
The TLS and DTLS implementations do not properly handle Heartbeat Extension packets.
Affected
OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and 1.0.1 are vulnerable.
Detection
Send a special crafted TLS request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0160 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)
- Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
- Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)