Summary
OpenSSL is prone to an information disclosure vulnerability.
Impact
An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.
Solution
Updates are available.
Insight
The TLS and DTLS implementations do not properly handle Heartbeat Extension packets.
Affected
OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and 1.0.1 are vulnerable.
Detection
Send a special crafted TLS request and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-0160 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Aardvark Topsites Multiple Vulnerabilities
- Apple Remote Desktop Information Disclosure Vulnerability