- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-201404-07
(OpenSSL: Information Disclosure)
Multiple vulnerabilities have been found in OpenSSL:
OpenSSL incorrectly handles memory in the TLS heartbeat extension,
leading to information disclosure of 64kb per request, possibly
including private keys (“Heartbleed bug”, OpenSSL 1.0.1 only,
CVE-2014-0160).
The Montgomery ladder implementation of OpenSSL improperly handles
swap operations (CVE-2014-0076).
Impact :
A remote attacker could exploit these issues to disclose information,
including private keys or other sensitive information, or perform
side-channel attacks to obtain ECDSA nonces.
Workaround :
Disabling the tls-heartbeat USE flag (enabled by default) provides a
workaround for the CVE-2014-0160 issue.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top