gsd-2014-0160
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Aliases
Aliases
{ GSD: { alias: "CVE-2014-0160", description: "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.", id: "GSD-2014-0160", references: [ "https://www.suse.com/security/cve/CVE-2014-0160.html", "https://www.debian.org/security/2014/dsa-2896", "https://access.redhat.com/errata/RHSA-2014:0416", "https://access.redhat.com/errata/RHSA-2014:0396", "https://access.redhat.com/errata/RHSA-2014:0378", "https://access.redhat.com/errata/RHSA-2014:0377", "https://access.redhat.com/errata/RHSA-2014:0376", "https://advisories.mageia.org/CVE-2014-0160.html", "https://alas.aws.amazon.com/cve/html/CVE-2014-0160.html", "https://linux.oracle.com/cve/CVE-2014-0160.html", "https://packetstormsecurity.com/files/cve/CVE-2014-0160", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2014-0160", ], details: "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.", id: "GSD-2014-0160", modified: "2023-12-13T01:22:44.361013Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2014-0160", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", }, { name: "1030077", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030077", }, { name: "20140408 heartbleed OpenSSL bug CVE-2014-0160", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Apr/90", }, { name: "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", refsource: "CONFIRM", url: "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", }, { name: "DSA-2896", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-2896", }, { name: "HPSBGN03008", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139774054614965&w=2", }, { name: "HPSBMU03024", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139889113431619&w=2", }, { name: "RHSA-2014:0396", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0396.html", }, { name: "HPSBHF03021", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139835815211508&w=2", }, { name: "HPSBHF03136", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=141287864628122&w=2", }, { name: "VU#720951", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/720951", }, { name: "http://www.splunk.com/view/SP-CAAAMB3", refsource: "CONFIRM", url: "http://www.splunk.com/view/SP-CAAAMB3", }, { name: "HPSBMU03033", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139905295427946&w=2", }, { name: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", refsource: "CONFIRM", url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { name: "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", refsource: "CONFIRM", url: "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", }, { name: "HPSBGN03011", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139833395230364&w=2", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", }, { name: "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", refsource: "CONFIRM", url: "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", }, { name: "openSUSE-SU-2014:0492", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", }, { name: "SSRT101846", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2", }, { name: "20140409 Re: heartbleed OpenSSL bug CVE-2014-0160", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Apr/109", }, { name: "HPSBMU03037", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=140724451518351&w=2", }, { name: "1030080", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030080", }, { name: "57836", refsource: "SECUNIA", url: "http://secunia.com/advisories/57836", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", }, { name: "HPSBMU03012", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139808058921905&w=2", }, { name: "HPSBST03001", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139758572430452&w=2", }, { name: "66690", refsource: "BID", url: "http://www.securityfocus.com/bid/66690", }, { name: "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", refsource: "CONFIRM", url: "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", }, { name: "https://filezilla-project.org/versions.php?type=server", refsource: "CONFIRM", url: "https://filezilla-project.org/versions.php?type=server", }, { name: "HPSBMU03023", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139843768401936&w=2", }, { name: "57483", refsource: "SECUNIA", url: "http://secunia.com/advisories/57483", }, { name: "20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed", }, { name: "http://www.kerio.com/support/kerio-control/release-history", refsource: "CONFIRM", url: "http://www.kerio.com/support/kerio-control/release-history", }, { name: "http://advisories.mageia.org/MGASA-2014-0165.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0165.html", }, { name: "http://www.blackberry.com/btsc/KB35882", refsource: "CONFIRM", url: "http://www.blackberry.com/btsc/KB35882", }, { name: "HPSBHF03293", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2", }, { name: "HPSBMU03044", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=140075368411126&w=2", }, { name: "HPSBMU03030", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139905351928096&w=2", }, { name: "1030081", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030081", }, { name: "FEDORA-2014-4879", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html", }, { name: "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/534161/100/0/threaded", }, { name: "FEDORA-2014-4910", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", }, { name: "FEDORA-2014-9308", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", }, { name: "HPSBMU03013", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139824993005633&w=2", }, { name: "1030079", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030079", }, { name: "RHSA-2014:0377", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0377.html", }, { name: "HPSBMU02995", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139722163017074&w=2", }, { name: "HPSBPI03031", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139889295732144&w=2", }, { name: "https://code.google.com/p/mod-spdy/issues/detail?id=85", refsource: "CONFIRM", url: "https://code.google.com/p/mod-spdy/issues/detail?id=85", }, { name: "HPSBMU02999", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139765756720506&w=2", }, { name: "HPSBGN03010", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139774703817488&w=2", }, { name: "HPSBMU03029", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139905202427693&w=2", }, { name: "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", refsource: "CONFIRM", url: "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", }, { name: "http://heartbleed.com/", refsource: "MISC", url: "http://heartbleed.com/", }, { name: "HPSBMU03018", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139817782017443&w=2", }, { name: "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", refsource: "CONFIRM", url: "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", }, { name: "HPSBMU03040", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=140015787404650&w=2", }, { name: "http://cogentdatahub.com/ReleaseNotes.html", refsource: "CONFIRM", url: "http://cogentdatahub.com/ReleaseNotes.html", }, { name: "HPSBMU03025", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139869720529462&w=2", }, { name: "HPSBST03016", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139842151128341&w=2", }, { name: "HPSBMU03028", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139905243827825&w=2", }, { name: "HPSBMU03009", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139905458328378&w=2", }, { name: "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", refsource: "CONFIRM", url: "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", }, { name: "TA14-098A", refsource: "CERT", url: "http://www.us-cert.gov/ncas/alerts/TA14-098A", }, { name: "57347", refsource: "SECUNIA", url: "http://secunia.com/advisories/57347", }, { name: "[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released", refsource: "MLIST", url: "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html", }, { name: "20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Apr/173", }, { name: "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", refsource: "MISC", url: "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", }, { name: "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", }, { name: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", }, { name: "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", refsource: "CONFIRM", url: "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", }, { name: "HPSBST03000", refsource: "HP", url: "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken", }, { name: "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Dec/23", }, { name: "HPSBST03004", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139905653828999&w=2", }, { name: "USN-2165-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2165-1", }, { name: "RHSA-2014:0378", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0378.html", }, { name: "HPSBMU02997", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139757919027752&w=2", }, { name: "SUSE-SA:2014:002", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html", }, { name: "32764", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/32764", }, { name: "HPSBMU02994", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139757726426985&w=2", }, { name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", refsource: "CONFIRM", url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", }, { name: "HPSBMU03022", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139869891830365&w=2", }, { name: "HPSBST03027", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139905868529690&w=2", }, { name: "HPSBMU03019", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139817685517037&w=2", }, { name: "HPSBMU03062", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=140752315422991&w=2", }, { name: "20140408 Re: heartbleed OpenSSL bug CVE-2014-0160", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Apr/91", }, { name: "1030078", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030078", }, { name: "59243", refsource: "SECUNIA", url: "http://secunia.com/advisories/59243", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", }, { name: "HPSBMU03020", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139836085512508&w=2", }, { name: "HPSBST03015", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139824923705461&w=2", }, { name: "RHSA-2014:0376", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-0376.html", }, { name: "HPSBPI03014", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139835844111589&w=2", }, { name: "MDVSA-2015:062", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", }, { name: "https://www.cert.fi/en/reports/2014/vulnerability788210.html", refsource: "MISC", url: "https://www.cert.fi/en/reports/2014/vulnerability788210.html", }, { name: "57721", refsource: "SECUNIA", url: "http://secunia.com/advisories/57721", }, { name: "57968", refsource: "SECUNIA", url: "http://secunia.com/advisories/57968", }, { name: "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", refsource: "MISC", url: "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", }, { name: "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", refsource: "CONFIRM", url: "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", }, { name: "openSUSE-SU-2014:0560", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html", }, { name: "HPSBMU03032", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139905405728262&w=2", }, { name: "1030082", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030082", }, { name: "HPSBMU02998", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139757819327350&w=2", }, { name: "32745", refsource: "EXPLOIT-DB", url: "http://www.exploit-db.com/exploits/32745", }, { name: "20140412 Re: heartbleed OpenSSL bug CVE-2014-0160", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2014/Apr/190", }, { name: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", refsource: "CONFIRM", url: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", }, { name: "HPSBMU03017", refsource: "HP", url: "http://marc.info/?l=bugtraq&m=139817727317190&w=2", }, { name: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", refsource: "CONFIRM", url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", }, { name: "http://www.openssl.org/news/secadv_20140407.txt", refsource: "CONFIRM", url: "http://www.openssl.org/news/secadv_20140407.txt", }, { name: "https://gist.github.com/chapmajs/10473815", refsource: "MISC", url: "https://gist.github.com/chapmajs/10473815", }, { name: "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", refsource: "CONFIRM", url: "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", }, { name: "1030074", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030074", }, { name: "http://support.citrix.com/article/CTX140605", refsource: "CONFIRM", url: "http://support.citrix.com/article/CTX140605", }, { name: "59139", refsource: "SECUNIA", url: "http://secunia.com/advisories/59139", }, { name: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", refsource: "CONFIRM", url: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", }, { name: "57966", refsource: "SECUNIA", url: "http://secunia.com/advisories/57966", }, { name: "1030026", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1030026", }, { name: "59347", refsource: "SECUNIA", url: "http://secunia.com/advisories/59347", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E", }, { name: "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html", refsource: "MISC", url: "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E", }, { name: "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd", refsource: "MISC", url: "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.0.1g", versionStartIncluding: "1.0.1", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "0.9.44", vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "8.3.3", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:ricon:s9922l_firmware:16.10.3\\(3794\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:ricon:s9922l:1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2014-0160", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-125", }, ], }, ], }, references: { reference_data: [ { name: "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", refsource: "CONFIRM", tags: [ "Patch", "Vendor Advisory", ], url: "http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", refsource: "CONFIRM", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1084875", }, { name: "http://www.openssl.org/news/secadv_20140407.txt", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://www.openssl.org/news/secadv_20140407.txt", }, { name: "http://heartbleed.com/", refsource: "MISC", tags: [ "Third Party Advisory", ], url: "http://heartbleed.com/", }, { name: "1030078", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030078", }, { name: "20140409 Re: heartbleed OpenSSL bug CVE-2014-0160", refsource: "FULLDISC", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Apr/109", }, { name: "20140412 Re: heartbleed OpenSSL bug CVE-2014-0160", refsource: "FULLDISC", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Apr/190", }, { name: "[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released", refsource: "MLIST", tags: [ "Third Party Advisory", ], url: "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html", }, { name: "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html", }, { name: "RHSA-2014:0376", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0376.html", }, { name: "RHSA-2014:0396", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0396.html", }, { name: "1030082", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030082", }, { name: "57347", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/57347", }, { name: "HPSBMU02995", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139722163017074&w=2", }, { name: "1030077", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030077", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", refsource: "CONFIRM", tags: [ "Broken Link", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21670161", }, { name: "DSA-2896", refsource: "DEBIAN", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2896", }, { name: "RHSA-2014:0377", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0377.html", }, { name: "1030080", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030080", }, { name: "FEDORA-2014-4879", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html", }, { name: "1030074", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030074", }, { name: "20140408 heartbleed OpenSSL bug CVE-2014-0160", refsource: "FULLDISC", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Apr/90", }, { name: "1030081", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030081", }, { name: "20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products", refsource: "CISCO", tags: [ "Third Party Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed", }, { name: "RHSA-2014:0378", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0378.html", }, { name: "20140408 Re: heartbleed OpenSSL bug CVE-2014-0160", refsource: "FULLDISC", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Apr/91", }, { name: "57483", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/57483", }, { name: "http://www.splunk.com/view/SP-CAAAMB3", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.splunk.com/view/SP-CAAAMB3", }, { name: "FEDORA-2014-4910", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html", }, { name: "1030079", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030079", }, { name: "openSUSE-SU-2014:0492", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html", }, { name: "57721", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/57721", }, { name: "http://www.blackberry.com/btsc/KB35882", refsource: "CONFIRM", tags: [ "Broken Link", ], url: "http://www.blackberry.com/btsc/KB35882", }, { name: "1030026", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1030026", }, { name: "SUSE-SA:2014:002", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html", }, { name: "66690", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/66690", }, { name: "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", }, { name: "TA14-098A", refsource: "CERT", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/ncas/alerts/TA14-098A", }, { name: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", }, { name: "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", refsource: "MISC", tags: [ "Third Party Advisory", ], url: "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/", }, { name: "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", refsource: "MISC", tags: [ "Third Party Advisory", ], url: "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160", }, { name: "57966", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/57966", }, { name: "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.f-secure.com/en/web/labs_global/fsc-2014-1", }, { name: "20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL", refsource: "FULLDISC", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Apr/173", }, { name: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", }, { name: "57968", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/57968", }, { name: "https://code.google.com/p/mod-spdy/issues/detail?id=85", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://code.google.com/p/mod-spdy/issues/detail?id=85", }, { name: "32745", refsource: "EXPLOIT-DB", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/32745", }, { name: "VU#720951", refsource: "CERT-VN", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/720951", }, { name: "https://www.cert.fi/en/reports/2014/vulnerability788210.html", refsource: "MISC", tags: [ "Third Party Advisory", ], url: "https://www.cert.fi/en/reports/2014/vulnerability788210.html", }, { name: "32764", refsource: "EXPLOIT-DB", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/32764", }, { name: "57836", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/57836", }, { name: "https://gist.github.com/chapmajs/10473815", refsource: "MISC", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/chapmajs/10473815", }, { name: "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/", }, { name: "http://cogentdatahub.com/ReleaseNotes.html", refsource: "CONFIRM", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://cogentdatahub.com/ReleaseNotes.html", }, { name: "HPSBMU03009", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139905458328378&w=2", }, { name: "HPSBMU03022", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139869891830365&w=2", }, { name: "HPSBMU03024", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139889113431619&w=2", }, { name: "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1", }, { name: "http://www.kerio.com/support/kerio-control/release-history", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.kerio.com/support/kerio-control/release-history", }, { name: "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3", }, { name: "http://advisories.mageia.org/MGASA-2014-0165.html", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2014-0165.html", }, { name: "HPSBST03000", refsource: "HP", tags: [ "Broken Link", ], url: "https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken", }, { name: "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", }, { name: "https://filezilla-project.org/versions.php?type=server", refsource: "CONFIRM", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://filezilla-project.org/versions.php?type=server", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", }, { name: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217", }, { name: "HPSBHF03136", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=141287864628122&w=2", }, { name: "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", refsource: "FULLDISC", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2014/Dec/23", }, { name: "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", refsource: "CONFIRM", tags: [ "Not Applicable", ], url: "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", }, { name: "SSRT101846", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=142660345230545&w=2", }, { name: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", refsource: "CONFIRM", tags: [ "Not Applicable", ], url: "http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0", }, { name: "MDVSA-2015:062", refsource: "MANDRIVA", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062", }, { name: "HPSBMU03017", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139817727317190&w=2", }, { name: "HPSBMU02994", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139757726426985&w=2", }, { name: "HPSBST03001", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139758572430452&w=2", }, { name: "HPSBST03004", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139905653828999&w=2", }, { name: "HPSBST03016", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139842151128341&w=2", }, { name: "HPSBMU03032", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139905405728262&w=2", }, { name: "HPSBGN03011", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139833395230364&w=2", }, { name: "HPSBMU03013", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139824993005633&w=2", }, { name: "HPSBMU03023", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139843768401936&w=2", }, { name: "HPSBMU03029", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139905202427693&w=2", }, { name: "HPSBGN03008", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139774054614965&w=2", }, { name: "HPSBPI03031", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139889295732144&w=2", }, { name: "HPSBHF03021", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139835815211508&w=2", }, { name: "HPSBMU03037", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140724451518351&w=2", }, { name: "HPSBMU03012", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139808058921905&w=2", }, { name: "HPSBMU03020", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139836085512508&w=2", }, { name: "HPSBMU03025", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139869720529462&w=2", }, { name: "HPSBST03027", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139905868529690&w=2", }, { name: "HPSBMU02999", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139765756720506&w=2", }, { name: "HPSBMU03040", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140015787404650&w=2", }, { name: "HPSBST03015", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139824923705461&w=2", }, { name: "HPSBMU02997", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139757919027752&w=2", }, { name: "HPSBGN03010", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139774703817488&w=2", }, { name: "HPSBMU03028", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139905243827825&w=2", }, { name: "HPSBMU03044", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140075368411126&w=2", }, { name: "HPSBMU03033", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139905295427946&w=2", }, { name: "HPSBPI03014", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139835844111589&w=2", }, { name: "HPSBMU02998", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139757819327350&w=2", }, { name: "HPSBMU03019", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139817685517037&w=2", }, { name: "HPSBMU03030", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139905351928096&w=2", }, { name: "HPSBMU03018", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139817782017443&w=2", }, { name: "HPSBMU03062", refsource: "HP", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=140752315422991&w=2", }, { name: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661", }, { name: "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", refsource: "CONFIRM", tags: [ "Not Applicable", ], url: "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf", }, { name: "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf", }, { name: "59347", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/59347", }, { name: "59243", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/59243", }, { name: "59139", refsource: "SECUNIA", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/59139", }, { name: "FEDORA-2014-9308", refsource: "FEDORA", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html", }, { name: "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", refsource: "CONFIRM", tags: [ "Broken Link", ], url: "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01", }, { name: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html", }, { name: "http://support.citrix.com/article/CTX140605", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://support.citrix.com/article/CTX140605", }, { name: "USN-2165-1", refsource: "UBUNTU", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2165-1", }, { name: "openSUSE-SU-2014:0560", refsource: "SUSE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html", }, { name: "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", refsource: "BUGTRAQ", tags: [ "Not Applicable", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/534161/100/0/threaded", }, { name: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", refsource: "MLIST", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", refsource: "MLIST", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E", }, { name: "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html", refsource: "MISC", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/", refsource: "MLIST", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/", refsource: "MLIST", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E", }, { name: "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd", refsource: "MISC", tags: [ "Exploit", "Third Party Advisory", ], url: "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, }, }, lastModifiedDate: "2023-02-10T16:58Z", publishedDate: "2014-04-07T22:55Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.