CVE-2014-0160

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

References

http://advisories.mageia.org/MGASA-2014-0165.html

http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

http://cogentdatahub.com/ReleaseNotes.html

http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

http://heartbleed.com/

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

http://marc.info/?l=bugtraq&m=139722163017074&w=2

http://marc.info/?l=bugtraq&m=139757726426985&w=2

http://marc.info/?l=bugtraq&m=139757819327350&w=2

http://marc.info/?l=bugtraq&m=139757919027752&w=2

http://marc.info/?l=bugtraq&m=139758572430452&w=2

http://marc.info/?l=bugtraq&m=139765756720506&w=2

http://marc.info/?l=bugtraq&m=139774054614965&w=2

http://marc.info/?l=bugtraq&m=139774703817488&w=2

http://marc.info/?l=bugtraq&m=139808058921905&w=2

http://marc.info/?l=bugtraq&m=139817685517037&w=2

http://marc.info/?l=bugtraq&m=139817727317190&w=2

http://marc.info/?l=bugtraq&m=139817782017443&w=2

http://marc.info/?l=bugtraq&m=139824923705461&w=2

http://marc.info/?l=bugtraq&m=139824993005633&w=2

http://marc.info/?l=bugtraq&m=139833395230364&w=2

http://marc.info/?l=bugtraq&m=139835815211508&w=2

http://marc.info/?l=bugtraq&m=139835844111589&w=2

http://marc.info/?l=bugtraq&m=139836085512508&w=2

http://marc.info/?l=bugtraq&m=139842151128341&w=2

http://marc.info/?l=bugtraq&m=139843768401936&w=2

http://marc.info/?l=bugtraq&m=139869720529462&w=2

http://marc.info/?l=bugtraq&m=139869891830365&w=2

http://marc.info/?l=bugtraq&m=139889113431619&w=2

http://marc.info/?l=bugtraq&m=139889295732144&w=2

http://marc.info/?l=bugtraq&m=139905202427693&w=2

http://marc.info/?l=bugtraq&m=139905243827825&w=2

http://marc.info/?l=bugtraq&m=139905295427946&w=2

http://marc.info/?l=bugtraq&m=139905351928096&w=2

http://marc.info/?l=bugtraq&m=139905405728262&w=2

http://marc.info/?l=bugtraq&m=139905458328378&w=2

http://marc.info/?l=bugtraq&m=139905653828999&w=2

http://marc.info/?l=bugtraq&m=139905868529690&w=2

http://marc.info/?l=bugtraq&m=140015787404650&w=2

http://marc.info/?l=bugtraq&m=140075368411126&w=2

http://marc.info/?l=bugtraq&m=140724451518351&w=2

http://marc.info/?l=bugtraq&m=140752315422991&w=2

http://marc.info/?l=bugtraq&m=141287864628122&w=2

http://marc.info/?l=bugtraq&m=142660345230545&w=2

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

http://rhn.redhat.com/errata/RHSA-2014-0376.html

http://rhn.redhat.com/errata/RHSA-2014-0377.html

http://rhn.redhat.com/errata/RHSA-2014-0378.html

http://rhn.redhat.com/errata/RHSA-2014-0396.html

http://seclists.org/fulldisclosure/2014/Apr/109

http://seclists.org/fulldisclosure/2014/Apr/173

http://seclists.org/fulldisclosure/2014/Apr/190

http://seclists.org/fulldisclosure/2014/Apr/90

http://seclists.org/fulldisclosure/2014/Apr/91

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/57347

http://secunia.com/advisories/57483

http://secunia.com/advisories/57721

http://secunia.com/advisories/57836

http://secunia.com/advisories/57966

http://secunia.com/advisories/57968

http://secunia.com/advisories/59139

http://secunia.com/advisories/59243

http://secunia.com/advisories/59347

http://support.citrix.com/article/CTX140605

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

http://www.blackberry.com/btsc/KB35882

http://www.debian.org/security/2014/dsa-2896

http://www.exploit-db.com/exploits/32745

http://www.exploit-db.com/exploits/32764

http://www.f-secure.com/en/web/labs_global/fsc-2014-1

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

http://www.kb.cert.org/vuls/id/720951

http://www.kerio.com/support/kerio-control/release-history

http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

http://www.openssl.org/news/secadv_20140407.txt

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/66690

http://www.securitytracker.com/id/1030026

http://www.securitytracker.com/id/1030074

http://www.securitytracker.com/id/1030077

http://www.securitytracker.com/id/1030078

http://www.securitytracker.com/id/1030079

http://www.securitytracker.com/id/1030080

http://www.securitytracker.com/id/1030081

http://www.securitytracker.com/id/1030082

http://www.splunk.com/view/SP-CAAAMB3

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

http://www.ubuntu.com/usn/USN-2165-1

http://www.us-cert.gov/ncas/alerts/TA14-098A

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

http://www-01.ibm.com/support/docview.wss?uid=isg400001841

http://www-01.ibm.com/support/docview.wss?uid=isg400001843

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

http://www-01.ibm.com/support/docview.wss?uid=swg21670161

https://blog.torproject.org/blog/openssl-bug-cve-2014-0160

https://bugzilla.redhat.com/show_bug.cgi?id=1084875

https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

https://code.google.com/p/mod-spdy/issues/detail?id=85

https://filezilla-project.org/versions.php?type=server

https://gist.github.com/chapmajs/10473815

https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html

https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

https://www.cert.fi/en/reports/2014/vulnerability788210.html

https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008

Details

Source: MITRE

Published: 2014-04-07

Updated: 2020-07-28

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:*

OR

cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:*

cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:*

cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:*

cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:*

OR

cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:*

cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:*

OR

cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:*

Configuration 10

OR

cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:*

cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:*

cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:*

cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:*

cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:*

cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:*

cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:*

cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:*

cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:*

cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:*

cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:*

Configuration 11

OR

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 12

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Configuration 13

OR

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

Configuration 14

OR

cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:virtualization:6.0:*:*:*:*:*:*:*

Configuration 15

OR

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (90 total)

IDNameProductFamilySeverity
500424Siemens Simatic Improper Restriction of Operations within the Bounds of a Memory BufferTenable.otSCADA
high
127201NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)NessusNewStart CGSL Local Security Checks
critical
87676VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed)NessusMisc.
medium
82315Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)NessusMandriva Local Security Checks
high
81782IBM Rational ClearQuest 7.1.1.x / 7.1.2.x < 7.1.2.13.01 / 8.0.0.x < 8.0.0.10.01 / 8.0.1.x < 8.0.1.3.01 OpenSSL Library Multiple Vulnerabilities (credentialed check) (Heartbleed)NessusWindows
medium
80721Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed)NessusSolaris Local Security Checks
high
79964GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)NessusGentoo Local Security Checks
critical
79547OracleVM 3.3 : openssl (OVMSA-2014-0032) (Heartbleed) (POODLE)NessusOracleVM Local Security Checks
high
79013RHEL 6 : rhevm-spice-client (RHSA-2014:0416)NessusRed Hat Local Security Checks
high
79008RHEL 6 : rhev-hypervisor6 (RHSA-2014:0396) (Heartbleed)NessusRed Hat Local Security Checks
high
79006RHEL 6 : rhev-hypervisor6 (RHSA-2014:0378) (Heartbleed)NessusRed Hat Local Security Checks
high
79005RHEL 6 : Storage Server (RHSA-2014:0377) (Heartbleed)NessusRed Hat Local Security Checks
high
78164F5 Networks BIG-IP : OpenSSL vulnerability (K15159) (Heartbleed)NessusF5 Networks Local Security Checks
high
77437Kaspersky Internet Security Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
77108Fedora 20 : openssl-1.0.1e-39.fc20 (2014-9308) (Heartbleed)NessusFedora Local Security Checks
high
77054HP LoadRunner 11.52.x < 11.52 Patch 2 / 12.00.x < 12.00 Patch 1 Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
77025HP Version Control Repository Manager (VCRM) Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
77024HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
77023HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)NessusSuSE Local Security Checks
high
77022HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)NessusRed Hat Local Security Checks
high
76511LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)NessusMacOS X Local Security Checks
medium
76510LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Heartbleed)NessusWindows
medium
76509HP BladeSystem c-Class Onboard Administrator 4.11 / 4.20 Heartbeat Information Disclosure (Heartbleed)NessusMisc.
medium
76490Ipswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed)NessusMisc.
medium
76463HP Insight Control Server Migration 7.3.0 and 7.3.1 OpenSSL Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
76402Kerio Connect 8.2.x < 8.2.4 Heartbeat Information Disclosure (Heartbleed)NessusMisc.
medium
76575Triangle MicroWorks SCADA Data Gateway < 3.3.729 Heartbeat Information Disclosure (Heartbleed)NessusSCADA
medium
76309Attachmate Reflection Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
75376openSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed)NessusSuSE Local Security Checks
high
75331openSUSE Security Update : openssl (openSUSE-SU-2014:0560-1) (Heartbleed)NessusSuSE Local Security Checks
high
75314openSUSE Security Update : openssl (openSUSE-SU-2014:0492-1) (Heartbleed)NessusSuSE Local Security Checks
high
74481Mandriva Linux Security Advisory : tor (MDVSA-2014:123)NessusMandriva Local Security Checks
high
74270HP OfficeJet Printer Heartbeat Information Disclosure (Heartbleed)NessusWeb Servers
critical
74262Western Digital Arkeia 10.1.x < 10.1.19 / 10.2.x < 10.2.9 Multiple Vulnerabilities (Heartbleed)NessusCGI abuses
high
74186Attachmate Reflection X Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
74104IBM General Parallel File System 3.5 < 3.5.0.17 Multiple OpenSSL Vulnerabilities (Heartbleed)NessusWindows
medium
74037Blue Coat ProxyAV 3.5.1.1 - 3.5.1.6 Heartbeat Information Disclosure (Heartbleed)NessusCGI abuses
medium
74010Cisco TelePresence Video Communication Server Heartbeat Information Disclosure (Heartbleed)NessusCISCO
medium
73965Attachmate Reflection Secure IT Windows Client Information Disclosure (Heartbleed)NessusWindows
medium
73964Symantec Endpoint Protection Manager < 12.1 RU4 MP1a OpenSSL Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
73917ESXi 5.5 < Build 1746974 / 5.5 Update 1 < Build 1746018 OpenSSL Library Multiple Vulnerabilities (remote check) (Heartbleed)NessusMisc.
medium
73896VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)NessusMisc.
medium
73865MS KB2962393: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (Heartbleed)NessusWindows
critical
73854McAfee VirusScan Enterprise for Linux OpenSSL Information Disclosure (SB10071) (Heartbleed)NessusMisc.
medium
73851VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilitiesNessusVMware ESX Local Security Checks
high
73836McAfee Web Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed)NessusMisc.
medium
73835McAfee Next Generation Firewall OpenSSL Information Disclosure (SB10071) (Heartbleed)NessusMisc.
medium
73834McAfee Firewall Enterprise OpenSSL Information Disclosure (SB10071) (Heartbleed)NessusFirewalls
medium
73833McAfee ePolicy Orchestrator OpenSSL Information Disclosure (SB10071) (Heartbleed)NessusMisc.
medium
73832McAfee Email Gateway OpenSSL Information Disclosure (SB10071) (Heartbleed)NessusMisc.
medium
73806HP LaserJet Pro Printers OpenSSL Heartbeat Information Disclosure (HPSBPI03014) (Heartbleed)NessusMisc.
medium
73762BlackBerry Enterprise Service Information Disclosure (KB35882) (Heartbleed)NessusWindows
medium
73759Websense Web Security Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
73758Websense Email Security Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
73668OpenVPN 2.3.x Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
73674VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)NessusWindows
medium
73673VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)NessusGeneral
medium
73672VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)NessusWindows
medium
73671VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)NessusGeneral
medium
73670VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)NessusMacOS X Local Security Checks
medium
73640FileZilla Server < 0.9.44 OpenSSL Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
73688Junos Pulse Secure Access IVE / UAC OS OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)NessusMisc.
medium
73687Juniper Junos OpenSSL Heartbeat Information Disclosure (JSA10623) (Heartbleed)NessusJunos Local Security Checks
high
73639HP System Management Homepage OpenSSL Multiple Vulnerabilities (Heartbleed)NessusWeb Servers
medium
73613WinSCP Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
73575Splunk 6.x < 6.0.3 Multiple OpenSSL Vulnerabilities (Heartbleed)NessusWeb Servers
medium
73547Fedora 19 : mingw-openssl-1.0.1e-6.fc19 (2014-4999) (Heartbleed)NessusFedora Local Security Checks
high
73515Blue Coat ProxySG Heartbeat Information Disclosure (Heartbleed)NessusFirewalls
medium
73509Fedora 20 : mingw-openssl-1.0.1e-6.fc20 (2014-4982) (Heartbleed)NessusFedora Local Security Checks
high
73500stunnel < 5.01 OpenSSL Heartbeat Information Disclosure (Heartbleed)NessusWindows
medium
73491OpenVPN Heartbeat Information Disclosure (Heartbleed)NessusMisc.
medium
73669Fortinet OpenSSL Information Disclosure (Heartbleed)NessusMisc.
medium
73472AIX OpenSSL Advisory : openssl_advisory7.doc (Heartbleed)NessusAIX Local Security Checks
high
73438Amazon Linux AMI : openssl Information Disclosure Vulnerability (ALAS-2014-320)NessusAmazon Linux Local Security Checks
high
73430Fedora 19 : openssl-1.0.1e-37.fc19.1 (2014-4910)NessusFedora Local Security Checks
high
73429Fedora 20 : openssl-1.0.1e-37.fc20.1 (2014-4879)NessusFedora Local Security Checks
high
8194OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed)Nessus Network MonitorWeb Servers
medium
73412OpenSSL Heartbeat Information Disclosure (Heartbleed)NessusMisc.
medium
73409Slackware 14.0 / 14.1 / current : openssl (SSA:2014-098-01)NessusSlackware Local Security Checks
high
73408Scientific Linux Security Update : openssl on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
73407GLSA-201404-07 : OpenSSL: Information DisclosureNessusGentoo Local Security Checks
high
73404OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed)NessusWeb Servers
medium
73402Ubuntu 12.04 LTS / 12.10 / 13.10 : openssl vulnerabilities (USN-2165-1)NessusUbuntu Local Security Checks
high
73396RHEL 6 : openssl (RHSA-2014:0376)NessusRed Hat Local Security Checks
high
73395Oracle Linux 6 : openssl (ELSA-2014-0376)NessusOracle Linux Local Security Checks
high
73389FreeBSD : OpenSSL -- Remote Information Disclosure (5631ae98-be9e-11e3-b5e3-c80aa9043978)NessusFreeBSD Local Security Checks
high
73388Debian DSA-2896-1 : openssl - security updateNessusDebian Local Security Checks
high
73387CentOS 6 : openssl (CESA-2014:0376)NessusCentOS Local Security Checks
high
7108OpenSSL Heartbeat Information Disclosure (Heartbleed)Nessus Network MonitorPolicy
high
801617OpenSSL Heartbeat Information Disclosure (Heartbleed)Log Correlation EngineWeb Servers
high