Synopsis
The remote service is affected by an information disclosure
vulnerability.
Description
Versions of OpenSSL 1.0.1 prior to 1.0.1g may contain the following vulnerability:
- A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server. (CVE-2014-0160)
Solution
Upgrade to OpenSSL 1.0.1g or later.
Alternatively, recompile OpenSSL with the '-DOPENSSL_NO_HEARTBEATS'
flag to disable the vulnerable functionality.