exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 117 RSS Feed

CVE-2014-0160

Status Candidate

Overview

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Related Files

Heartbleed Attack
Posted Dec 21, 2020
Authored by Jaspreet Singh, Siddhi Verma

This document is intended to provide a detailed study on the Heartbleed attack. It covers the required topics for understanding the exploit. The proof of concept will help visualize and perform the attack in a virtual scenario to understand the attack vector of the process of exploitation.

tags | paper, proof of concept
advisories | CVE-2014-0160
SHA-256 | cf6fbc4d936699857b6524b54211eae3ce2b2ca1a865a3ff3877d5fc4fc945b6
Streamworks Job Scheduler Release 7 Authentication Weakness
Posted Jan 16, 2019
Authored by Simon Bieber

Streamworks Job Scheduler Release 7 has all agents using the same X.509 certificates and keys issued by the vendor for authentication. The processing server component does not check received messages properly for authenticity. Agents installed on servers do not check received messages properly for authenticity. Agents and processing servers are vulnerable to the TLS Heartbleed attack.

tags | exploit
advisories | CVE-2014-0160
SHA-256 | 8d3ab2a2e1407bcba852d7925fccb15e6610ced1db687ba89dc4e1333028ea6d
Heartbleed Vulnerability Scanning Tool
Posted Sep 24, 2015
Authored by hybridus

This python script checks for the OpenSSL memory leak named Heartbleed and as noted in CVE-2014-0160. It can be used for different SSL TLS versions and multiple (HTTPS/SMTP/IMAP/POP3) protocols. It is optimized for mass scans.

tags | tool, web, scanner, imap, protocol, memory leak, python
systems | unix
advisories | CVE-2014-0160
SHA-256 | 89791cf81b92b962ceaf4da83a28781f5cf9ed884168321574cab9f157657409
Mandriva Linux Security Advisory 2015-062
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0160, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
SHA-256 | e171ec43c2e20ccaebff7416a52645d7f17fe5f2ac7aa5376af3eb0518dd7115
HP Security Bulletin HPSBHF03293
Posted Mar 18, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03293 1 - Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including heartbleed, padding oracle, and shellshock issues. Revision 1 of this advisory.

tags | advisory, vulnerability, bash
advisories | CVE-2009-3555, CVE-2014-0160, CVE-2014-0195, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-3566, CVE-2014-5139
SHA-256 | 30d1ba0b92a93958f1b541914c45bffd10181d46e5a162699dcd2c22a93f67c4
Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
SHA-256 | 0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087
HP Security Bulletin HPSBHF03136
Posted Oct 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03136 - A potential security vulnerability has been identified with HP TippingPoint NGFW running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 6bdd949e8b4cb4636927e862953cb3d4f530ca4d57f3725e586957c6c273c3e8
HP Security Bulletin HPSBMU03037 2
Posted Aug 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03037 2 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 084b66e055026239b823e5a146253361afc7465060ae9d8e71bda3d8c747d60b
HP Security Bulletin HPSBST03000 4
Posted Jun 30, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03000 4 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | d73fa1bd882e7f8008920c158bf623bc8f8b58fa93cf66a5af55c435e4a4b1a2
HP Security Bulletin HPSBST03016 4
Posted Jun 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03016 4 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | c824c58a9d51692dcb8aa9df7c86fb0c1822c96d29fe3b750299904ddbb92a55
Mandriva Linux Security Advisory 2014-123
Posted Jun 12, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-123 - Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2013-7295, CVE-2014-0160
SHA-256 | 568cbcf858a502e1e84440e1e7c66b0a534813a012aee5e85e193d4acc58aa29
HP Security Bulletin HPSBMU03024 3
Posted Jun 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03024 3 - A potential security vulnerability has been identified with HP System Management Homepage (SMH) running on Linux and Windows and HP Systems Insight Manager (SIM), components of HP Insight Control server deployment. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Insight Control server deployment packages HP System Management Homepage (SMH) and HP Systems Insight Manager (SIM) and can deploy them through the below list of items. This bulletin will give you the information needed to update your HP Insight Control server deployment solution. Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Revision 3 of this advisory.

tags | advisory, x86
systems | linux, windows
advisories | CVE-2014-0160
SHA-256 | 38ca5ad69ec755b06d0445833bfe62d0df43899d68a3eaa46a683cf42d15b4ca
HP Security Bulletin HPSBMU03029 2
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03029 2 - A potential security vulnerability has been identified with HP Insight Control server migration running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 1e74c0ccaa7df002b779d8233fe2743dc52cabe1d816990cc681de7247931756
HP Security Bulletin HPSBMU03033 3
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03033 3 - A potential security vulnerability has been identified with HP Insight Control software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 26450869ed7e8e9888feb1b30e20846859e3b7d1ef71705fb6a67553eaba919d
HP Security Bulletin HPSBMU03028 2
Posted Jun 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03028 2 - A potential security vulnerability has been identified with HP Matrix Operating Environment and HP CloudSystem Matrix software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | ac167e598819b0170873d5d1318b3a3bf755767159a7cd628be5af23f20fd934
HP Security Bulletin HPSBMU03009 3
Posted May 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03009 3 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 715a2d0a4cdf05596a3668d5ecd8157e6df13d4c09710a6731099c91bd445fb0
HP Security Bulletin HPSBMU03025 2
Posted May 23, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03025 2 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 52629bc62087a9590b7c8b290ce662df2a94e3e0cdab3616e08af610cd2dd175
HP Security Bulletin HPSBMU02995 8
Posted May 23, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02995 8 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 8 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 8a46199caee50f4b5ccb3fe410da023a1d9cae75b0c14e9eb19f64d6b9895b17
HP Security Bulletin HPSBMU03044
Posted May 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03044 - A potential security vulnerability has been identified with HP Business Process Monitor running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 75b0264fcbec223ee3f4ea20c5e45106bd20fec772506d86b5b521ab51e99c32
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140520
Posted May 21, 2014
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release updates tor to version 0.2.4.22, the kernel to 3.14.4 plus Gentoo's hardened-patches, and openssh to 6.6p1. The bump in tor adds an important block to authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL, CVE-2014-0160. The bump in the kernel addresses the pty layer race condition memory corruption, CVE-2014-0196. Upgrading is strongly recommended.
tags | tool, kernel, peer2peer
systems | linux
advisories | CVE-2014-0160, CVE-2014-0196
SHA-256 | 3306c7e085052181a0b7cb7150f2e6a86adc9942ce70c90c6ca896ea79857940
HP Security Bulletin HPSBMU03022 3
Posted May 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03022 3 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 3 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | 8f9087315afcbac376a9d94829c09203bb41b0d59eacf16f29ed2914592cfcdf
CA Technologies OpenSSL Heartbleed Issue
Posted May 19, 2014
Authored by Ken Williams | Site www3.ca.com

CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CA Technologies has confirmed that the majority of their product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | cd70166d5a87d345097aa5d535e0e71a59c770f9dfeb06ac3274b16b979bdcfd
HP Security Bulletin HPSBMU02995 7
Posted May 16, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02995 7 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 7 of this advisory.

tags | advisory, protocol
advisories | CVE-2014-0160
SHA-256 | 6006387e1c625c02a0a9153806384fe303b9b3090470fb6d51524c22ca9be3bf
HP Security Bulletin HPSBMU03040
Posted May 16, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03040 - A potential security vulnerability has been identified with HP LoadRunner and HP Performance Center running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | c98620fdab19724e814510188b205e1a98156e02a6b935e29d79afae2e91dfb6
HP Security Bulletin HPSBMU03022 2
Posted May 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03022 2 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0160
SHA-256 | f8fd34ad3bcea67bfeb86d0cdbcfcd93cb274574359e6f9c9d3a3b2bf2a001d5
Page 1 of 5
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close