HP Security Bulletin HPSBGN03010 3 - A potential security vulnerability has been identified in HP Sotware Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 3 of this advisory.
9907a28d60dd8298a641863b9e3e018c8300d3ef3f9064a212ad8546bfbc0645
HP Security Bulletin HPSBMU03020 2 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
cdda7e39e3bfafc44217b4c9a7e029567a6a2d95a43e7ccac56a7c342920cd16
HP Security Bulletin HPSBMU03022 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 1 of this advisory.
7c7a616ea0bc1d238574c012deee840077e6027ee20c991b2e71a95cc720bf18
HP Security Bulletin HPSBMU03025 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
347c3c86c55fb210fc9799ac5fef38c3c769fb03d47928b50b4baa56fdb9121f
HP Security Bulletin HPSBGN03010 2 - A potential security vulnerability has been identified in HP Software Server Automation running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
5d03cfbf9506cfa5ffba29cb25add2ed339e9a76c30ccf4b7e8a326e25adf64b
HP Security Bulletin HPSBMU02995 6 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol.
a16128da2b79c4167b73519c5aa603028d61b3670cd39f820ab4f7d536462f45
HP Security Bulletin HPSBMU02994 3 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.
b8b3de3776dc7c5ce8612d0e42fc9e7fa814ccacafb58ad54f0504fb46d481b9
HP Security Bulletin HPSBMU03017 2 - A potential security vulnerability has been identified with HP Software Connect-IT running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 2 of this advisory.
e9a78459f7e987b83bf4af8f0957d2dda3712e58121f226f6f32537579683a93
HP Security Bulletin HPSBMU03023 - A potential security vulnerability has been identified in HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The Virtual Connect firmware itself is not vulnerable to CVE-2014-0160 (Heartbleed), however, the installer component in versions 4.10 and 4.20 of Virtual Connect does have the vulnerability, and should be replaced with versions 4.10b or 4.20b, or the latest version of Virtual Connect Support Utility referenced below. The VCSU vulnerability is only present during the firmware upgrade process. Revision 1 of this advisory.
265d34dec60e1f903018c216fd1d7594a225c2b117f6462facc19c5c9c6b82cc
HP Security Bulletin HPSBST03016 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
cc603d74519194ed684085382b3f25f8e81c35c6cb29ed84719965071aec239b
This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset values for NULL and MAX length.
c130ea864e8a5752cbeeeb43cf5a566cbd9daeaef96e1462511173ae8e398614
HP Security Bulletin HPSBMU03020 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
459c9a6e9429ca0b8870610411c7acc83310004b610563f7e202a3d0fa9e5219
HP Security Bulletin HPSBPI03014 - A potential vulnerability exists in HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers. This is the OpenSSL vulnerability known as "Heartbleed" (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
049c19730dd5ae96d1817952229350dabe5a8e9991c63f15a5da28ea8fa0cee6
HP Security Bulletin HPSBHF03021 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP products. This bulletins objective is to notify HP customers about certain HP Thin Client class of products affected by the Heartbleed vulnerability. HP will continue to release additional bulletins advising customers about other HP products NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
d28a09d3c4eb226153bc5cf89a3008f9b22de526a2a0783ae2650ccab578a8a8
HP Security Bulletin HPSBST03015 2 - A potential security vulnerability has been identified with HP 3PAR OS running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
0454ffb49cf0855b47c50c883a3c1120140696297d179ae6dae2e21fc0fe6774
HP Security Bulletin HPSBGN03011 - A potential security vulnerability has been identified with HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
5729e6f9d0b9af5336f4c41a88b4916c0cc567d11d4242057f238032355c68c6
Apple Security Advisory 2014-04-22-4 - AirPort Base Station Firmware Update 7.7.3 is now available and addresses a security issue. An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.
bcc954ff6dd3f9af4c693d79f9c6375e2c876b9ed219f2665051d932f95aacd7
HP Security Bulletin HPSBMU02997 2 - A potential security vulnerability has been identified with HP Smart Update Manager (SUM) running OpenSSL.This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
3c1260054506cccf56c662aed65a41072f7aceddc27835d4b72e40530eebe442
HP Security Bulletin HPSBMU02995 5 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 5 of this advisory.
a4a725dc86600a76fe72f0bf00f2ab20733261da69bfce0f5da2a32ccbe486ba
HP Security Bulletin HPSBMU03013 - A potential security vulnerability has been identified with WMI Mapper for HP Systems Insight Manager running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
798dc254a3e05f1bc968d822959d055dbfc4ed5738051985bb5e2b576000ffea
HP Security Bulletin HPSBST03015 - A potential security vulnerability has been identified with HP 3PAR OS running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
a356840cc2062366e3d3a806cf95c23b8bc14bb933a9885433db2a95e65058b9
HP Security Bulletin HPSBST03000 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
b4a9f6460a61443cfad89a4d3a83b40a6e8ce7136d4eb2256816beb2249053b6
This is a shell script that uses unicornscan, the heartbleed proof of concept, nmap, and various other tools in order to do a mass scan for vulnerable SSL instances.
3d5d5d98ca65a01f362846317f934b92ff5da2da31a106a1dbb6210210922bc9
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.
b9dd8ee3053813f5ff75d34d8e0f41a37a3efeac003a6ab767604dd17a77f4ff
HP Security Bulletin HPSBMU03018 - A potential security vulnerability has been identified with HP Software Asset manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
332978aeae4871a3152a70a5202180bdb05e8d1bab52276229dfca74fca337fb