|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-05-12 | |
| Rule Name: | Openssl TLS DTLS Heartbeat Information Disclosure Vulnerability (CVE-2014-0160) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read,aka the Heartbleed bug. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Solaris, Other Unix, FreeBSD, Linux | |
| Reference: | ExploitDB:32745 ExploitDB:32764 SecurityFocusBID:66690 SecurityTrackerID:1030026 SecurityTrackerID:1030074 SecurityTrackerID:1030077 SecurityTrackerID:1030078 SecurityTrackerID:1030079 SecurityTrackerID:1030080 SecurityTrackerID:1030081 SecurityTrackerID:1030082 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://www.openssl.org/news/secadv_20140407.txt http://git.openssl.org/gitweb/?p=openssl.git |