CVE-2014-0160

CVSS V2 Medium 5 CVSS V3 High 7.5
Description
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Overview
  • CVE ID
  • CVE-2014-0160
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2014-04-07T22:55:03
  • Last Modified Date
  • 2023-02-10T16:58:22
Weakness Enumerations
CWE URL
CWE-125 http://cwe.mitre.org/data/definitions/125.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 1 OR 1.0.1 1.0.1g
AND
cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:* 1 OR 0.9.44
AND
cpe:2.3:o:siemens:application_processing_engine_firmware:2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:cp_1543-1_firmware:1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:cp_1543-1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:simatic_s7-1500t:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:siemens:elan-8.2:*:*:*:*:*:*:*:* 1 OR 8.3.3
cpe:2.3:a:siemens:wincc_open_architecture:3.12:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:intellian:v100_firmware:1.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:intellian:v100_firmware:1.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:intellian:v100_firmware:1.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intellian:v100:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:intellian:v60_firmware:1.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:intellian:v60_firmware:1.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:intellian:v60:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:mitel:micollab:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mitel:micollab:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mitel:micollab:7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mitel:micollab:7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mitel:micollab:7.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mitel:micollab:7.3.0.104:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mitel:mivoice:1.1.2.5:*:*:*:*:lync:*:* 1 OR
cpe:2.3:a:mitel:mivoice:1.1.3.3:*:*:*:*:skype_for_business:*:* 1 OR
cpe:2.3:a:mitel:mivoice:1.2.0.11:*:*:*:*:skype_for_business:*:* 1 OR
cpe:2.3:a:mitel:mivoice:1.3.2.2:*:*:*:*:skype_for_business:*:* 1 OR
cpe:2.3:a:mitel:mivoice:1.4.0.102:*:*:*:*:skype_for_business:*:* 1 OR
AND
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:redhat:gluster_storage:2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • NONE
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1084875 Issue Tracking Third Party Advisory
http://www.openssl.org/news/secadv_20140407.txt Vendor Advisory
http://heartbleed.com/ Third Party Advisory
http://www.securitytracker.com/id/1030078 Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2014/Apr/109 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/190 Mailing List Third Party Advisory
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0376.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.html Third Party Advisory
http://www.securitytracker.com/id/1030082 Third Party Advisory VDB Entry
http://secunia.com/advisories/57347 Third Party Advisory
http://marc.info/?l=bugtraq&m=139722163017074&w=2 Third Party Advisory
http://www.securitytracker.com/id/1030077 Third Party Advisory VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg21670161 Broken Link
http://www.debian.org/security/2014/dsa-2896 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0377.html Third Party Advisory
http://www.securitytracker.com/id/1030080 Third Party Advisory VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html Third Party Advisory
http://www.securitytracker.com/id/1030074 Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2014/Apr/90 Mailing List Third Party Advisory
http://www.securitytracker.com/id/1030081 Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.html Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/91 Mailing List Third Party Advisory
http://secunia.com/advisories/57483 Third Party Advisory
http://www.splunk.com/view/SP-CAAAMB3 Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html Third Party Advisory
http://www.securitytracker.com/id/1030079 Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html Mailing List Third Party Advisory
http://secunia.com/advisories/57721 Third Party Advisory
http://www.blackberry.com/btsc/KB35882 Broken Link
http://www.securitytracker.com/id/1030026 Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html Mailing List Third Party Advisory
http://www.securityfocus.com/bid/66690 Third Party Advisory VDB Entry
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-098A Third Party Advisory US Government Resource
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ Third Party Advisory
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ Third Party Advisory
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 Third Party Advisory
http://secunia.com/advisories/57966 Third Party Advisory
http://www.f-secure.com/en/web/labs_global/fsc-2014-1 Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/173 Mailing List Third Party Advisory
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ Third Party Advisory
http://secunia.com/advisories/57968 Third Party Advisory
https://code.google.com/p/mod-spdy/issues/detail?id=85 Third Party Advisory
http://www.exploit-db.com/exploits/32745 Exploit Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/720951 Third Party Advisory US Government Resource
https://www.cert.fi/en/reports/2014/vulnerability788210.html Third Party Advisory
http://www.exploit-db.com/exploits/32764 Exploit Third Party Advisory VDB Entry
http://secunia.com/advisories/57836 Third Party Advisory
https://gist.github.com/chapmajs/10473815 Third Party Advisory
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/ Third Party Advisory
http://cogentdatahub.com/ReleaseNotes.html Release Notes Third Party Advisory
http://marc.info/?l=bugtraq&m=139905458328378&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139869891830365&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139889113431619&w=2 Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1 Third Party Advisory
http://www.kerio.com/support/kerio-control/release-history Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3 Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0165.html Third Party Advisory
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCa Broken Link
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843 Third Party Advisory
https://filezilla-project.org/versions.php?type=server Release Notes Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841 Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217 Third Party Advisory
http://marc.info/?l=bugtraq&m=141287864628122&w=2 Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23 Mailing List Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Not Applicable
http://marc.info/?l=bugtraq&m=142660345230545&w=2 Third Party Advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 Third Party Advisory
http://marc.info/?l=bugtraq&m=139817727317190&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139757726426985&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139758572430452&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905653828999&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139842151128341&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905405728262&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139833395230364&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139824993005633&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139843768401936&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905202427693&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139774054614965&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139889295732144&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139835815211508&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140724451518351&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139808058921905&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139836085512508&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139869720529462&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905868529690&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139765756720506&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140015787404650&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139824923705461&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139757919027752&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139774703817488&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905243827825&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140075368411126&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905295427946&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139835844111589&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139757819327350&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139817685517037&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139905351928096&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=139817782017443&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2 Third Party Advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 Third Party Advisory
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf Not Applicable
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf Third Party Advisory
http://secunia.com/advisories/59347 Third Party Advisory
http://secunia.com/advisories/59243 Third Party Advisory
http://secunia.com/advisories/59139 Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html Mailing List Third Party Advisory
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 Broken Link
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html Third Party Advisory
http://support.citrix.com/article/CTX140605 Third Party Advisory
http://www.ubuntu.com/usn/USN-2165-1 Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html Mailing List Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded Not Applicable
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 Third Party Advisory
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E Mailing List Patch Third Party Advisory
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E Mailing List Patch Third Party Advisory
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html Exploit Third Party Advisory
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E Mailing List Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf Third Party Advisory
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E Mailing List Patch Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2014-0160
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
History
Created Old Value New Value Data Type Notes
2022-05-10 17:08:24 Added to TrackCVE
2022-12-01 22:33:50 2014-04-07T22:55Z 2014-04-07T22:55:03 CVE Published Date updated
2022-12-01 22:33:50 2022-11-15T21:15:11 CVE Modified Date updated
2022-12-01 22:33:50 Undergoing Analysis Vulnerability Status updated
2023-02-11 03:04:56 2023-02-10T16:58:22 CVE Modified Date updated
2023-02-11 03:04:56 Undergoing Analysis Analyzed Vulnerability Status updated
2023-02-11 03:04:56 Weakness Enumeration update