Categories: US-Cert-Repository

OpenSSL ‘Heartbleed’ Vulnerability

Original release date: April 08, 2014

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL version 1.0.1g resolves this vulnerability. The 1.0.0 and 0.9.8 branches are not vulnerable.

US-CERT recommends users and administrators review Vulnerability Note VU#720951 for additional information and mitigation details. 

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Leave a Comment
Share
Published by
admin
11 years ago

Recent Posts

Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled…

10 hours ago

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems (ICS) advisories on October 24, 2024. These advisories provide…

1 day ago

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of…

2 days ago

CISA, US, and International Partners Release Joint Guidance to Assist Software Manufacturers with Safe Software Deployment Processes

Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers…

3 days ago

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…

4 days ago

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…

5 days ago

This website uses cookies.