Categories: US-Cert-Repository

OpenSSL ‘Heartbleed’ Vulnerability

Original release date: April 08, 2014

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL version 1.0.1g resolves this vulnerability. The 1.0.0 and 0.9.8 branches are not vulnerable.

US-CERT recommends users and administrators review Vulnerability Note VU#720951 for additional information and mitigation details. 

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Leave a Comment
Share
Published by
admin
12 years ago

Recent Posts

MyDoom.B Virus

Systems Affected   Any system running Microsoft Windows (Windows 95 and newer) that are used…

4 weeks ago

Multiple Vulnerabilities in Microsoft Internet Explorer

Systems Affected   Microsoft Windows systems running Internet Explorer 5.01 Internet Explorer 5.50 Internet Explorer…

4 weeks ago

HTTP Parsing Vulnerabilities in Check Point Firewall-1

Systems Affected   Check Point Firewall-1 NG FCS Check Point Firewall-1 NG FP1 Check Point…

1 month ago

Multiple Vulnerabilities in Microsoft Windows

Systems Affected   Systems running Microsoft Windows   Overview   Microsoft Windows contains multiple vulnerabilities,…

1 month ago

Vulnerability in Microsoft Outlook 2002

Systems Affected   Systems running Microsoft Office XP and Outlook 2002   Overview   There…

1 month ago

Multiple Vulnerabilities in OpenSSL

Systems Affected   Applications and systems that use the OpenSSL SSL/TLS library   Overview  …

1 month ago

This website uses cookies.