HIGH
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Weakness: Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Published: 2014-04-07
Community Advisory
This section is open source, for any additional information that enhances or clarifies the official advisory above.
CVE-2014-0160 Exploits (70)
- FiloSottile/Heartbleed ( 2247)
- musalbas/heartbleed-masstest ( 571)
- titanous/heartbleeder ( 452)
- Lekensteyn/pacemaker ( 312)
- sensepost/heartbleed-poc ( 127)
- einaros/heartbleed-tools ( 91)
- mpgn/heartbleed-PoC ( 55)
- isgroup-srl/openmagic ( 38)
- jdauphant/patch-openssl-CVE-2014-0160 ( 18)
- OffensivePython/HeartLeak ( 16)
Show all exploits (+60):
- DisK0nn3cT/MaltegoHeartbleed ( 16)
- hybridus/heartbleedscanner ( 14)
- hmlio/vaas-cve-2014-0160 ( 12)
- DominikTo/bleed ( 7)
- hreese/heartbleed-dtls ( 6)
- wwwiretap/bleeding_onions ( 6)
- 0x90/CVE-2014-0160 ( 6)
- yryz/heartbleed.js ( 5)
- mozilla-services/Heartbleed ( 3)
- ingochris/heartpatch.us ( 2)
- cyphar/heartthreader ( 2)
- GeeksXtreme/ssl-heartbleed.nse ( 1)
- Saymeis/HeartBleed ( 1)
- sammyfung/openssl-heartbleed-fix ( 1)
- xlucas/heartbleed ( 1)
- zouguangxian/heartbleed ( 1)
- proactiveRISK/heartbleed-extention ( 1)
- waqasjamal-zz/HeartBleed-Vulnerability-Checker ( 1)
- vortextube/ssl_scanner ( 1)
- GuillermoEscobero/heartbleed ( 1)
- sika-forks/Heartbleed
- sika-forks/heartbleed-masstest
- zeroshirts/heartbleeder
- rapid7/metasploit-framework/modules/auxiliary/server/openssl_heartbeat_client_memory.rb
- 32745
- 32764
- GitMirar/heartbleed_exploit
- artofscripting/cmty-ssl-heartbleed-CVE-2014-0160-HTTP-HTTPS
- math4youbyusgroupillinois/Heartbleed
- rapid7/metasploit-framework/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
- nyctophile6/A2SV--SSL-VUL-Scan
- siddolo/knockbleed
- menrcom/CVE-2014-160
- ice-security88/CVE-2014-0160
- iSCInc/heartbleed
- obayesshelton/CVE-2014-0160-Scanner
- fb1h2s/CVE-2014-0160
- roganartu/heartbleedchecker-chrome
- rouze-d/heartbleed
- WildfootW/CVE-2014-0160_OpenSSL_1.0.1f_Heartbleed
- nyc-tophile/A2SV--SSL-VUL-Scan
- hack3r-0m/heartbleed_fix_updated
- idkqh7/heatbleeding
- cved-sources/cve-2014-0160
- indiw0rm/-Heartbleed-
- caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC
- amerine/coronary
- Xyl2k/CVE-2014-0160-Chrome-Plugin
- xanas/heartbleed.py
- marstornado/cve-2014-0160-Yunfeng-Jiang
- a0726h77/heartbleed-test
- cheese-hub/heartbleed
- artofscripting-zz/cmty-ssl-heartbleed-CVE-2014-0160-HTTP-HTTPS
- cldme/heartbleed-bug
- ThanHuuTuan/Heartexploit
- takeshixx/ssl-heartbleed.nse
- Acidburn0zzz/Heartbleed
- fihlatv/Heartbleed
- kevintvh/Heartbleed
- ret2eax/pacemaker
CVE-2014-0160 Vulnerable Docker Environment
Vulhub is an open-source collection of Docker-ized vulnerable environments. No pre-existing knowledge of Docker is required, just execute two simple commands and you have a vulnerable environment.
OpenSSL Heartbleed Vulnerability (CVE-2014-0160)
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
References:
- https://heartbleed.com/
- https://filippo.io/Heartbleed
Setup
Build and run:
docker-compose up -d
POC
Visit https://filippo.io/Heartbleed to check the result:
Run ssltest.py with Python to obtain sensitive data (Cookie):
Official CVE References
View references (127)
- mageia.org/MGASA-2014-0165.html
- fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
- cogentdatahub.com/ReleaseNotes.html
- schneider-electric.com/files
- openssl.org/gitweb/
- heartbleed.com/
- fedoraproject.org/pipermail/package-announce/2014-April/131221.html
- fedoraproject.org/pipermail/package-announce/2014-April/131291.html
- fedoraproject.org/pipermail/package-announce/2014-August/136473.html
- opensuse.org/opensuse-security-announce/2014-04/msg00004.html
- opensuse.org/opensuse-security-announce/2014-04/msg00005.html
- opensuse.org/opensuse-updates/2014-04/msg00061.html
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- marc.info/
- support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx
- support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx
- redhat.com/errata/RHSA-2014-0376.html
- redhat.com/errata/RHSA-2014-0377.html
- redhat.com/errata/RHSA-2014-0378.html
- redhat.com/errata/RHSA-2014-0396.html
- seclists.org/fulldisclosure/2014/Apr/109
- seclists.org/fulldisclosure/2014/Apr/173
- seclists.org/fulldisclosure/2014/Apr/190
- seclists.org/fulldisclosure/2014/Apr/90
- seclists.org/fulldisclosure/2014/Apr/91
- seclists.org/fulldisclosure/2014/Dec/23
- secunia.com/advisories/57347
- secunia.com/advisories/57483
- secunia.com/advisories/57721
- secunia.com/advisories/57836
- secunia.com/advisories/57966
- secunia.com/advisories/57968
- secunia.com/advisories/59139
- secunia.com/advisories/59243
- secunia.com/advisories/59347
- citrix.com/article/CTX140605
- cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
- apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
- blackberry.com/btsc/KB35882
- debian.org/security/2014/dsa-2896
- 32745
- 32764
- f-secure.com/en/web/labs_global/fsc-2014-1
- getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
- getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
- getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
- getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
- innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
- kb.cert.org/vuls/id/720951
- kerio.com/support/kerio-control/release-history
- mandriva.com/security/advisories
- openssl.org/news/secadv_20140407.txt
- oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
- securityfocus.com/archive/1/534161/100/0/threaded
- securityfocus.com/bid/66690
- securitytracker.com/id/1030026
- securitytracker.com/id/1030074
- securitytracker.com/id/1030077
- securitytracker.com/id/1030078
- securitytracker.com/id/1030079
- securitytracker.com/id/1030080
- securitytracker.com/id/1030081
- securitytracker.com/id/1030082
- splunk.com/view/SP-CAAAMB3
- symantec.com/security_response/securityupdates/detail.jsp
- ubuntu.com/usn/USN-2165-1
- us-cert.gov/ncas/alerts/TA14-098A
- vmware.com/security/advisories/VMSA-2014-0012.html
- websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- ibm.com/support/docview.wss
- ibm.com/support/docview.wss
- ibm.com/support/docview.wss
- ibm.com/support/docview.wss
- torproject.org/blog/openssl-bug-cve-2014-0160
- redhat.com/show_bug.cgi
- siemens.com/productcert/pdf/ssa-635659.pdf
- google.com/p/mod-spdy/issues/detail
- filezilla-project.org/versions.php
- chapmajs/10473815
- www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/
- apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
- apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
- apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
- apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
- balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
- blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
- f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
- f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
- cert.fi/en/reports/2014/vulnerability788210.html
- mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008