Attacker Value
High
(2 users assessed)
Exploitability
Very High
(2 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2014-0160 (AKA: Heartbleed)

Disclosure Date: April 07, 2014
CVE-2014-0160 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Add Assessment

4
Ratings
  • Attacker Value
    High
  • Exploitability
    Very High
Common in enterpriseEasy to weaponizeUnauthenticatedVulnerable in default configuration
Technical Analysis

A missing boundary check causes versions of OpenSSL 1.0.1 – 1.0.1f to be vulnerable to an out of bounds read as part of an SSL Heartbeat message. This vulnerability can be leveraged without authenticating in many instances to leak sensitive information such as passwords and private keys. Due to the vulnerability being in the OpenSSL library, exploits are implementation specific and may require changes to implement the applicable protocol.

The vulnerability was fixed in this patch.

Log in to Add Reply
1
Ratings
  • Attacker Value
    High
  • Exploitability
    Very High
Common in enterpriseEasy to weaponizeUnauthenticatedVulnerable in default configuration
Technical Analysis

A bit legendary at this point but memory chunks from VPN devices was a real problem. If vulnerable, got hit.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
3.6
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
auxiliary/scanner/ssl/openssl_heartbleed
auxiliary/server/openssl_heartbeat_client_memory
Reporter
Unknown

References

Canonical
CVE-2014-0160 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)
BID-66690 (http://www.securityfocus.com/bid/66690)
Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
SECTRACK-1030077 (http://www.securitytracker.com/id/1030077)
20140408 heartbleed OpenSSL bug CVE-2014-0160 (http://seclists.org/fulldisclosure/2014/Apr/90)
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases
DSA-2896 (http://www.debian.org/security/2014/dsa-2896)
HPSBGN03008 (http://marc.info?l=bugtraq&m=139774054614965&w=2)
HPSBMU03024 (http://marc.info?l=bugtraq&m=139889113431619&w=2)
http://rhn.redhat.com/errata/RHSA-2014-0396.html
HPSBHF03021 (http://marc.info?l=bugtraq&m=139835815211508&w=2)
HPSBHF03136 (http://marc.info?l=bugtraq&m=141287864628122&w=2)
VU#720951 (http://www.kb.cert.org/vuls/id/720951)
http://www.splunk.com/view/SP-CAAAMB3
HPSBMU03033 (http://marc.info?l=bugtraq&m=139905295427946&w=2)
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
HPSBGN03011 (http://marc.info?l=bugtraq&m=139833395230364&w=2)
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
SSRT101846 (http://marc.info?l=bugtraq&m=142660345230545&w=2)
20140409 Re: heartbleed OpenSSL bug CVE-2014-0160 (http://seclists.org/fulldisclosure/2014/Apr/109)
HPSBMU03037 (http://marc.info?l=bugtraq&m=140724451518351&w=2)
SECTRACK-1030080 (http://www.securitytracker.com/id/1030080)
SECUNIA-57836 (http://secunia.com/advisories/57836)
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
HPSBMU03012 (http://marc.info?l=bugtraq&m=139808058921905&w=2)
HPSBST03001 (http://marc.info?l=bugtraq&m=139758572430452&w=2)
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
https://filezilla-project.org/versions.php?type=server
HPSBMU03023 (http://marc.info?l=bugtraq&m=139843768401936&w=2)
SECUNIA-57483 (http://secunia.com/advisories/57483)
20140409 OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed)
http://www.kerio.com/support/kerio-control/release-history
http://advisories.mageia.org/MGASA-2014-0165.html
http://www.blackberry.com/btsc/KB35882
HPSBMU03044 (http://marc.info?l=bugtraq&m=140075368411126&w=2)
HPSBMU03030 (http://marc.info?l=bugtraq&m=139905351928096&w=2)
SECTRACK-1030081 (http://www.securitytracker.com/id/1030081)
FEDORA-2014-4879 (http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html)
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (http://www.securityfocus.com/archive/1/534161/100/0/threaded)
FEDORA-2014-4910 (http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html)
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
FEDORA-2014-9308 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html)
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
HPSBMU03013 (http://marc.info?l=bugtraq&m=139824993005633&w=2)
SECTRACK-1030079 (http://www.securitytracker.com/id/1030079)
http://rhn.redhat.com/errata/RHSA-2014-0377.html
HPSBMU02995 (http://marc.info?l=bugtraq&m=139722163017074&w=2)
HPSBPI03031 (http://marc.info?l=bugtraq&m=139889295732144&w=2)
https://code.google.com/p/mod-spdy/issues/detail?id=85
HPSBMU02999 (http://marc.info?l=bugtraq&m=139765756720506&w=2)
HPSBGN03010 (http://marc.info?l=bugtraq&m=139774703817488&w=2)
HPSBMU03029 (http://marc.info?l=bugtraq&m=139905202427693&w=2)
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release
HPSBMU03018 (http://marc.info?l=bugtraq&m=139817782017443&w=2)
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
HPSBMU03040 (http://marc.info?l=bugtraq&m=140015787404650&w=2)
http://cogentdatahub.com/ReleaseNotes.html
HPSBMU03025 (http://marc.info?l=bugtraq&m=139869720529462&w=2)
HPSBST03016 (http://marc.info?l=bugtraq&m=139842151128341&w=2)
HPSBMU03028 (http://marc.info?l=bugtraq&m=139905243827825&w=2)
HPSBMU03009 (http://marc.info?l=bugtraq&m=139905458328378&w=2)
http://www.f-secure.com/en/web/labs_global/fsc-2014-1
TA14-098A (http://www.us-cert.gov/ncas/alerts/TA14-098A)
SECUNIA-57347 (http://secunia.com/advisories/57347)
[syslog-ng-announce] 20140411 syslog-ng Premium Edition 5 LTS (5.0.4a) has been released (https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html)
20140411 MRI Rubies may contain statically linked, vulnerable OpenSSL (http://seclists.org/fulldisclosure/2014/Apr/173)
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
http://git.openssl.org/gitweb?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
HPSBST03000 (https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken)
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (http://seclists.org/fulldisclosure/2014/Dec/23)
HPSBST03004 (http://marc.info?l=bugtraq&m=139905653828999&w=2)
USN-2165-1 (http://www.ubuntu.com/usn/USN-2165-1)
http://rhn.redhat.com/errata/RHSA-2014-0378.html
HPSBMU02997 (http://marc.info?l=bugtraq&m=139757919027752&w=2)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
EXPLOIT-DB-32764 (http://www.exploit-db.com/exploits/32764)
HPSBMU02994 (http://marc.info?l=bugtraq&m=139757726426985&w=2)
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
HPSBMU03022 (http://marc.info?l=bugtraq&m=139869891830365&w=2)
HPSBST03027 (http://marc.info?l=bugtraq&m=139905868529690&w=2)
HPSBMU03019 (http://marc.info?l=bugtraq&m=139817685517037&w=2)
HPSBMU03062 (http://marc.info?l=bugtraq&m=140752315422991&w=2)
20140408 Re: heartbleed OpenSSL bug CVE-2014-0160 (http://seclists.org/fulldisclosure/2014/Apr/91)
SECTRACK-1030078 (http://www.securitytracker.com/id/1030078)
SECUNIA-59243 (http://secunia.com/advisories/59243)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
HPSBMU03020 (http://marc.info?l=bugtraq&m=139836085512508&w=2)
HPSBST03015 (http://marc.info?l=bugtraq&m=139824923705461&w=2)
http://rhn.redhat.com/errata/RHSA-2014-0376.html
HPSBPI03014 (http://marc.info?l=bugtraq&m=139835844111589&w=2)
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
SECUNIA-57721 (http://secunia.com/advisories/57721)
SECUNIA-57968 (http://secunia.com/advisories/57968)
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
HPSBMU03032 (http://marc.info?l=bugtraq&m=139905405728262&w=2)
SECTRACK-1030082 (http://www.securitytracker.com/id/1030082)
HPSBMU02998 (http://marc.info?l=bugtraq&m=139757819327350&w=2)
EXPLOIT-DB-32745 (http://www.exploit-db.com/exploits/32745)
20140412 Re: heartbleed OpenSSL bug CVE-2014-0160 (http://seclists.org/fulldisclosure/2014/Apr/190)
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
HPSBMU03017 (http://marc.info?l=bugtraq&m=139817727317190&w=2)
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www.openssl.org/news/secadv_20140407.txt
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
SECTRACK-1030074 (http://www.securitytracker.com/id/1030074)
http://support.citrix.com/article/CTX140605
SECUNIA-59139 (http://secunia.com/advisories/59139)
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release
SECUNIA-57966 (http://secunia.com/advisories/57966)
SECTRACK-1030026 (http://www.securitytracker.com/id/1030026)
SECUNIA-59347 (http://secunia.com/advisories/59347)
[tomcat-dev] 20190319 svn commit: r1855831 [26/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E)
[tomcat-dev] 20200203 svn commit: r1873527 [26/30] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E)
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
[tomcat-dev] 20200213 svn commit: r1873980 [31/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E)
Miscellaneous
http://heartbleed.com
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://www.cert.fi/en/reports/2014/vulnerability788210.html
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog
https://gist.github.com/chapmajs/10473815
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis