5
MEDIUM

CVE-2014-0160

Published: 07/04/2014 Updated: 23/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

Vulnerability Summary

Advisory (ICSA-14-135-02)

Schneider Electric Wonderware Intelligence Security Patch for OpenSSL Vulnerability

OpenSSL could be made to expose sensitive information over the network, possibly including private keys.

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6.0.2.0 through 6.0.2.43 allows remote attackers to cause a denial of service via crafted TLS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool.

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Vulnerability Trend

Affected Products

Vendor Product Versions
OpensslOpenssl1.0.1, 1.0.1a, 1.0.1b, 1.0.1c, 1.0.1d, 1.0.1e, 1.0.1f, 1.0.2

Vendor Advisories

A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Heartbeat extension Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory All users are urged to upgrade their openssl packages (especial ...
OpenSSL could be made to expose sensitive information over the network, possibly including private keys ...

ICS Advisories

Exploits

/* * CVE-2014-0160 heartbleed OpenSSL information leak exploit * ========================================================= * This exploit uses OpenSSL to create an encrypted connection * and trigger the heartbleed leak The leaked information is * returned within encrypted SSL packets and is then decrypted * and wrote to a file to annoy IDS/foren ...
#!/usr/bin/python # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguinorg) # The author disclaims copyright to this source code import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage='%prog server [options]', description='Test ...
/* * CVE-2014-0160 heartbleed OpenSSL information leak exploit * ========================================================= * This exploit uses OpenSSL to create an encrypted connection * and trigger the heartbleed leak The leaked information is * returned within encrypted SSL packets and is then decrypted * and wrote to a file to annoy IDS/foren ...
# Exploit Title: [OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions] # Date: [2014-04-09] # Exploit Author: [Csaba Fitzl] # Vendor Homepage: [wwwopensslorg/] # Software Link: [wwwopensslorg/source/openssl-101ftargz] # Version: [101f] # Tested on: [N/A] # CVE : [2014-0160] #!/usr/bin/env python ...

Mailing Lists

Affected Products References Summary: has to be done authentication were discovered: were issued by the vendor for authentication see cvemitreorg/cgi-bin/cvenamecgi?name=cve-2014-0160) Effect: not just single systems is able to add, change or delete data within the Streamworks d ...
This python script is a modification of the heartbleed proof of concept exploit that looks for cookies, specifically user sessions ...
Streamworks Job Scheduler Release 7 has all agents using the same X509 certificates and keys issued by the vendor for authentication The processing server component does not check received messages properly for authenticity Agents installed on servers do not check received messages properly for authenticity Agents and processing servers are vul ...
This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak The leaked information is returned encrypted and is then decrypted, decompressed and wrote to a file to annoy IDS/forensics The exploit can set the heatbeart payload length arbitrarily or use two preset values for 0x00 and MAX length The vulnerability occ ...
This memory disclosure exploit is a quick and dirty demonstration of the TLS heartbeat extension vulnerability ...
This exploit is a quick and dirty demonstration of the Heartbleed TLS vulnerability ...
This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics The exploit can set heartbeat payload length arbitrarily or use two preset values for NULL and MAX length ...
OpenSSL TLS Heartbeat extension memory disclosure proof of concept Expansion of the original exploit from Jared Stafford - this one supports multiple SSL/TLS versions ...
Article discussing the SSL 30 fallback and POODLE vulnerabilities Proof of concept code included ...

Nmap Scripts

ssl-heartbleed

Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160). The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)

nmap -p 443 --script ssl-heartbleed <target>

PORT STATE SERVICE 443/tcp open https | ssl-heartbleed: | VULNERABLE: | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption. | State: VULNERABLE | Risk factor: High | Description: | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves. | | References: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 | http://www.openssl.org/news/secadv_20140407.txt |_ http://cvedetails.com/cve/2014-0160/

Metasploit Modules

OpenSSL Heartbeat (Heartbleed) Information Leak

This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of memory contents to loot, and private key recovery. The LEAK_COUNT option can be used to specify leaks per SCAN or DUMP. The repeat command can be used to make running the SCAN or DUMP many times more powerful. As in: repeat -t 60 run; sleep 2 To run every two seconds for one minute.

msf > use auxiliary/scanner/ssl/openssl_heartbleed
      msf auxiliary(openssl_heartbleed) > show actions
            ...actions...
      msf auxiliary(openssl_heartbleed) > set ACTION <action-name>
      msf auxiliary(openssl_heartbleed) > show options
            ...show and set options...
      msf auxiliary(openssl_heartbleed) > run
OpenSSL Heartbeat (Heartbleed) Client Memory Exposure

This module provides a fake SSL service that is intended to leak memory from client systems as they connect. This module is hardcoded for using the AES-128-CBC-SHA1 cipher.

msf > use auxiliary/server/openssl_heartbeat_client_memory
      msf auxiliary(openssl_heartbeat_client_memory) > show actions
            ...actions...
      msf auxiliary(openssl_heartbeat_client_memory) > set ACTION <action-name>
      msf auxiliary(openssl_heartbeat_client_memory) > show options
            ...show and set options...
      msf auxiliary(openssl_heartbeat_client_memory) > run

Github Repositories

knockbleed CVE-2014-0160 mass test against subdomains Requirement: Knock Subdomain Scan by Gianni 'guelfoweb' Amato - githubcom/guelfoweb/knock check-ssl-heartbleed by Steffen Ullrich - githubcom/noxxi/p5-scripts perl python Usage: sid@sweethome:~$ /knockbleedsh myqnapcloudcom Output sid@sweethome:~$ /knockbleedsh myqnapcloudcom Testing acc

This tool allows you to scan multiple hosts for Heartbleed, in an efficient multi-threaded manner This tests for OpenSSL versions vulnerable to Heartbleed without exploiting the server, so the heartbeat request does not cause the server to leak any data from memory or expose any data in an unauthorized manner This Mozilla blog post outlines the method used Usage: ssltestpy

CVE-2014-0160 This is part of Cved: a tool to manage vulnerable docker containers Cved: gitlabcom/git-rep/cved Image source: githubcom/cved-sources/cve-2014-0160 Image author: githubcom/hmlio/vaas-cve-2014-0160

#CloudPassage Heartbleed Check Example Version: 10 Author: Eric Hoffmann - ehoffmann@cloudpassagecom Users can use the provided example script to check for the presence of CVE-2014-0160 aka Heartbleed It uses the Halo API to get the details of the last scheduled or manually launched SVA scan for all active servers It then checks for the OpenSSL package and if CVE-2014-0160

openssl-heartbleed-fix OpenSSL Heartbleed (CVE-2014-0160) Fix script Sammy Fung sammy@sammyhk OpenSSL Heartbleed ([CVE-2014-0160] (wwwus-certgov/ncas/alerts/TA14-098A)) bug is now discovered by network security professionals, which many systems using some OpenSSL versions are affected In theory, it is assumed that SSL certificates on many web servers are affected, so

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

##Docker image simonswine/wheezy-with-heartbleed Docker image with Heartbleed vulnerable SSL library (CVE-2014-0160) With nginx and self signed certs

openmagic openmagic can assist you in the automating testing and exploiting of systems vulnerable to the OpenSSL TLS heartbeat read overrun (CVE-2014-0160) The base module wraps a modified version of the "ssltestpy" program by Jared Stafford and provides the following additional features: Save the leaked data in a raw format for later analisys Resolve the IP so tha

HeartLeak Yet, another exploitation script for the most buzzed bug of all the time The script has two features: scan: Generates random hosts (IP addresses), checks if they supports OpenSSL, test them if they vulnerable to CVE-2014-0160 (Heartbeat Buffer over-read bug) and save vulnerable hosts in a TXT file monitor: This keeps sending malicious heartbeat requests, dumps leaked

MaltegoHeartbleed Maltego transform to detect the OpenSSL Heartbleed vulnerability (CVE-2014-0160) For more information read the write-up on my blog: disk0nn3ctsvbtlecom/maltego-openssl-heartbleed-transform

Heartbleeder Tests your servers for OpenSSL CVE-2014-0160 aka Heartbleed WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build Pull requests welcome Usage $ heartbleeder examplecom INSECURE - examplecom:443 has the heartbeat extension enabled and is vulnerable Multiple hosts Multiple hosts ma

Heartbleed Scanner Network Scanner for OpenSSL Memory Leak (CVE-2014-0160) -t parameter to optimize the timeout in seconds -f parameter to log the memleak of vulnerable systems -n parameter to scan entire network -i parameter to scan from a list file Useful if you already have targets -r parameter to randomize the IP addresses to avoid linear scanning -s parameter to exp

ssl-heartbleednse Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160 This script is now basically the one Patrik Karlsson wrote with some minor changes ported from my own script Features Includes support for FTP,SMTP,XMPP (githubcom/nmap/nmap/blob/master/nselib/sslcertlua#L231) Supports all versions of TLS (TLSv10, TLSv11, TLSv12) Print leaked m

Vulnerability as a Service - CVE 2014-0160 A Debian (Wheezy) Linux system with a vulnerable version of libssl and openssl and a web server to showcase CVS-2014-0160, aka Heartbleed Overview This docker container is based on Debian Wheezy and has been modified to use a vulernable version of libssl and openssl A simple static web page is served via Apache 2 Usage Install th

Heartexploit Aquí está mi nuevo y primer exploit, este exploit ataca a la vulnerabilidad de HeartBleed (CVE-2014-0160), espero que os guste Este exploit solo funciona en linux ya que parte esta echa en idiomas no compatibles con windows El único comando que hay que poner para iniciar esta aplicación es: /Heartexploitsh No hace falta decir que e

Pacemaker Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed (CVE-2014-0160) Compatible with Python 2 and 3 Am I vulnerable? Run the server: python pacemakerpy In your client, open localhost:4433/ (replace the hostname if needed) For example: curl localhost:4433/ The client will always fail to connect: curl: (35) Unknown SSL protocol error

heartbleed-dtls-test POC for CVE-2014-0160 (Heartbleed) for DTLS License This code is licensed uder the BSD 3-Clause License (file LICENSE), which is 99% identical to Go's license (file LICENSEgolang) Given that large parts of this code are copied/inspired by golang's tls code, both license files are included to adhere to golang's license

Heartbleed A checker (site and tool) for CVE-2014-0160 Public site at filippoio/Heartbleed/ Tool usage: Heartbleed [-service="service_name"] examplecom[:443] Heartbleed service_name://examplecom[:443] Exit codes: 0 - SAFE; 1 - VULNERABLE; 2 - ERROR (recently changed) See the online FAQ for an explanation of error messages including TIMEOUT and BR

Test 1Password database for Heart Bleeding problems Test script for 1Password database for SSL Heart Bleeding (CVE-2014-0160) To test 1Password database export it to local disk Locate file data1pif and run in same directory: git clone githubcom/aefimov/heatbleedinggit /heatbleeding/test_1password_ssl_hostssh If all OK, then remove exported database from disk If

Patrik Karlsson have implemented ssl-heartbleed and commited into svnnmaporg you can get it from svnnmaporg/nmap/scripts/ssl-heartbleednse they have a discussion here: seclistsorg/nmap-dev/2014/q2/22 get more details from heartbleedcom Credit to author of ssltestpy to s3jspenguinorg/ssltestpy nmap -p 443 -sC --script /nmap/heartblee

Heartbleed A checker (site and tool) for CVE-2014-0160 Software from @FiloSottile for iSC Inc

HeartBleed-Vulnerability-Checker author = 'WaQas-JaMal' Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguinorg) &amp; The author disclaims copyright to this source code ''' I have modified this script to take any input url file Check it for valid tld from provided set of urls, create unique set and parse that to

Heartbleed OpenVPN test with support for HMAC Firewall and server mode Description This script can be used to test OpenVPN servers and clients for the Heartbleed vulnerability (CVE-2014-0160) It supports the OpenVPN "HMAC Firewall" (--tls-auth) Usage /heartbleed_test_openvpnpy [--remote host [port]] [--tls-auth file [direction]] The exit status is 11 if the vulne

HeartBleed DotNet Drawing on the great work of others, and the disturbingly simple PoC attack, I wanted to write a NET implementation so that I could run the PoC against some embedded devices running IPv6 only, and in a windows environment where I couldn't (or couldn't be bothered) installing python or go I hope this is of use to someone else DotNet OpenSSL Heartbl

paraffin Paraffin is tool to run your JS unit tests in different environnements: Nodejs: your tests are run locally inside nodejs for very fast execution Selenium: You can run your tests using selenium grid to tests in real browsers SauceLabs: Selenium + cloud Get access to 300+ browser/os combination Changelog v092 2014-04-11: [SECURITY] Update to Sauce connect ver

README This is a fork of ioerror's version of sslscan (the original readme of which is included below) Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output Highlight CBC ciphers on SSLv3 (POODLE) Highlight 3DES and RC4 ciphers in output Highlight PFS+GCM ciphers as good in output Highlight NULL (0 bit), weak (&lt;40 bit) and medium (40 &lt; n

Testing Heartbleed with Nginx Dockerfile This repository contains Dockerfile of Nginx with the vulnerable OpenSSL version (101f) for testing CVE-2014-0160 Heartbleed Vulnerability Base Docker Image debian:latest Installation Install Docker Example with Debian: apt-get install -y docker Download from public Docker Hub Registry the debian base image: docker pull debian

Nmap NSE Scripts The following scripts are available in official Nmap repositories: ip-https-discovernse knx-gateway-discovernse knx-gateway-infonse sstp-discovernse knx-gateway-infonse This script establishes a unicast connection to a specific device in order to retrieve information This can be used to eg retrieve gateways information over the Internet Usage # nmap

crypto POODLE(Padding Oracle On Downgraded Legacy Encryption) In SSL 30 protocol, to encrypts plaintext message, it first creates a MAC and appends the MAC to the message(MAC-then-Encrypt) Padding is then added at the end to make the message an integral number of blocks in length Note that padding length is not covered by MAC Also content of padding is also unpsecified, TL

Exploits This repo is related to exploits R&amp;D HeartBleed Tester &amp; Exploit Tool Guide If you want to mass scan, the NMAP script is currently your best bet For the largest number of protocols supports (STARTTLS) check the modified Metasploit script If you want to actually exploit, use the python script (mods required for STARTTLS on non-smtp) Python Tool Usage

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @infoslack Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Si

Awesome-Hacking Awesome Hacking Awesome Web Hacking Table of Contents Books Documentation Tools Cheat Sheets Docker Vulnerabilities Courses Online Hacking Demonstration Sites Labs SSL Security Ruby on Rails Books wwwamazoncom/The-Web-Application-Hackers-Handbook/dp/8126533404/ The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws ww

CVE-2014-0160 Links githubcom/DisK0nn3cT/MaltegoHeartbleed githubcom/a0726h77/heartbleed-test githubcom/musalbas/heartbleed-masstest githubcom/decal/ssltest-stls githubcom/isgroup-srl/openmagic githubcom/offensive-python/HeartLeak Nmap nmap -sV -PS443 --open --script=ssl-heartbleed -iR 0 Cisco &amp; DD-WRT securit

coronary Tests CIDR blocks for OpenSSL CVE-2014-0160 aka Heartbleed Inspired by Jonathan Rudenberg's heartbleeder Using $ coronary 19216810/24 Scanning: 192168111/22 VULNERABLE - 192168171:443 has the heartbeat extension enabled and is vulnerable to CVE-2014-0160 SECURE - 1921681119:443 does not have the heartbeat extension enabled VULNERABLE - 192168172:

OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner, data miner and RSA key-restore tools Author: Einar Otto Stangvik / @einaros / hackingventures Since the cat is long since out of the bag, and others have begun publishing their tools, I'm putting mine out there too Hopefully this amplifies the pressure on those that still haven't patched or upgraded

HeartBleed Tester &amp; Exploit NB Nearly all the tools (nmap, metasploit, nessus, even burp) have the most up to date versions of their scanners These tools were released at the early stages when tools were still being developed Rather use those than these now Tool Guide If you want to mass scan, the NMAP script is currently your best bet For the largest number of pro

patch-openssl-CVE-2014-0160 Patch openssl #heartbleed with ansible Usage : pip install ansible ansible-playbook -i your_inventory_file patch-openssl-CVE-2014-0160yml your_inventory_file just need to contain your server list : 192168010 webserver1examplecom webserver2examplecom db1examplecom Support Upgrade openssl on Debian Family OS Restart some services impacted

bleed bleed is a tool to test servers for the 'Heartbleed' vulnerability (CVE-2014-0160) Usage $ bleed exampleorg &gt; Connecting &gt; Sending Client Hello Waiting for Server Hello &lt; Received message: type = 22, ver = 0302, length = 61 &lt; Received message: type = 22, ver = 0302, length = 6442 &lt; Received message: type = 22, ver = 0

makeItBleed Is a tool/website to test servers for the 'Heartbleed' vulnerability (CVE-2014-0160) Visit makeitbleedorg

cve-2014-0160-Yunfeng-Jiang The reading course report Reading_Course_Reportpdf Detect tools 1) heartbleedpy (gistgithubcom/eelsivart/10174134) Usage: python heartbleedpy hostname 2) ssltestpy (githubcom/Lekensteyn/pacemaker/blob/master/ssltestpy) Usage: python ssltestpy hostname 3) check-ssl-heartbleedpl ( githubcom/noxxi/p5-ssl-tools/b

Heartbleed chrome plugin DEPRECATED Chrome plugin who will look-up if the current site (and all subdomains called) are vulnerable to CVE-2014-0160 The vulnerability check is done by an API service who's now dead (it wasn't in 2014!) May the code can be useful to someone anyway, if someone found a new API provider for heartbleed check See also, the edited CVE-2014-0

Cardiac Arrest Hut3 Cardiac Arrest - A script to check OpenSSL servers for the Heartbleed bug (CVE-2014-0160) Note: This code was originally a GitHub Gist but has been copied to a full GitHub Repository so issues can also be tracked Both will be kept updated with the latest code revisions DISCLAIMER: There have been unconfirmed reports that this script can render HP iLO unre

CVE-2014-0160-Scanner This is a simple php command line script to check an array of domains for the CVE-2014-0160 vuln to run: php indexphp Credits: It uses the service provided by filippoio/Heartbleed/

mbentley/testssl docker image for testssl (testsslsh/) To pull this image: docker pull mbentley/testssl Common usage: Run full test suite: docker run -it --rm mbentley/testssl mbentleynet Display full command usage: docker run -it --rm mbentley/testssl Test for Heartbleed (CVE-2014-0160): docker run -it --rm mbentley/testssl -B mbentleynet Test for SSLv3 (and list av

heartbleed_openvpn_poc Script to encapsulate heartbleed (CVE-2014-0160) POC's against OpenVPN Built by Tommy Murphy (@tam7t) to investigate vulnerable dd-wrt build Usage python openvpn-proxypy &lt;openvpn server address&gt; python heartbleed-pocpy localhost Limitations UDP only (no TCP) implementing --tls-auth would block this (that would require HMAC'ing

Heartbleed A checker (site and tool) for CVE-2014-0160 Public site at filippoio/Heartbleed/ Tool usage: Heartbleed [-service="service_name"] examplecom[:443] or: Heartbleed service_name://examplecom[:443] Exit codes: 0 - SAFE; 1 - VULNERABLE; 2 - ERROR (recently changed) Please note that the code is a bit of a mess, not exactly release-ready If a service

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents AGS Script (1) ASP (1) ActionScript (1) Agda (3) Assembly (8) AutoHotkey (1) Awk (3) Batchfile (1) Bro (1) C (285) C# (40) C++ (502) CMake (6) CSS (152) Clojure (10) CoffeeScript (85) Common Lisp (3) Crystal (1) Cuda (1) Dart (2) Dockerfile (3) Elixir (3) Emacs Lisp (5) Erlang (10) F# (1) For

Heartpot This Python script is a tiny honeypot for Heartbleed(CVE-2014-0160) If you use this script by default port(443/tcp), you should run by root Usage: heartpotpy Output format: Date/time, Source IP address, Protocol, Payload Output example: [2014-04-13 01:59:23],192168122,SSL,1803000003014000 2014/Apr/13th wwwmorihi-socnet/ Kazuaki Morihisa (@k_morihisa)

smpl-build-test Changelog v080 2014-04-11: [SECURITY] Update paraffin to v092 Fix Heartbleed (CVE-2014-0160) bug when using Sauce Connect Links Code statistics Licence This project is licenced under the MIT Licence See LICENCEtxt for details

README This is a fork of ioerror's version of sslscan (the original readme of which is included below) Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output Highlight CBC ciphers on SSLv3 (POODLE) Highlight RC4 ciphers in output Highlight GCM ciphers as good in output Highlight NULL (0 bit), weak (&lt;40 bit) and medium (40 &lt; n &lt;= 56) c

nmap-heartbleed nmap NSE plugin to scan for the Heartbleed Vulnerability in OpenSSL See: wwwopensslorg/news/secadv_20140407txt cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2014-0160 Authors and License in the file

heartbleedjs openssl Heartbleed bug check for Nodejs check result {"code":0,"data":"1803021003020ff0d8030253435b909d9b720bbc0cbc2b92a84897cfbd3904cc160a8503909"} code: 0 vulnerable (存在漏洞) code: 1 not vulnerable (不存在漏洞) Demo npm install heartbleed-check var heartbleed = require('heartbleed-check'); appget(�

Heartbleed Checker API for testing for OpenSSL CVE-2014-0160 aka Heartbleed WARNING: This is very untested, and you should verify the results independently Pull requests welcome Usage $ bundle install $ puma configru Credits Relies on heartbleeder by titanous

$ python get_website_urlspy "search_string" &gt; websitestxt $ sh heartbleed-testsh websitestxt | tee -a scan_resultlog

awesome-web-hacking This list is for anyone wishing to learn about web application security but do not have a starting point You can help by sending Pull Requests to add more information If you're not inclined to make PRs you can tweet me at @xKaliSec Table of Contents Books Documentation Tools Docker Vulnerabilities Courses Labs SSL Security Ruby on Rails Books http:

PHP-Webshells-Collection Most Wanted Private and Public PHP Web Shells Can Be Downloaded Here (Educational Purpose Only) I am not responsible for how you use this stuff Default Password for All Shells (if not available in shell description): wso Tools PHP deobfuscators: Online: FOPO PHP Deobfuscator ver 01 | ver 02 Sucuri's PHP decoder Toolki's PHP decoder un

Awesome Security A collection of awesome software, libraries, documents, books, resources and cool stuff about security Inspired by awesome-php, awesome-python Thanks to all contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of very well-known resources Awesome Security Network Scann

bleeding_heartssh Quick and Dirty Heartbleed SSL Scanner Usage : '/bleeding_heartssh domain-listtxt' Output Examples : 'TLS server extension heartbeat' The above output should be further investigated to verify the vulnerability More Info: securitypimpnet/2014/04/09/death-by-heartbleed/ cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2014-0

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ActionScript Agda ApacheConf Assembly Batchfile Bro C C# C++ CSS Clojure CoffeeScript Common Lisp Component Pascal Cuda Elm Erlang Go HTML Haskell Java JavaScript Julia Jupyter Notebook Kotlin LiveScript Lua Makefile Nginx OCaml Objective-C Objective-C++ Others PHP Perl PigLatin PowerShell Pytho

The Heartbleed test server With caching by Mozilla Install the SAMPLEaws-configjson as ~/aws-configjson or /etc/aws-configjson or in a path specified by the GODYNAMO_CONF_FILE env var Usage: HBserver --redir-host=&lt;host&gt; [--listen=&lt;addr:port&gt; --expiry=&lt;duration&gt;] HBserver -h | --help HBserver --version Options: --redir-h

Example Code for The Glitch Works The following files are bits of example code from writeups at wwwglitchwrkscom display_testpy This Python script will write a bitmapped test pattern to the Sabernetics Mini-I2C OLED display connected to a Bus Pirate Tested with Python 323 and pySerial 26-2 injectorpy and injectablepy Demonstrate dependency injection with Python

EE-skaneerimine ja analüüsimine Eesmärk on skaneerida kogu EE Internet ja leida lahendus, mis võimaldaks töödelda saadud skaneeringu tulemusi sellisele kujule, et neid andmeid oleks võimalik hoiustada ajalooliselt, ja et tekiks visuaalne arusaam turvanõrkustega seadmetest ja veebiteenustest EE Internetis Hetke lahenduse ülevaa

Security Tools A set of tools I use for pentesting For example the heartbleed-test checks for CVE-2014-0160 Usage: $ heartbleed servercom -p 443 Install Copy the files into directory /usr/bin/ or /usr/sbin/ Make sure are they executable sudo chmod +x SCRIPTNAME For some scripts you will need python2 to run, open your terminal and run $ which python2 Use the output

ares ares is an APACHE licensed library written in Python providing an easy to use wrapper around cvecircllu This library has been tested with Python 27x and Python 36x Installation: From source use $ python setuppy install or install from PyPi $ pip install ares Documentation: GET /api/browse/ GET /api/browse/vendor &gt;&gt;&gt; from a

PyCVESearch is an easy to use wrapper around cve-search, defaulting on cvecircllu This library is based on the work of Martin Simon and Kai Renken Installation: From source use $ pip install Documentation: GET /api/browse/ GET /api/browse/vendor &gt;&gt;&gt; from pycvesearch import CVESearch &gt;&gt;&gt; cve = CVESearch() &gt;&am

heartbleed-masstest This repo contains a script to automatically test sites for vulnerability to the Heartbleed Bug (CVE-2014-0160) This repo was created in a separate part as an initiative to track the top sites in the MENA region Our work is based on the script test found here: (githubcom/musalbas/heartbleed-masstest) This repo also contains test results for the Al

heartbleed-docker-container Dockerfile to create a Heartbleed-able interactive container Why? I didn't want to mess with Go in my system so I made a Heartbleed-able container with the tool precompiled and ready to check for the vuln Usage Pull the trusted build: docker pull rcmorano/heartbleed Or build an image from source Dockerfile: wget -O /tmp/Dockerfileheartbleed

ssl-heartbleednse A variant of Patrik Karlsson's ssl-heartbleed script for Nmap The detection script is, effectively, the same The reporting script aids in aggregating detection results Please note that StartTLS-using protocols are not supported usage Invoke nmap, specifying the detection and reporting scripts $ nmap -T4 -p T443,T8443 --script /path/to/my-ssl-heartbl

Heartbleed OpenVPN test script Description This is a test script to test OpenVPN server for CVE-2014-0160 vulnerability The script tries to connect to the server, while doing so it will send a modified heartbeat request Installation Its a python script which needs Python 2, check your Distro of choice To use it, simply clone it from Github git clone githubcom/falsta

awesome-go A curated list of awesome Go frameworks, libraries and software golang/go - The Go programming language moby/moby - Moby Project - a collaborative project for the container ecosystem to assemble container-based systems kubernetes/kubernetes - Production-Grade Container Scheduling and Management avelino/awesome-go - A curated list of awesome Go frameworks, libraries

Awesome Penetration Testing ("githubcom/Muhammd/Awesome-Pentest") A collection of awesome penetration testing resources Online Resources Penetration Testing Resources Exploit development Social Engineering Resources Lock Picking Resources Tools Penetration Testing Distributions Basic Penetration Testing Tools Docker for Penetration Testing Vulnerability

docker-vulnerability-environment 这个项目是为了使用 docker 部署 Web 漏洞测试环境, 可随时创建随时删除。 当前项目包括: bWAPP、DVWA、OWASP Broken Web Applications Project等多个漏洞测试环境。 环境列表 bWAPP xssed DVWA WebGoat DVWA-WooYun-edition DSVW WAVSEP OWASP Security Shepherd OWASP Broken Web Applications Project(未完成) xvw

visualiseerimisplatvorm-DATA Lahendus 1 Kasutan test1_backupcsv datat ja logstashi kv pluginat: kv { source =&gt; "TAGS" field_split =&gt; ";" value_split =&gt; ":" target =&gt; "TAGS" } Tulemus on: Tekivad field-id aga puudulikud, nt Isegi ku mul on CSV failis TAGS headi all olemas ka cve:CVE-2018-0111; vä

Awesome Penetration Testing A collection of awesome penetration testing resources Online Resources Penetration Testing Resources Exploit development Social Engineering Resources Lock Picking Resources Tools Penetration Testing Distributions Basic Penetration Testing Tools Docker for Penetration Testing Vulnerability Scanners Network Tools Wireless Network Tools SSL Analys

Awesome Hacking A curated list of awesome Hacking Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20 For a list of free hacking books available for download, go here Table of Contents System Tutorials Tools Docker General Reverse Engineering Tutorials Tools General Web Tools Netwo

超棒黑客必备表单 English Version 一份精美的黑客必备表单,灵感来自于超棒的机器学习,如果您想为此列表做出贡献(欢迎),请在github给我一个pull或联系我@carpedm20,有关可供下载的免费黑客书籍列表,请点击此处。 目录 系统方面 教程 工具 Docker 常用 逆向方面 教程 工具 常用 Web

libfuzzer-workshop Materials of "Modern fuzzing of C/C++ Projects" workshop The first version of the workshop had been presented at ZeroNights'16 security conference Requirements 2-3 hours of your time Linux-based OS C/C++ experience (nothing special, but you need to be able to read, write and compile C/C++ code) a recent version of clang compiler Distributio

Vulners API v3 Python wrapper Description Python 2/3 library for the Vulners Database It provides search, data retrieval, archive and vulnerability scanning API's for the integration purposes With this library you can create powerful security tools and get access to the world largest security database Python version Library was tested on a python2 and python3 How to in

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

pentest-tools a collection of best pentest resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Contents Online Resources Penetration Testing Resources Exploit Development Open Source Intelligence (OSINT) Resources Social

go-cve-dictionary This is tool to build a local copy of the NVD (National Vulnerabilities Database) [1] and the Japanese JVN [2], which contain security vulnerabilities according to their CVE identifiers [3] including exhaustive information and a risk score The local copy is generated in sqlite format, and the tool has a server mode for easy querying [1] enwikipedia

Awesome Penetration Testing A collection of awesome penetration testing resources Online Resources Penetration Testing Resources Exploit development Social Engineering Resources Lock Picking Resources Tools Penetration Testing Distributions Basic Penetration Testing Tools Docker for Penetration Testing Vulnerability Scanners Network Tools Wireless Network Tools SSL Analys

Web vulnerability collection githubcom/adamdoupe/WackoPicko WackoPicko is a website that contains known vulnerabilities It was first used for the paper Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners SQLi, XSS wwwdvwacouk/ XSS githubcom/google/firing-range SQLi githubcom/Audi-1/sqli-labs IBM XSS test suit

Awesome Penetration Testing A collection of awesome penetration testing resources Online Resources Penetration Testing Resources Exploit development Social Engineering Resources Lock Picking Resources Tools Penetration Testing Distributions Basic Penetration Testing Tools Docker for Penetration Testing Vulnerability Scanners Network Tools Wireless Network Tools SSL Analys

Vulners API v3 Python wrapper Description Python 2/3 library for the Vulners Database It provides search, data retrieval, archive and vulnerability scanning API's for the integration purposes With this library you can create powerful security tools and get access to the world largest security database Python version Library was tested on a python2 and python3 How to in

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Vulnerability Checks heartbleedsh - CVE-2014-0160 poodlesh - CVE-2014-3566 freaksh - CVE-2015-0204

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

rt-n56u ASUS RT-N11P/N14U/N56U/N65U/AC51U/AC54U/AC1200HP custom firmware 3X39-095 by Padavan Project sources: git clone codegooglecom/p/rt-n56u/ Git HTTP frontend: codegooglecom/p/rt-n56u/source/list ATTENTION: After the first upgrade from official firmware, all settings will be erased Do not load settings (CFG file) from official firmware!!! After upgr

The securityrouterorg project is a network operating system and software distribution based on OpenBSD which is developed and maintained by Halon Security New systems are deployed by downloading a software image The easiest way to update existing systems is to perform an automatic update from within the product's administration New major versions can contain configurat

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

MassBleed SSL Vulnerability Scanner USAGE: sh massbleedsh [CIDR|IP] [single|port|subnet] [port] [proxy] ABOUT: This script has four main functions with the ability to proxy all connections: To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh massbleedsh 19216800/16) To scan any CIDR range for OpenSSL vulnerabilities via any cust

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

Recent Articles

It's 2017 and 200,000 services still have unpatched Heartbleeds
The Register • Darren Pauli • 23 Jan 2017

What does it take to get people patching? Not Reg readers, obviously. Other, silly people

Some 200,000 systems are still susceptible to Heartbleed more than two years and 9 months after the huge vulnerability was disclosed.
Patching efforts spiked after news dropped in April 2014 of the world's most well-known and at the time then most catastrophic bug.
The vulnerability (CVE-2014-0160) that established the practice of branding bugs lived up to its reputation: the tiny flaw in OpenSSL allows anyone to easily and quietly plunder vulnerable systems stealing passwords, login...

The world’s biggest bug bounty payouts
welivesecurity • Editor • 03 Aug 2015

So-called ‘bug bounties’ are offered by some of the world’s largest websites and software companies to ensure that software bugs are found and fixed by friendly security researchers, rather than by malicious hackers who could use the same flaws to cause significant damage.
Bug bounties are a relatively new phenomenon but, in recent years, have become a significant security measure for modern businesses, especially if that business is heavily reliant on the web.
In days gone by,...

Apple stabs Heartbleed bug in AirPort Extreme, Time Capsule gear
The Register • Shaun Nichols in San Francisco • 24 Apr 2014

Don't worry, everything else is still safe ... we think

Apple has posted a security update to address instances of the Heartbleed security vulnerability in its AirPort router and file back-up gadgets.
The company said that a firmware update for the AirPort Extreme and AirPort Time Capsule home network appliances would address the infamous CVE-2014-0160 OpenSSL security vulnerability, better known by the nickname Heartbleed.
The flaw, in which an attacker can extract in-memory data from a targeted server, has sent shockwaves through the se...

Oracle Gives Heartbleed Update, Patches 14 Products
Threatpost • Chris Brook • 21 Apr 2014

As the dominoes continue to fall around Heartbleed, Oracle is doing its best to keep users apprised of its ongoing efforts to patch software that may be vulnerable to the OpenSSL vulnerability.
In a document updated early this morning Oracle gave its customers five separate updates regarding:
Most of the updates given by Oracle refer to Heartbleed not by its buzzy nickname but by its official Common Vulnerabilities and Exposures number, CVE-2014-0160.
More than 100 products –...

Heartbleed vuln under ACTIVE ATTACK as hackers map soft spots
The Register • John Leyden • 11 Apr 2014

Incoming

Hackers are posting massive lists of domains vulnerable to the infamous Heartbleed bug, security researchers warn.
The warning comes amidst other evidence that the vulnerability is under active attack from hackers possibly based in China and elsewhere, targeting financial services firms among others.
Fraud protection firm Easy Solutions reports that black hats are posting huge lists of 10,000+ domains that have been run through the automated web-based Heartbleed vulnerability checkin...

Revoke, reissue, invalidate: Stat! Security bods scramble to plug up Heartbleed
The Register • John Leyden • 09 Apr 2014

Paper is safe. Clay tablets too

The startling password-spaffing vulnerability in OpenSSL affects far more than web servers, with everything from routers to smartphones also at risk.
The so-called “Heartbleed” vulnerability (CVE-2014-0160) can be exploited to extract information from the servers running vulnerable version of OpenSSL, and this includes email servers and Android smartphones as well as routers.
Hackers could potentially gain access to private encryption key before using this information to decipher...

References

CWE-119http://advisories.mageia.org/MGASA-2014-0165.htmlhttp://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/http://cogentdatahub.com/ReleaseNotes.htmlhttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3http://heartbleed.com/http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2014-04/msg00061.htmlhttp://marc.info/?l=bugtraq&m=139722163017074&w=2http://marc.info/?l=bugtraq&m=139757726426985&w=2http://marc.info/?l=bugtraq&m=139757819327350&w=2http://marc.info/?l=bugtraq&m=139757919027752&w=2http://marc.info/?l=bugtraq&m=139758572430452&w=2http://marc.info/?l=bugtraq&m=139765756720506&w=2http://marc.info/?l=bugtraq&m=139774054614965&w=2http://marc.info/?l=bugtraq&m=139774703817488&w=2http://marc.info/?l=bugtraq&m=139808058921905&w=2http://marc.info/?l=bugtraq&m=139817685517037&w=2http://marc.info/?l=bugtraq&m=139817727317190&w=2http://marc.info/?l=bugtraq&m=139817782017443&w=2http://marc.info/?l=bugtraq&m=139824923705461&w=2http://marc.info/?l=bugtraq&m=139824993005633&w=2http://marc.info/?l=bugtraq&m=139833395230364&w=2http://marc.info/?l=bugtraq&m=139835815211508&w=2http://marc.info/?l=bugtraq&m=139835844111589&w=2http://marc.info/?l=bugtraq&m=139836085512508&w=2http://marc.info/?l=bugtraq&m=139842151128341&w=2http://marc.info/?l=bugtraq&m=139843768401936&w=2http://marc.info/?l=bugtraq&m=139869720529462&w=2http://marc.info/?l=bugtraq&m=139869891830365&w=2http://marc.info/?l=bugtraq&m=139889113431619&w=2http://marc.info/?l=bugtraq&m=139889295732144&w=2http://marc.info/?l=bugtraq&m=139905202427693&w=2http://marc.info/?l=bugtraq&m=139905243827825&w=2http://marc.info/?l=bugtraq&m=139905295427946&w=2http://marc.info/?l=bugtraq&m=139905351928096&w=2http://marc.info/?l=bugtraq&m=139905405728262&w=2http://marc.info/?l=bugtraq&m=139905458328378&w=2http://marc.info/?l=bugtraq&m=139905653828999&w=2http://marc.info/?l=bugtraq&m=139905868529690&w=2http://marc.info/?l=bugtraq&m=140015787404650&w=2http://marc.info/?l=bugtraq&m=140075368411126&w=2http://marc.info/?l=bugtraq&m=140724451518351&w=2http://marc.info/?l=bugtraq&m=140752315422991&w=2http://marc.info/?l=bugtraq&m=141287864628122&w=2http://marc.info/?l=bugtraq&m=142660345230545&w=2http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3http://rhn.redhat.com/errata/RHSA-2014-0376.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0377.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0378.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0396.htmlhttp://seclists.org/fulldisclosure/2014/Apr/109http://seclists.org/fulldisclosure/2014/Apr/173http://seclists.org/fulldisclosure/2014/Apr/190http://seclists.org/fulldisclosure/2014/Apr/90http://seclists.org/fulldisclosure/2014/Apr/91http://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/57347http://secunia.com/advisories/57483http://secunia.com/advisories/57721http://secunia.com/advisories/57836http://secunia.com/advisories/57966http://secunia.com/advisories/57968http://secunia.com/advisories/59139http://secunia.com/advisories/59243http://secunia.com/advisories/59347http://support.citrix.com/article/CTX140605http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleedhttp://www-01.ibm.com/support/docview.wss?uid=isg400001841http://www-01.ibm.com/support/docview.wss?uid=isg400001843http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661http://www-01.ibm.com/support/docview.wss?uid=swg21670161http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdfhttp://www.blackberry.com/btsc/KB35882http://www.debian.org/security/2014/dsa-2896http://www.exploit-db.com/exploits/32745http://www.exploit-db.com/exploits/32764http://www.f-secure.com/en/web/labs_global/fsc-2014-1http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdfhttp://www.kb.cert.org/vuls/id/720951http://www.kerio.com/support/kerio-control/release-historyhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:062http://www.openssl.org/news/secadv_20140407.txthttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/66690http://www.securitytracker.com/id/1030026http://www.securitytracker.com/id/1030074http://www.securitytracker.com/id/1030077http://www.securitytracker.com/id/1030078http://www.securitytracker.com/id/1030079http://www.securitytracker.com/id/1030080http://www.securitytracker.com/id/1030081http://www.securitytracker.com/id/1030082http://www.splunk.com/view/SP-CAAAMB3http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00http://www.ubuntu.com/usn/USN-2165-1http://www.us-cert.gov/ncas/alerts/TA14-098Ahttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0https://blog.torproject.org/blog/openssl-bug-cve-2014-0160https://bugzilla.redhat.com/show_bug.cgi?id=1084875https://code.google.com/p/mod-spdy/issues/detail?id=85https://filezilla-project.org/versions.php?type=serverhttps://gist.github.com/chapmajs/10473815https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetokenhttps://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.htmlhttps://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.htmlhttps://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217https://www.cert.fi/en/reports/2014/vulnerability788210.htmlhttps://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008https://www.rapid7.com/db/vulnerabilities/vmsa-2014-0004-cve-2014-0160-workstationhttps://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2014-0160http://seclists.org/fulldisclosure/2019/Jan/42https://nvd.nist.govhttps://usn.ubuntu.com/2165-1/https://ics-cert.us-cert.gov/advisories/ICSA-14-135-02https://www.exploit-db.com/exploits/32998/https://ics-cert.us-cert.gov/advisories/ICSA-14-105-03Bhttps://www.rapid7.com/db/vulnerabilities/ibm-was-cve-2014-0964