1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: OpenSSL Heartbleed CVE-2014-0160 3

Attack: OpenSSL Heartbleed CVE-2014-0160 3

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a bounds check vulnerability in OpenSSL which could lead to sensitive information disclosure.

Additional Information

OpenSSL is an open-source implementation of the SSL protocol used by a number of other projects. It is available for various platforms.

OpenSSL is prone to an information disclosure vulnerability. Specifically, this issue occurs because it fails to properly bounds check when handling the TLS 'heartbeat' extension packets.

An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.

Affected

  • OpenSSL 1.0.1f, 1.0.1e, 1.0.1d, 1.0.1c, 1.0.1b, 1.0.1a, and 1.0.1 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube