Heartbleed - Revision history

Lucas Trottier at 04:57, 7 October 2014

2014-10-07T04:57:48Z

Lucas Trottier at 04:57, 7 October 2014

2014-10-07T04:57:20Z

Lucas Trottier: Created page with "{{DISPLAYTITLE:Heartbleed : OpenSSL Heartbeat Extension Vulnerability}} On April 7, 2014, a vulnerability named "Heartbleed" in the OpenSSL cryptography library was publicly ..."

2014-10-07T04:54:50Z

Created page with "{{DISPLAYTITLE:Heartbleed : OpenSSL Heartbeat Extension Vulnerability}} On April 7, 2014, a vulnerability named "Heartbleed" in the OpenSSL cryptography library was publicly ..."

New page

{{DISPLAYTITLE:Heartbleed : OpenSSL Heartbeat Extension Vulnerability}}

On April 7, 2014, a vulnerability named "Heartbleed" in the OpenSSL cryptography library was publicly announced. Heartbleed is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160. OpenSSL is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. It results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, thus the bug's name derives from "heartbeat". The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed.

= Affected Products =
None

= Details =
This vulnerability has no impact on TelcoBridges products or Toolpack developer customer using CentOS 5.x, which use an older version of OpenSSL. The vulnerabilities appeared only starting from OpenSSL 1.0.1 with the support for TLS/DTLS heartbeat extension (RFC6520).

= Software Versions and Fixes =
Not vulnerable

= Update procedure =
Not applicable

@@ Line 1: / Line 1: @@
 {{DISPLAYTITLE:Heartbleed : OpenSSL Heartbeat Extension Vulnerability}}
-On April 7, 2014, a vulnerability named "Heartbleed" in the OpenSSL cryptography library was publicly announced. Heartbleed is registered in the Common Vulnerabilities and Exposures system as '''CVE-2014-0160'''. OpenSSL is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. It results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, thus the bug's name derives from "heartbeat". The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed.
+On April 7 2014, a vulnerability named "Heartbleed" in the OpenSSL cryptography library was publicly announced. Heartbleed is registered in the Common Vulnerabilities and Exposures system as '''CVE-2014-0160'''. OpenSSL is a widely used implementation of the Transport Layer Security (TLS) protocol. Heartbleed may be exploited regardless of whether the party using a vulnerable OpenSSL instance for TLS is a server or a client. It results from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension, thus the bug's name derives from "heartbeat". The vulnerability is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed.
 = Affected Products =