CVE-2014-0160

7.5

HIGH

OpenSSL Information Disclosure Vulnerability - [Actively Exploited]

Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

INFO

Published Date :

April 7, 2014, 10:55 p.m.

Last Modified :

July 2, 2024, 4:52 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

3.9

CISA Notification

CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Due Date: May 25, 2022

Alert Date: May 04, 2022 | 869 days ago

Description :

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

Required Action :

Apply updates per vendor instructions.

Public PoC/Exploit Available at Github

CVE-2014-0160 has a 510 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2014-0160 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Siemens	wincc_open_architecture
2	Siemens	simatic_s7-1500_firmware
3	Siemens	cp_1543-1_firmware
4	Siemens	application_processing_engine_firmware
5	Siemens	simatic_s7-1500t_firmware
6	Siemens	elan-8.2
7	Siemens	application_processing_engine
8	Siemens	cp_1543-1
9	Siemens	simatic_s7-1500
10	Siemens	simatic_s7-1500t
1	Redhat	enterprise_linux_desktop
2	Redhat	enterprise_linux_server
3	Redhat	enterprise_linux_workstation
4	Redhat	enterprise_linux_server_aus
5	Redhat	enterprise_linux_server_eus
6	Redhat	enterprise_linux_server_tus
7	Redhat	gluster_storage
8	Redhat	virtualization
9	Redhat	storage
1	Intellian	v100_firmware
2	Intellian	v60_firmware
3	Intellian	v100
4	Intellian	v60
1	Mitel	micollab
2	Mitel	mivoice
1	Ricon	s9922l_firmware
2	Ricon	s9922l
1	Canonical	ubuntu_linux
1	Fedoraproject	fedora
1	Debian	debian_linux
1	Openssl	openssl
1	Broadcom	symantec_messaging_gateway
1	Opensuse	opensuse
1	Splunk	splunk
1	Filezilla-project	filezilla_server

: Total Affected Vendor : 13 | Products : 35

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2014-0160.

URL	Resource
http://advisories.mageia.org/MGASA-2014-0165.html	Third Party Advisory
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/	Issue Tracking Third Party Advisory
http://cogentdatahub.com/ReleaseNotes.html	Release Notes
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01	Broken Link
http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3	Broken Link
http://heartbleed.com/	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html	Broken Link Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html	Broken Link Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139722163017074&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139757726426985&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139757819327350&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139757919027752&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139758572430452&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139765756720506&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139774054614965&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139774703817488&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139808058921905&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139817685517037&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139817727317190&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139817782017443&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139824923705461&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139824993005633&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139833395230364&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139835815211508&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139835844111589&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139836085512508&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139842151128341&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139843768401936&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139869720529462&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139869891830365&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139889113431619&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139889295732144&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905202427693&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905243827825&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905295427946&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905351928096&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905405728262&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905458328378&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905653828999&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=139905868529690&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140015787404650&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140075368411126&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140724451518351&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141287864628122&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2	Mailing List Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1	Third Party Advisory
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3	Permissions Required Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0376.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0377.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.html	Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/109	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/173	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/190	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/90	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Apr/91	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23	Mailing List Third Party Advisory
http://secunia.com/advisories/57347	Broken Link Third Party Advisory
http://secunia.com/advisories/57483	Broken Link Third Party Advisory
http://secunia.com/advisories/57721	Broken Link Third Party Advisory
http://secunia.com/advisories/57836	Broken Link Third Party Advisory
http://secunia.com/advisories/57966	Broken Link Third Party Advisory
http://secunia.com/advisories/57968	Broken Link Third Party Advisory
http://secunia.com/advisories/59139	Broken Link Third Party Advisory
http://secunia.com/advisories/59243	Broken Link Third Party Advisory
http://secunia.com/advisories/59347	Broken Link Third Party Advisory
http://support.citrix.com/article/CTX140605	Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001841	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg400001843	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21670161	Broken Link
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf	Broken Link Third Party Advisory
http://www.blackberry.com/btsc/KB35882	Broken Link
http://www.debian.org/security/2014/dsa-2896	Mailing List Third Party Advisory
http://www.exploit-db.com/exploits/32745	Exploit Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/32764	Exploit Third Party Advisory VDB Entry
http://www.f-secure.com/en/web/labs_global/fsc-2014-1	Broken Link Third Party Advisory
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/	Release Notes
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/	Third Party Advisory
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/	Release Notes
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/	Release Notes
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf	Not Applicable
http://www.kb.cert.org/vuls/id/720951	Third Party Advisory US Government Resource
http://www.kerio.com/support/kerio-control/release-history	Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	Broken Link Third Party Advisory
http://www.openssl.org/news/secadv_20140407.txt	Broken Link Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html	Patch Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded	Broken Link Not Applicable Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/66690	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030026	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030074	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030077	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030078	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030079	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030080	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030081	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1030082	Broken Link Third Party Advisory VDB Entry
http://www.splunk.com/view/SP-CAAAMB3	Third Party Advisory
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00	Third Party Advisory
http://www.ubuntu.com/usn/USN-2165-1	Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA14-098A	Third Party Advisory US Government Resource
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	Broken Link
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	Broken Link
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1084875	Issue Tracking Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf	Third Party Advisory
https://code.google.com/p/mod-spdy/issues/detail?id=85	Issue Tracking
https://filezilla-project.org/versions.php?type=server	Release Notes
https://gist.github.com/chapmajs/10473815	Exploit
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken	Broken Link
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch Third Party Advisory
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch Third Party Advisory
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch Third Party Advisory
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E	Mailing List Patch Third Party Advisory
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html	Mailing List Third Party Advisory
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html	Exploit Permissions Required Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html	Third Party Advisory
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217	Third Party Advisory
https://www.cert.fi/en/reports/2014/vulnerability788210.html	Not Applicable Third Party Advisory
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008	Third Party Advisory
https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd	Broken Link Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

mrhili/CVE-SEARCH-NVD

None

Python

Updated: 1 week, 2 days ago

0 stars 0 fork 0 watcher

Born at : Sept. 9, 2024, 11:22 a.m. This repo has been linked 2 different CVEs too.

Faizan-Khanx/CEH-Preparation

A Study Guide For CEH Examination , Must See This Repo If You Are New In CyberSecurity And Want To Start Your Carrier In This Field. #HappyHacking

HTML

Updated: 2 weeks, 2 days ago

0 stars 0 fork 0 watcher

Born at : Sept. 2, 2024, 2:58 p.m. This repo has been linked 4 different CVEs too.

Dan-Duran/cybersecurity-tools

A curated collection of amazing software, libraries, documents, books, resources, and other cool security-related content.

Updated: 1 week, 3 days ago

0 stars 0 fork 0 watcher

Born at : Aug. 29, 2024, 8:55 p.m. This repo has been linked 2 different CVEs too.

iabdullah215/HeartBleed-POC

Here is proof of concept for the heart bleed vulnerability.

heartbleed heartbleed-attack poc heartbleed-exploit

Python

Updated: 3 weeks, 4 days ago

0 stars 0 fork 0 watcher

Born at : Aug. 24, 2024, 12:31 p.m. This repo has been linked 1 different CVEs too.

yusufwelding/MagicRats

Chain Cryptocurrenchy

Updated: 1 week ago

1 stars 0 fork 0 watcher

Born at : Aug. 24, 2024, 5:18 a.m. This repo has been linked 1 different CVEs too.

gunlawsguy2/awesome-security

None

Updated: 1 month ago

2 stars 0 fork 0 watcher

Born at : Aug. 17, 2024, 3:35 a.m. This repo has been linked 2 different CVEs too.

00xNetrunner/Shodan_Cheet-Sheet

None

Updated: 3 months, 1 week ago

0 stars 0 fork 0 watcher

Born at : June 5, 2024, 4:54 a.m. This repo has been linked 3 different CVEs too.

orhun/flawz

A Terminal UI for browsing security vulnerabilities (CVEs)

cve cve-search ratatui ratatui-rs rust security security-vulnerability tui vulnerability vulnerability-search terminal-ui terminal-user-interface

Rust

Updated: 1 week, 5 days ago

347 stars 9 fork 9 watcher

Born at : May 15, 2024, 5:09 p.m. This repo has been linked 2 different CVEs too.

Juan921030/awesome-hacking

None

Updated: 4 months ago

0 stars 0 fork 0 watcher

Born at : May 12, 2024, 9:50 p.m. This repo has been linked 2 different CVEs too.

GermanAizek/hostapd-wpe-ng

Modified new hostapd-2.10 to facilitate AP impersonation attacks for research and education only

802-1x asleap eap eap-ttls eaphammer heartbleed hostapd hostapd-wpe ieee8021x mschapv2 wpa-supplicant cupid-mode eap-fast hostapd-wpe-ng karma-mode

Makefile Shell

Updated: 4 months, 2 weeks ago

1 stars 0 fork 0 watcher

Born at : May 3, 2024, 9:45 p.m. This repo has been linked 1 different CVEs too.

Eldor240/files

None

Python

Updated: 4 months, 2 weeks ago

0 stars 0 fork 0 watcher

Born at : May 1, 2024, 7:52 a.m. This repo has been linked 2 different CVEs too.

Frat1n/Escalibur_Framework

Open source Post Exploitation Framework

Python

Updated: 4 months ago

0 stars 0 fork 0 watcher

Born at : April 30, 2024, 11:10 a.m. This repo has been linked 2 different CVEs too.

zgimszhd61/awesome-security

None

Updated: 4 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : April 23, 2024, 2:29 a.m. This repo has been linked 2 different CVEs too.

zpqqq10/zju_cloudnative

None

Updated: 5 months, 1 week ago

0 stars 0 fork 0 watcher

Born at : April 9, 2024, 1:44 a.m. This repo has been linked 2 different CVEs too.

0xsmirk/libafl-road

LibAFL学习之路

Shell C++ Rust

Updated: 3 months, 2 weeks ago

1 stars 0 fork 0 watcher

Born at : April 2, 2024, 2:56 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2014-0160 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2014-0160 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Modified Analysis by [email protected]

Jul. 02, 2024

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

CVE Modified by [email protected]

Nov. 07, 2023

Action	Type	Old Value	New Value
Added	Reference		Red Hat, Inc. http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=96db9023b881d7cd9f379b0c154650d6c108e9a3 [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3Cdev.tomcat.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3E [No types assigned]
Added	Reference		Red Hat, Inc. https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3E [No types assigned]
Removed	Reference	Red Hat, Inc. http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E
Removed	Reference	Red Hat, Inc. https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E

Modified Analysis by [email protected]

Feb. 10, 2023

Action	Type	Old Value	New Value
Changed	Reference Type	http://www.securityfocus.com/archive/1/534161/100/0/threaded Not Applicable	http://www.securityfocus.com/archive/1/534161/100/0/threaded Not Applicable, Third Party Advisory, VDB Entry
Changed	Reference Type	https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd No Types Assigned	https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd Exploit, Third Party Advisory
Removed	CWE	NIST CWE-119
Added	CWE		NIST CWE-125
Added	CPE Configuration		AND OR cpe:2.3:o:ricon:s9922l_firmware:16.10.3\(3794\)::::::: OR cpe:2.3:h:ricon:s9922l:1.0:::::::*

CVE Modified by [email protected]

Nov. 15, 2022

Action Type Old Value New Value

Added Reference https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd [No Types Assigned]
CPE Deprecation Remap by [email protected]

Oct. 15, 2020

Action Type Old Value New Value

Changed CPE Configuration OR *cpe:2.3:o:redhat:virtualization:6.0:*:*:*:*:*:*:* OR *cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*

Action	Type	Old Value	New Value
Added	Reference		https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd [No Types Assigned]

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:o:redhat:virtualization:6.0:::::::	OR cpe:2.3:a:redhat:virtualization:6.0:::::::

Modified Analysis by [email protected]

Jul. 28, 2020

Action	Type	Old Value	New Value
Changed	Reference Type	http://cogentdatahub.com/ReleaseNotes.html Third Party Advisory	http://cogentdatahub.com/ReleaseNotes.html Release Notes, Third Party Advisory
Changed	Reference Type	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 Third Party Advisory	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 Broken Link
Changed	Reference Type	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 Vendor Advisory	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3 Patch, Vendor Advisory
Changed	Reference Type	http://heartbleed.com/ Technical Description, Third Party Advisory	http://heartbleed.com/ Third Party Advisory
Changed	Reference Type	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html Third Party Advisory	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html Mailing List, Third Party Advisory
Changed	Reference Type	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html Third Party Advisory	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html Mailing List, Third Party Advisory
Changed	Reference Type	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html Third Party Advisory	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html Mailing List, Third Party Advisory
Changed	Reference Type	http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html Third Party Advisory	http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html Mailing List, Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/57347 Vendor Advisory	http://secunia.com/advisories/57347 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/57483 Vendor Advisory	http://secunia.com/advisories/57483 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/57721 Vendor Advisory	http://secunia.com/advisories/57721 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/57836 Vendor Advisory	http://secunia.com/advisories/57836 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/57966 Vendor Advisory	http://secunia.com/advisories/57966 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/57968 Vendor Advisory	http://secunia.com/advisories/57968 Third Party Advisory
Changed	Reference Type	http://www.blackberry.com/btsc/KB35882 Third Party Advisory	http://www.blackberry.com/btsc/KB35882 Broken Link
Changed	Reference Type	http://www.exploit-db.com/exploits/32745 Third Party Advisory, VDB Entry	http://www.exploit-db.com/exploits/32745 Exploit, Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.exploit-db.com/exploits/32764 Third Party Advisory, VDB Entry	http://www.exploit-db.com/exploits/32764 Exploit, Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf Third Party Advisory	http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf Not Applicable
Changed	Reference Type	http://www.securityfocus.com/archive/1/534161/100/0/threaded Third Party Advisory, VDB Entry	http://www.securityfocus.com/archive/1/534161/100/0/threaded Not Applicable
Changed	Reference Type	http://www.vmware.com/security/advisories/VMSA-2014-0012.html Third Party Advisory	http://www.vmware.com/security/advisories/VMSA-2014-0012.html Not Applicable
Changed	Reference Type	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 Third Party Advisory	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 Not Applicable
Changed	Reference Type	http://www-01.ibm.com/support/docview.wss?uid=swg21670161 Third Party Advisory	http://www-01.ibm.com/support/docview.wss?uid=swg21670161 Broken Link
Changed	Reference Type	https://bugzilla.redhat.com/show_bug.cgi?id=1084875 Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1084875 Issue Tracking, Third Party Advisory
Changed	Reference Type	https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf No Types Assigned	https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf Third Party Advisory
Changed	Reference Type	https://filezilla-project.org/versions.php?type=server Third Party Advisory	https://filezilla-project.org/versions.php?type=server Release Notes, Third Party Advisory
Changed	Reference Type	https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken Third Party Advisory	https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken Broken Link
Changed	Reference Type	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E Third Party Advisory	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E Mailing List, Patch, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E Third Party Advisory	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E Mailing List, Patch, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E Mailing List, Patch, Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E Mailing List, Patch, Third Party Advisory
Changed	Reference Type	https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html No Types Assigned	https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html Exploit, Third Party Advisory
Changed	CPE Configuration	OR cpe:2.3:a:openssl:openssl:1.0.1::::::: cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::* cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::* cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::* cpe:2.3:a:openssl:openssl:1.0.1a::::::: cpe:2.3:a:openssl:openssl:1.0.1b::::::: cpe:2.3:a:openssl:openssl:1.0.1c::::::: cpe:2.3:a:openssl:openssl:1.0.1d::::::: cpe:2.3:a:openssl:openssl:1.0.1e::::::: cpe:2.3:a:openssl:openssl:1.0.1f::::::: cpe:2.3:a:openssl:openssl:1.0.2:beta1::::::*	OR cpe:2.3:a:openssl:openssl::::::::* versions from (including) 1.0.1 up to (excluding) 1.0.1g
Added	CPE Configuration		OR cpe:2.3:a:filezilla-project:filezilla_server::::::::* versions up to (excluding) 0.9.44
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:application_processing_engine_firmware:2.0::::::: OR cpe:2.3:h:siemens:application_processing_engine:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:cp_1543-1_firmware:1.1::::::: OR cpe:2.3:h:siemens:cp_1543-1:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-1500_firmware:1.5::::::: OR cpe:2.3:h:siemens:simatic_s7-1500:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:siemens:simatic_s7-1500t_firmware:1.5::::::: OR cpe:2.3:h:siemens:simatic_s7-1500t:-:::::::*
Added	CPE Configuration		OR cpe:2.3:a:siemens:elan-8.2::::::::* versions up to (excluding) 8.3.3 cpe:2.3:a:siemens:wincc_open_architecture:3.12:::::::
Added	CPE Configuration		AND OR cpe:2.3:o:intellian:v100_firmware:1.20::::::: cpe:2.3:o:intellian:v100_firmware:1.21::::::: cpe:2.3:o:intellian:v100_firmware:1.24::::::: OR cpe:2.3:h:intellian:v100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:intellian:v60_firmware:1.15::::::: cpe:2.3:o:intellian:v60_firmware:1.25::::::: OR cpe:2.3:h:intellian:v60:-:::::::*
Added	CPE Configuration		OR cpe:2.3:a:mitel:micollab:6.0::::::: cpe:2.3:a:mitel:micollab:7.0::::::: cpe:2.3:a:mitel:micollab:7.1::::::: cpe:2.3:a:mitel:micollab:7.2::::::: cpe:2.3:a:mitel:micollab:7.3::::::: cpe:2.3:a:mitel:micollab:7.3.0.104::::::: cpe:2.3:a:mitel:mivoice:1.1.2.5:::::lync::* cpe:2.3:a:mitel:mivoice:1.1.3.3:::::skype_for_business::* cpe:2.3:a:mitel:mivoice:1.2.0.11:::::skype_for_business::* cpe:2.3:a:mitel:mivoice:1.3.2.2:::::skype_for_business::* cpe:2.3:a:mitel:mivoice:1.4.0.102:::::skype_for_business::*
Added	CPE Configuration		OR cpe:2.3:o:opensuse:opensuse:12.3::::::: cpe:2.3:o:opensuse:opensuse:13.1:::::::
Added	CPE Configuration		OR cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::* cpe:2.3:o:canonical:ubuntu_linux:12.10::::::: cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::
Added	CPE Configuration		OR cpe:2.3:o:fedoraproject:fedora:19::::::: cpe:2.3:o:fedoraproject:fedora:20:::::::
Added	CPE Configuration		OR cpe:2.3:a:redhat:gluster_storage:2.1::::::: cpe:2.3:a:redhat:storage:2.1::::::: cpe:2.3:o:redhat:enterprise_linux_desktop:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_server:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5::::::: cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5::::::: cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5::::::: cpe:2.3:o:redhat:enterprise_linux_workstation:6.0::::::: cpe:2.3:o:redhat:virtualization:6.0:::::::
Added	CPE Configuration		OR cpe:2.3:o:debian:debian_linux:6.0::::::: cpe:2.3:o:debian:debian_linux:7.0::::::: cpe:2.3:o:debian:debian_linux:8.0:::::::

CVE Modified by [email protected]

Feb. 13, 2020

Action	Type	Old Value	New Value
Added	Reference		https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E [No Types Assigned]

CVE Modified by [email protected]

Feb. 10, 2020

Action Type Old Value New Value

Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf [No Types Assigned]

Action	Type	Old Value	New Value
Added	Reference		https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf [No Types Assigned]

CVE Modified by [email protected]

Feb. 03, 2020

Action	Type	Old Value	New Value
Added	Reference		https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E [No Types Assigned]

CVE Modified by [email protected]

Jan. 25, 2020

Action Type Old Value New Value

Added Reference https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html [No Types Assigned]

Action	Type	Old Value	New Value
Added	Reference		https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html [No Types Assigned]

Modified Analysis by [email protected]

Sep. 27, 2019

CVE Modified by [email protected]

Mar. 25, 2019

Action Type Old Value New Value

Added Reference https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E [No Types Assigned]
CVE Modified by [email protected]

Mar. 21, 2019

Action Type Old Value New Value

Added Reference https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E [No Types Assigned]
CVE Modified by [email protected]

Oct. 23, 2018

Action Type Old Value New Value

Added Reference https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 [No Types Assigned]

Action	Type	Old Value	New Value
Added	Reference		https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E [No Types Assigned]

Action	Type	Old Value	New Value
Added	Reference		https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E [No Types Assigned]

Action	Type	Old Value	New Value
Added	Reference		https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 [No Types Assigned]

CVE Modified by [email protected]

Oct. 09, 2018

Action	Type	Old Value	New Value
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded [No Types Assigned]
Added	Reference		http://www.securityfocus.com/archive/1/534161/100/0/threaded [No Types Assigned]

CVE Modified by [email protected]

Dec. 16, 2017

Action	Type	Old Value	New Value
Added	Reference		http://www.ubuntu.com/usn/USN-2165-1 [No Types Assigned]
Added	Reference		http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html [No Types Assigned]

CVE Modified by [email protected]

Nov. 15, 2017

Action	Type	Old Value	New Value
Added	Reference		https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html [No Types Assigned]
Added	Reference		http://support.citrix.com/article/CTX140605 [No Types Assigned]

CVE Modified by [email protected]

Jan. 07, 2017

Action	Type	New Value
Added	Reference	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661 [No Types Assigned]
Added	Reference	http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf [No Types Assigned]
Added	Reference	http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf [No Types Assigned]
Added	Reference	http://secunia.com/advisories/59347 [No Types Assigned]
Added	Reference	http://secunia.com/advisories/59243 [No Types Assigned]
Added	Reference	http://secunia.com/advisories/59139 [No Types Assigned]
Added	Reference	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html [No Types Assigned]
Added	Reference	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01 [No Types Assigned]

CVE Modified by [email protected]

Dec. 01, 2016

Action	Type	Old Value	New Value
Added	Reference		http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00 [No Types Assigned]

CVE Modified by [email protected]

Aug. 23, 2016

Action	Type	New Value
Added	Reference	http://marc.info/?l=bugtraq&m=139817727317190&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139757726426985&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139758572430452&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139905653828999&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139842151128341&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139905405728262&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139833395230364&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139824993005633&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139843768401936&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139905202427693&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139774054614965&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139889295732144&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139835815211508&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=140724451518351&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139808058921905&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139836085512508&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139869720529462&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139905868529690&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139765756720506&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=140015787404650&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139824923705461&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139757919027752&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139774703817488&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139905243827825&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=140075368411126&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139905295427946&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139835844111589&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139757819327350&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139817685517037&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139905351928096&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=139817782017443&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=140752315422991&w=2

CVE Translated by [email protected]

Feb. 17, 2016

Action	Type	Old Value	New Value
Removed	Translation	Las implementaciones (1) TLS y (2) DTLS en OpenSSL 1.0.1 anterior a 1.0.1g no manejan debidamente paquetes Heartbeart Extension, lo que permite a atacantes remotos obtener información sensible de la memoria de proceso a través de paquetes manipulados que provocan una sobrelectura de buffer, tal y como fue demostrado mediante la lectura de claves privadas, relacionado con d1_both.c y t1_lib.c, también conocido como el bug Heartbleed
Added	Translation		Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo que permite a atacantes remotos obtener información sensible desde la memoria de proceso a través de paquetes manipulados que desencadenan una sobrelectura del buffer, según lo demostrado mediante la lectura de claves privadas, relacionado con d1_both.c y t1_lib.c, también conocido como bug Heartbleed.

CVE Modified by [email protected]

Apr. 01, 2015

Action Type Old Value New Value

Added Reference http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
CVE Modified by [email protected]

Mar. 31, 2015

Action Type Old Value New Value

Added Reference http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
CVE Modified by [email protected]

Mar. 24, 2015

Action Type Old Value New Value

Added Reference http://marc.info/?l=bugtraq&m=142660345230545&w=2

Action	Type	Old Value	New Value
Added	Reference		http://www.mandriva.com/security/advisories?name=MDVSA-2015:062

Action	Type	Old Value	New Value
Added	Reference		http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

Action	Type	Old Value	New Value
Added	Reference		http://marc.info/?l=bugtraq&m=142660345230545&w=2

CVE Modified by [email protected]

Dec. 12, 2014

Action	Type	New Value
Added	Reference	http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded
Added	Reference	http://seclists.org/fulldisclosure/2014/Dec/23
Added	Reference	http://www.vmware.com/security/advisories/VMSA-2014-0012.html

CVE Modified by [email protected]

Nov. 19, 2014

Action Type Old Value New Value

Added Reference http://marc.info/?l=bugtraq&m=141287864628122&w=2
Initial Analysis by [email protected]

Apr. 24, 2014

Action Type Old Value New Value

Action	Type	Old Value	New Value
Added	Reference		http://marc.info/?l=bugtraq&m=141287864628122&w=2

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2014-0160 is associated with the following CWEs:

CWE-125: Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2014-0160 weaknesses.

CAPEC-540: Overread Buffers Overread Buffers

CVE-2014-0160

OpenSSL Information Disclosure Vulnerability - [Actively Exploited]

Description

INFO

April 7, 2014, 10:55 p.m.

July 2, 2024, 4:52 p.m.

Yes !

3.6

3.9

CISA KEV (Known Exploited Vulnerabilities)

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CPE Deprecation Remap by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Translated by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

97.37 }} 0.01%

0.99924

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable