CVE-2014-0160
Summary
| CVE | CVE-2014-0160 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-04-07 22:55:03 UTC |
| Updated | 2026-04-21 20:07:16 UTC |
| Description | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. |
Risk And Classification
Primary CVSS: v3.1 7.5 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS: 0.944640000 probability, percentile 0.999950000 (date 2026-04-21)
CISA KEV: Listed on 2022-05-04; due 2022-05-25; ransomware use Unknown
Problem Types: CWE-125 | n/a | CWE-125 CWE-125 Out-of-bounds Read
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | ADP | DECLARED | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 2.0 | [email protected] | Primary | 5 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
CISA Known Exploited Vulnerability
| Vendor | OpenSSL |
|---|---|
| Product | OpenSSL |
| Name | OpenSSL Information Disclosure Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2014-0160 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Broadcom | Symantec Messaging Gateway | 10.6.0 | All | All | All |
| Application | Broadcom | Symantec Messaging Gateway | 10.6.1 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 13.10 | All | All | All |
| Operating System | Debian | Debian Linux | 6.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 19 | All | All | All |
| Operating System | Fedoraproject | Fedora | 20 | All | All | All |
| Application | Filezilla-project | Filezilla Server | All | All | All | All |
| Hardware | Intellian | V100 | - | All | All | All |
| Operating System | Intellian | V100 Firmware | 1.20 | All | All | All |
| Operating System | Intellian | V100 Firmware | 1.21 | All | All | All |
| Operating System | Intellian | V100 Firmware | 1.24 | All | All | All |
| Hardware | Intellian | V60 | - | All | All | All |
| Operating System | Intellian | V60 Firmware | 1.15 | All | All | All |
| Operating System | Intellian | V60 Firmware | 1.25 | All | All | All |
| Application | Mitel | Micollab | 6.0 | All | All | All |
| Application | Mitel | Micollab | 7.0 | All | All | All |
| Application | Mitel | Micollab | 7.1 | All | All | All |
| Application | Mitel | Micollab | 7.2 | All | All | All |
| Application | Mitel | Micollab | 7.3 | All | All | All |
| Application | Mitel | Micollab | 7.3.0.104 | All | All | All |
| Application | Mitel | Mivoice | 1.1.2.5 | All | All | All |
| Application | Mitel | Mivoice | 1.1.3.3 | All | All | All |
| Application | Mitel | Mivoice | 1.2.0.11 | All | All | All |
| Application | Mitel | Mivoice | 1.3.2.2 | All | All | All |
| Application | Mitel | Mivoice | 1.4.0.102 | All | All | All |
| Application | Openssl | Openssl | All | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Application | Redhat | Gluster Storage | 2.1 | All | All | All |
| Application | Redhat | Storage | 2.1 | All | All | All |
| Application | Redhat | Virtualization | 6.0 | All | All | All |
| Hardware | Ricon | S9922l | 1.0 | All | All | All |
| Operating System | Ricon | S9922l Firmware | 16.10.3\(3794\) | All | All | All |
| Hardware | Siemens | Application Processing Engine | - | All | All | All |
| Operating System | Siemens | Application Processing Engine Firmware | 2.0 | All | All | All |
| Hardware | Siemens | Cp 1543-1 | - | All | All | All |
| Operating System | Siemens | Cp 1543-1 Firmware | 1.1 | All | All | All |
| Application | Siemens | Elan-8.2 | All | All | All | All |
| Hardware | Siemens | Simatic S7-1500 | - | All | All | All |
| Hardware | Siemens | Simatic S7-1500t | - | All | All | All |
| Operating System | Siemens | Simatic S7-1500t Firmware | 1.5 | All | All | All |
| Operating System | Siemens | Simatic S7-1500 Firmware | 1.5 | All | All | All |
| Application | Siemens | Wincc Open Architecture | 3.12 | All | All | All |
| Application | Splunk | Splunk | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| '[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running ' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Security Advisory SA59347 - Innominate mGuard Device Manager OpenSSL Multiple Vulnerabilities - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| Security Advisory SA57721 - Debian update for openssl - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| [syslog-ng-announce] syslog-ng Premium Edition 5 LTS (5.0.4a) has been released | af854a3a-2127-422b-91ae-364da2661108 | lists.balabit.hu | Mailing List, Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf | af854a3a-2127-422b-91ae-364da2661108 | cert-portal.siemens.com | Third Party Advisory |
| '[security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remo' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running ' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software),' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Mitel Product Security Advisory 17-0008 | af854a3a-2127-422b-91ae-364da2661108 | www.mitel.com | Third Party Advisory |
| '[security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running Op' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03040 rev.1 - HP LoadRunner & HP Performance Center, running OpenSSL, Remo' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Pony Mail! | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | Mailing List, Patch, Third Party Advisory |
| '[security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclo' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Full Disclosure: Re: heartbleed OpenSSL bug CVE-2014-0160 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions) | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| '[security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Informa' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclos' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Prin' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| SOL15159 - OpenSSL vulnerability CVE-2014-0160 | af854a3a-2127-422b-91ae-364da2661108 | support.f5.com | Third Party Advisory |
| '[security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, R' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Kerio Control small business firewall | af854a3a-2127-422b-91ae-364da2661108 | www.kerio.com | Broken Link, Third Party Advisory |
| OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products | af854a3a-2127-422b-91ae-364da2661108 | tools.cisco.com | Third Party Advisory |
| OpenSSL TLS Heartbeat Extension - Memory Disclosure | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| '[security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers,' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| KB35882-BlackBerry response to OpenSSL “Heartbleed” vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.blackberry.com | Broken Link |
| [security-announce] SUSE Security Announcement: openssl "HeartBleed" att | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Viestintävirasto - Information security | af854a3a-2127-422b-91ae-364da2661108 | www.cert.fi | Not Applicable, Third Party Advisory |
| www.openssl.org/news/secadv_20140407.txt | af854a3a-2127-422b-91ae-364da2661108 | www.openssl.org | Broken Link, Vendor Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| '[security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerabil' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| OpenSSL Heartbleed Vulnerability CVE-2014-0160 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Patch, Third Party Advisory |
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| Enterprise Chef 11.1.3 Release | Chef Blog | af854a3a-2127-422b-91ae-364da2661108 | www.getchef.com | Release Notes |
| '[security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Softw' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| RICON Industrial Cellular Router Heartbleed Attack - Yunus Şahin - Medium | af854a3a-2127-422b-91ae-364da2661108 | yunus-shn.medium.com | Broken Link, Exploit, Third Party Advisory |
| Check your system rubies for vulnerable OpenSSL (CVE-2014-0160 "Heartbleed") | af854a3a-2127-422b-91ae-364da2661108 | gist.github.com | Exploit |
| '[security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows ru' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Heartbleed Bug | af854a3a-2127-422b-91ae-364da2661108 | heartbleed.com | Third Party Advisory |
| IBM Security Bulletin: IBM DS8870 Release 7.2 is affected by an additional vulnerability in OpenSSL (CVE-2014-0160) - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| Schneider Electric | af854a3a-2127-422b-91ae-364da2661108 | download.schneider-electric.com | Broken Link |
| IBM Security Bulletin: IBM Endpoint Manager 9.1.1065 – OpenSSL Vulnerability Update (CVE-2014-0160) - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Broken Link |
| [SECURITY] Fedora 19 Update: openssl-1.0.1e-37.fc19.1 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Broken Link, Third Party Advisory |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014 | Splunk | af854a3a-2127-422b-91ae-364da2661108 | www.splunk.com | Third Party Advisory |
| Bug 1084875 – CVE-2014-0160 openssl: information disclosure in handling of TLS heartbeat extension packets | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| BlackBerry Link OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| git.openssl.org Git - openssl.git/commit | af854a3a-2127-422b-91ae-364da2661108 | git.openssl.org | Broken Link |
| openSUSE-SU-2014:0560-1: moderate: update for openssl | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repositor' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Full Disclosure: MRI Rubies may contain statically linked, vulnerable OpenSSL | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Citrix Security Advisory for CVE-2014-0160, aka the Heartbleed vulnerability | af854a3a-2127-422b-91ae-364da2661108 | support.citrix.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Please wait... | af854a3a-2127-422b-91ae-364da2661108 | www.apcmedia.com | Broken Link, Third Party Advisory |
| Cisco IOS XE OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| HP Support document - HP Support Center | af854a3a-2127-422b-91ae-364da2661108 | h20566.www2.hp.com | Broken Link |
| Vulnerability Report - OpenSSL "Heartbleed" vulnerability on OS 2200 QProcessor | af854a3a-2127-422b-91ae-364da2661108 | public.support.unisys.com | Third Party Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link, Not Applicable, Third Party Advisory, VDB Entry |
| Skull Army: #Heartbleed; The hearts continue to bleed... | af854a3a-2127-422b-91ae-364da2661108 | sku11army.blogspot.com | Exploit, Permissions Required, Third Party Advisory |
| Vulnerability Report - "Heartbleed" security vulnerability found in certain versions of SAN Datamover used in Unisys MCP Platforms | af854a3a-2127-422b-91ae-364da2661108 | public.support.unisys.com | Permissions Required, Third Party Advisory |
| OpenSSL ‘heartbleed’ bug live blog | Fox-IT International blog | af854a3a-2127-422b-91ae-364da2661108 | blog.fox-it.com | Issue Tracking, Third Party Advisory |
| '[security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update - July 2014 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | Patch, Third Party Advisory |
| '[security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of I' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| USN-2165-1: OpenSSL vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| '[security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using H' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 20 Update: openssl-1.0.1e-39.fc20 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Vulnerability Note VU#720951 - OpenSSL TLS heartbeat extension read overflow discloses sensitive information | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Security Advisory SA59139 - Schneider Electric Network Shutdown Module (NSM) OpenSSL Heartbeat Two Vulnerabilities - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| Security Advisory SA59243 - IBM DS8870 OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| OpenSSL bug CVE-2014-0160 | The Tor Blog | af854a3a-2127-422b-91ae-364da2661108 | blog.torproject.org | Issue Tracking |
| WebEx Meetings Server OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| Chef Server Heartbleed (CVE-2014-0160) Releases | Chef Blog | af854a3a-2127-422b-91ae-364da2661108 | www.getchef.com | Third Party Advisory |
| Cisco Security Manager OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| Debian -- Security Information -- DSA-2896-1 openssl | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Mailing List, Third Party Advisory |
| Apache Mail Archives | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | Mailing List, Patch, Third Party Advisory |
| '[security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running Op' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Release Notes | af854a3a-2127-422b-91ae-364da2661108 | cogentdatahub.com | Release Notes |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| Support / Security / Advisories / / MDVSA-2015:062 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | Broken Link, Third Party Advisory |
| Apache Mail Archives | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | Mailing List, Patch, Third Party Advisory |
| Mageia Advisory: MGASA-2014-0165 - Updated openssl package fix two security vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | advisories.mageia.org | Third Party Advisory |
| Full Disclosure: Re: heartbleed OpenSSL bug CVE-2014-0160 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| OpenSSL TLS 'heartbeat' Extension Multiple Information Disclosure Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Broken Link, Third Party Advisory, VDB Entry |
| '[security bulletin] HPSBST03015 rev.1 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBST03016 rev.1 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP M' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Full Disclosure: heartbleed OpenSSL bug CVE-2014-0160 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Chef Server 11.0.12 Release | Chef Blog | af854a3a-2127-422b-91ae-364da2661108 | www.getchef.com | Release Notes |
| F5 - Signon | af854a3a-2127-422b-91ae-364da2661108 | support.f5.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2014:0492-1: important: update for opens | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote ' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Cisco Unified Communications Manager OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| '[security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 runni' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Cisco Mobility Services Engine OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| '[security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, ' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 20 Update: openssl-1.0.1e-37.fc20.1 | af854a3a-2127-422b-91ae-364da2661108 | lists.fedoraproject.org | Broken Link, Third Party Advisory |
| Security Advisories Relating to Symantec Products - Symantec Messaging Gateway 10.6.x ACE Library Static Link to Vulnerable SSL Version - 2016-05-12T04:00:00 PDT | Symantec | af854a3a-2127-422b-91ae-364da2661108 | www.symantec.com | Third Party Advisory |
| News - Product Security - Security advisories - 2014 - fsc-2014-1 | F-Secure | af854a3a-2127-422b-91ae-364da2661108 | www.f-secure.com | Broken Link, Third Party Advisory |
| '[security bulletin] HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows ru' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Softw' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| '[security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running ' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| Pony Mail! | af854a3a-2127-422b-91ae-364da2661108 | lists.apache.org | Mailing List, Patch, Third Party Advisory |
| www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf | af854a3a-2127-422b-91ae-364da2661108 | www.innominate.com | Not Applicable |
| FileZilla - The free FTP solution | af854a3a-2127-422b-91ae-364da2661108 | filezilla-project.org | Release Notes |
| '[security bulletin] HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interac' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Enterprise Chef 1.4.9 Release | Chef Blog | af854a3a-2127-422b-91ae-364da2661108 | www.getchef.com | Release Notes |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Broken Link, Third Party Advisory |
| '[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerab' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Full Disclosure: Re: heartbleed OpenSSL bug CVE-2014-0160 | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Mailing List, Third Party Advisory |
| Splunk OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| Issue 85 - mod-spdy - CVE-2014-0160 fix needed - Apache SPDY module - Google Project Hosting | af854a3a-2127-422b-91ae-364da2661108 | code.google.com | Issue Tracking |
| OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160) | US-CERT | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | Third Party Advisory, US Government Resource |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| IBM Tivoli Composite Application Manager for Transactions Internet Service Monitoring 7.3.0.1 Interim Fix 29 README Tivoli Composite Application Manager for Transactions 7.3.0.1 7.3.0.1-TIV-CAMIS-IF0029 Readme - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| IBM Tivoli Composite Application Manager for Transactions Internet Service Monitoring 7.4 Interim Fix 13 README Tivoli Composite Application Manager for Transactions 7.4.0.0 7.4.0.0-TIV-CAMIS-IF0013 Readme - United States | af854a3a-2127-422b-91ae-364da2661108 | www-01.ibm.com | Third Party Advisory |
| '[security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux ' - MARC | af854a3a-2127-422b-91ae-364da2661108 | marc.info | Mailing List, Third Party Advisory |
| VMSA-2014-0012 | United States | af854a3a-2127-422b-91ae-364da2661108 | www.vmware.com | Broken Link |
| OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Broken Link, Third Party Advisory, VDB Entry |
| Vulnerabilities resolved in TRITON APX Version 8.0 | af854a3a-2127-422b-91ae-364da2661108 | www.websense.com | Broken Link |
| git.openssl.org Git - openssl.git/commit | MITRE | git.openssl.org | |
| Apache Mail Archives | MITRE | lists.apache.org | |
| Apache Mail Archives | MITRE | lists.apache.org | |
| Pony Mail! | MITRE | lists.apache.org | |
| Pony Mail! | MITRE | lists.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2022-05-04T00:00:00.000Z | CVE-2014-0160 added to CISA KEV |
Legacy QID Mappings
- 390226 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2021-0011)
- 390284 Oracle Managed Virtualization (VM) Server for x86 Security Update for Open Secure Sockets Layer (OpenSSL) (OVMSA-2023-0013)
- 690308 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (5631ae98-be9e-11e3-b5e3-c80aa9043978)