Computer Security
[EN] securityvulns.ru no-pyccku


OpenSSL security vulnerabilities
updated since 08.04.2014
Published:30.05.2014
Source:
SecurityVulns ID:13679
Type:library
Threat Level:
10/10
Description:Information leakage, key recovery. This vulnerability is actively used in-the-wild.
Affected:APPLE : AirPort Extreme
 OPENSSL : OpenSSL 1.0
 HP : HP Service Manager 9.33
 RUCKUS : Smart Cell Gateway 1.1
 HP : HP Asset Manager 9.40
 HP : HP CIT 9.53
 HP : HP Executive Scorecard 9.41
 HP : HP Server Automation 10.01
 HP : HP Diagnostics 9.23
 HP : LoadRunner 12.0
 HP : LoadRunner 11.52
 HP : HP Performance Center 12.0
 HP : HP Performance Center 11.52
 HP : HP BladeSystem c-Class Onboard Administrator 4.20
 HP : HP Smart Update Manager 6.3
 HP : HP System Management Homepage 7.3
 HP : HP XP P9500
 HP : HP Autonomy WorkSite Server 9.0
 HP : Insight Control server deployment 7.2
 HP : HP P2000
 HP : HP MSA 2040
 HP : HP Version Control Agent 7.3
 HP : BladeSystem c-Class Onboard Administrator 4.20
 HP : Connect-IT 9.53
 HP : HP BladeSystem c-Class Virtual Connect Support Utility 1.9
 HP : HP Version Control Repository Manager 7.3
 HP : ThinPro OS 4.4
 HP : HP Smart Zero Core Services 4.4
 HP : 3PAR OS 3.1
 HP : IceWall MCRP 3.0
 HP : WMI Mapper for HP Systems Insight Manager 7.3
 HP : StoreEver ESL G3
 HP : HP Insight Management VCEM Web Client SDK 7.3
 HP : HP Insight Control 7.3
 HP : IBRIX X9320
 HP : HP StoreVirtual 4000
 HP : HP P4000
 APPLE : AirPort Time Capsule
 HP : HP Multimedia Service Environment 2.1
 HP : HP Network Interactive Voice Response 2.1
 CA : ARCserve D2D 16.5
 CA : ARCserve High Availability 16.5
 CA : ARCserve Replication 16.5
 CA : ecoMeter 4.2
 CA : eHealth 6.3
 CA : Layer 7 API Gateway 8.1
 CA : Layer 7 API Portal 2.6
 CA : Layer 7 Mobile Access Gateway 8.1
 CA : CA Mobile Device Management 2014
 HP : HP Business Process Monitor 9.24
CVE:CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.)
 CVE-2014-0076 (The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.)
Original documentdocumentHP, [security bulletin] HPSBMU03044 rev.1 - HP Business Process Monitor, running OpenSSL, Remote Disclosure of Information (30.05.2014)
 documentCA, CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability (29.05.2014)
 documentHP, [security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information (07.05.2014)
 documentAPPLE, APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 (04.05.2014)
 documentHP, [security bulletin] HPSBPI03014 rev.1 - HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers, Remote Disclosure of Information (04.05.2014)
 documentHP, [security bulletin] HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information (02.05.2014)
 documentHP, [security bulletin] HPSBMU03009 rev.2 - HP CloudSystem Foundation and Enterprise Software v8.0 running OpenSSL, Remote Disclosure of Information (02.05.2014)
 documentHP, [security bulletin] HPSBMU03032 rev.1 - HP Virtual Connect Firmware Smart Components Installer Software running OpenSSL, Remote Disclosure of Information (02.05.2014)
 documentHP, [security bulletin] HPSBST03004 rev.1 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information (02.05.2014)
 documentHP, [security bulletin] HPSBMU03030 rev.1 - HP Service Pack for ProLiant (SPP) Bundled Software running OpenSSL, Remote Disclosure of Information (02.05.2014)
 documentHP, [security bulletin] HPSBMU03033 rev.1 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information (02.05.2014)
 documentHP, [security bulletin] HPSBMU03028 rev.1 - HP Matrix Operating Environment and CloudSystem Matrix Software Components running OpenSSL, Remote Disclosure of Information (02.05.2014)
 documentHP, [security bulletin] HPSBMU03029 rev.1 - HP Insight Control Server Migration running OpenSSL, Remote Disclosure of Information (02.05.2014)
 documentHP, [security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03012 rev.1 - HP Insight Management VCEM Web Client SDK (VCEMSDK) running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU02994 rev.2 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBST03000 rev.1 - HP StoreEver ESL G3 Tape Library and Enterprise Library LTO-6 Tape Drives running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03013 rev.1 - WMI Mapper for HP Systems Insight Manager running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBGN03011 rev.1 - HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6), Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBST03015 rev.2 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBHF03021 rev.1 - HP Thin Client with ThinPro OS or Smart Zero Core Services, Running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU02994 rev.3 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03020 rev.2 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information (01.05.2014)
 documentHP, security bulletin] HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information (01.05.2014)
 documentHP, [security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information (01.05.2014)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-14:06.openssl [REVISED] (20.04.2014)
 documentHP, [security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information (20.04.2014)
 documentHP, HP Autonomy WorkSite Server v9.0 (20.04.2014)
 documentHP, [security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information (20.04.2014)
 documentHP, [security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information (20.04.2014)
 documentHP, [security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information (20.04.2014)
 documentHP, [security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information (20.04.2014)
 documentHP, [security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information (20.04.2014)
 documentHP, [security bulletin] HPSBGN03008 rev.1 - HP Software Service Manager, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information (20.04.2014)
 documentRuckus Product Security Team, RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160 (20.04.2014)
 documentHP, [security bulletin] HPSBMU02995 rev.1 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, Performance Center, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure (20.04.2014)
 documentUBUNTU, [USN-2165-1] OpenSSL vulnerabilities (08.04.2014)
Files:OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod