The Heartbleed Bug
Impact: High
Description
Heartbleed is a critical security vulnerability found in the OpenSSL cryptography library, used for implementing the Transport Layer Security (TLS) protocol. Attackers can exploit this bug remotely to retrieve sensitive information from the affected server’s memory via specially crafted packets.
Recommendation
Upgrade OpenSSL to the latest version compatible with your environment. After upgrading, revoke and reissue affected SSL/TLS certificates, and advise users to change their passwords, as they may have been compromised.
References
👉 You might also like:
Nginx Integer Overflow - CVE-2017-7529
The POODLE attack - CVE-2014-3566
BREACH attack - CVE-2013-3587
CRIME (SPDY) attack - CVE-2012-4930
Last updated on May 13, 2024