The Heartbleed Bug
Impact: High
Description
Heartbleed is a security bug in the OpenSSL cryptography library, which is used for implementing the Transport Layer Security (TLS) protocol. This bug allows remote attackers to obtain sensitive information from process memory via crafted packets.
Recommendation
Upgrade the OpenSSL library to the latest version compatible with your environment.
References
- Wikipedia: Heartbleed
- OpenSSL
- CWE-119
- CVE-2014-0160
- OWASP 2017-A9
- OWASP 2021-A6
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
- CWE-120
👉 You might also like:
Nginx Integer Overflow - CVE-2017-7529
The POODLE attack - CVE-2014-3566
The ShellShock Bug - CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278
Apache server-info enabled - Vulnerability
Last updated on February 15, 2021