Vulnerabilities
1
 min read

Heartbleed OpenSSL Vulnerability (Indicative)

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets.

Summary

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, allowing remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, potentially disclosing sensitive information.

Solution

Update to OpenSSL 1.0.1g or later. Re-issue HTTPS certificates. Change asymmetric private keys and shared secret keys, since these may have been compromised, with no evidence of compromise in the server log files.

References

Managed Cybersecurity Services tailored to your Startup

We make your startup secure and compliant by implementing and managing the security controls your customers deserve.

Thank you for registering!
Oops! Something went wrong.

Latest Articles

View All Articles

Plan Your Security Roadmap

Check out how other startups become secure and compliant.

Mitigations
2
 min read

Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s)

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers.

Vulnerabilities
1
 min read

Strict-Transport-Security Header

HTTP Strict Transport Security (HSTS).

Vulnerabilities
1
 min read