Vulnerabilities
1
 min read

Heartbleed OpenSSL Vulnerability (Indicative)

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets.

Summary

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, allowing remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, potentially disclosing sensitive information.

Solution

Update to OpenSSL 1.0.1g or later. Re-issue HTTPS certificates. Change asymmetric private keys and shared secret keys, since these may have been compromised, with no evidence of compromise in the server log files.

References

Let’s check and protect your website from hackers

Run our expert website security checkup and get your tailored security recommendations to protect your website.

Thank you for registering
Oops! Something went wrong.

Latest Articles

View All Articles

Directory Browsing

It is possible to view a listing of the directory contents.

Vulnerabilities
1
 min read

Split Viewstate in Use

This website uses ASP.NET's Viewstate, and its value is split into several chunks.

Vulnerabilities
1
 min read

Viewstate without MAC Signature (Sure)

This website uses ASP.NET's Viewstate but without any MAC.

Vulnerabilities
1
 min read