PCI v3.2-6.5.2
CAPEC-216
CWE-119
ISO27001-A.14.2.5
OWASP 2013-A6
OWASP 2017-A9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

OpenSSL Heartbleed

Severity:
Critical
Summary

Invicti identified the OpenSSL Heartbleed vulnerability in the target web server.

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.

Impact

An attacker can obtain information such as:

  • Private keys.
  • Information about the cookies.
  • HTTP(S) headers.
  • User credentials from the HTTP POST data.
Remediation

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

Required Skills for Successful Exploitation
Actions To Take
Classifications
PCI v3.2-6.5.2
CAPEC-216
CWE-119
ISO27001-A.14.2.5
OWASP 2013-A6
OWASP 2017-A9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
Vulnerability Index

You can search and find all vulnerabilities

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Related Vulnerabilities

Featured resources

No items found.
No items found.
View all resources

Build your resistance to threats. And save hundreds of hours each month.

Get a Demo