[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] heartbleed OpenSSL bug CVE-2014-0160
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] heartbleed OpenSSL bug CVE-2014-0160
- From: Kirils Solovjovs <kirils.solovjovs@xxxxxxxxxx>
- Date: Tue, 08 Apr 2014 03:10:06 +0300
We are doomed.
Description: http://www.openssl.org/news/vulnerabilities.html
Article dedicated to the bug: http://heartbleed.com/
Tool to check if TLS heartbeat extension is supported:
http://possible.lv/tools/hb/
A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64kB of memory to a connected client or server.
1.0.1[ abcdef] affected.
P.S. Happy Monday!
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/