Vulnerability

OpenSSL Heartbleed Vulnerability (CVE-2014-0160)

Publish date: April 10, 2014

CVE-2014-0160

SEVERITY

CRITICAL

//  ADVISORY DATE

09 APR 2014


DESCRIPTION

OpenSSL's Heartbeat extension was found to have this vulnerability, which, when exploited, can allow cybercriminals to steal critical information from a server. With OpenSSL being utilized by many websites and applications, the potential victim count of this vulnerability may be very large. Exploitation of this vulnerability may also leave no trace, which would make victim counts and damage estimates difficult to create.

TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security customers should upgrade to DSRU-14-009 and assign the following rules:
  • 1006010 – Restrict OpenSSL TLS/DTLS Heartbeat Request
  • 1006011 – OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerability
  • 1006012 – Identified Suspicious OpenSSL TLS/DTLS Heartbeat Request
Users may also install the 1.0.1g version of OpenSSL.

SOLUTION

OTHER INFORMATION

Featured Stories

Connect with us on