CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Published : 2014-04-07 22:55 Updated : 2019-10-09 23:09

5.0

CVSS Score More info

Score 5.0 / 10

Access vector NETWORK

A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.

Access complexity LOW

Specialized access conditions or extenuating circumstances do not exist. The following are examples:

The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
The affected configuration is default or ubiquitous.
The attack can be performed manually and requires little skill or additional information gathering.
The race condition is a lazy one (i.e., it is technically a race but easily winnable).

Authentication NONE

Authentication is not required to exploit the vulnerability.

Confidentiality impact PARTIAL

There is considerable informational disclosure. Access to some system files is possible, but the attacker does not have control over what is obtained, or the scope of the loss is constrained. An example is a vulnerability that divulges only certain tables in a database.

Integrity impact NONE

There is no impact to the integrity of the system.

Availability impact NONE

There is no impact to the availability of the system.

CPE (11)
Tree view

Vendor	Product	Version	URI
Openssl	Openssl	1.0.1	cpe:/a:openssl:openssl:1.0.1:beta2
Openssl	Openssl	1.0.1d	cpe:/a:openssl:openssl:1.0.1d
Openssl	Openssl	1.0.1	cpe:/a:openssl:openssl:1.0.1:beta1
Openssl	Openssl	1.0.1f	cpe:/a:openssl:openssl:1.0.1f
Openssl	Openssl	1.0.1	cpe:/a:openssl:openssl:1.0.1:beta3
Openssl	Openssl	1.0.1	cpe:/a:openssl:openssl:1.0.1
Openssl	Openssl	1.0.2	cpe:/a:openssl:openssl:1.0.2:beta1
Openssl	Openssl	1.0.1a	cpe:/a:openssl:openssl:1.0.1a
Openssl	Openssl	1.0.1c	cpe:/a:openssl:openssl:1.0.1c
Openssl	Openssl	1.0.1b	cpe:/a:openssl:openssl:1.0.1b
Openssl	Openssl	1.0.1e	cpe:/a:openssl:openssl:1.0.1e

Openssl (1) Search CVE
1. Openssl (8) Search CVE
  1. 1.0.1
  2. 1.0.1d
  3. 1.0.1f
  4. 1.0.2
  5. 1.0.1a
  6. 1.0.1c
  7. 1.0.1b
  8. 1.0.1e

CWE

ID	Name	Description	Links
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.		CVE

References

Source	Link
SUSE	http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html
BUGTRAQ	http://www.securityfocus.com/archive/1/534161/100/0/threaded
HP	http://marc.info/?l=bugtraq&m=142660345230545&w=2
CONFIRM	https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
FULLDISC	http://seclists.org/fulldisclosure/2014/Apr/91
HP	http://marc.info/?l=bugtraq&m=139758572430452&w=2
SUSE	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html
CONFIRM	http://www.kerio.com/support/kerio-control/release-history
UBUNTU	http://www.ubuntu.com/usn/USN-2165-1
MLIST	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html
CONFIRM	http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
MISC	https://www.cert.fi/en/reports/2014/vulnerability788210.html
MLIST	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E
CONFIRM	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
HP	http://marc.info/?l=bugtraq&m=139889113431619&w=2
CONFIRM	http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
HP	http://marc.info/?l=bugtraq&m=139833395230364&w=2
SUSE	http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html
HP	http://marc.info/?l=bugtraq&m=139842151128341&w=2
HP	http://marc.info/?l=bugtraq&m=139817727317190&w=2
HP	http://marc.info/?l=bugtraq&m=139835815211508&w=2
HP	http://marc.info/?l=bugtraq&m=139757919027752&w=2
CONFIRM	http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01
CONFIRM	http://advisories.mageia.org/MGASA-2014-0165.html
HP	http://marc.info/?l=bugtraq&m=139835844111589&w=2
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html
HP	http://marc.info/?l=bugtraq&m=139869891830365&w=2
HP	http://marc.info/?l=bugtraq&m=139824993005633&w=2
HP	http://marc.info/?l=bugtraq&m=139843768401936&w=2
HP	http://marc.info/?l=bugtraq&m=139836085512508&w=2
HP	http://marc.info/?l=bugtraq&m=139757726426985&w=2
HP	http://marc.info/?l=bugtraq&m=139817685517037&w=2
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html
HP	http://marc.info/?l=bugtraq&m=139824923705461&w=2
HP	http://marc.info/?l=bugtraq&m=139808058921905&w=2
HP	http://marc.info/?l=bugtraq&m=139869720529462&w=2
CONFIRM	http://cogentdatahub.com/ReleaseNotes.html
HP	http://marc.info/?l=bugtraq&m=139765756720506&w=2
MISC	http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
HP	http://marc.info/?l=bugtraq&m=139757819327350&w=2
MISC	http://heartbleed.com/
HP	http://marc.info/?l=bugtraq&m=139722163017074&w=2
HP	http://marc.info/?l=bugtraq&m=139774703817488&w=2
HP	http://marc.info/?l=bugtraq&m=139774054614965&w=2
HP	http://marc.info/?l=bugtraq&m=139817782017443&w=2
FULLDISC	http://seclists.org/fulldisclosure/2014/Apr/109
CONFIRM	http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
HP	http://marc.info/?l=bugtraq&m=139889295732144&w=2
SECUNIA	http://secunia.com/advisories/59139
CONFIRM	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
CONFIRM	http://www.blackberry.com/btsc/KB35882
CONFIRM	http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
HP	http://marc.info/?l=bugtraq&m=139905295427946&w=2
EXPLOIT-DB	http://www.exploit-db.com/exploits/32764
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CERT-VN	http://www.kb.cert.org/vuls/id/720951
CONFIRM	http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
CONFIRM	http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
SECUNIA	http://secunia.com/advisories/59243
HP	http://marc.info/?l=bugtraq&m=139905202427693&w=2
HP	http://marc.info/?l=bugtraq&m=141287864628122&w=2
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
REDHAT	http://rhn.redhat.com/errata/RHSA-2014-0378.html
FULLDISC	http://seclists.org/fulldisclosure/2014/Apr/173
REDHAT	http://rhn.redhat.com/errata/RHSA-2014-0377.html
CONFIRM	http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
HP	http://marc.info/?l=bugtraq&m=139905868529690&w=2
SECUNIA	http://secunia.com/advisories/59347
HP	http://marc.info/?l=bugtraq&m=140752315422991&w=2
HP	http://marc.info/?l=bugtraq&m=140724451518351&w=2
HP	http://marc.info/?l=bugtraq&m=140075368411126&w=2
REDHAT	http://rhn.redhat.com/errata/RHSA-2014-0396.html
HP	http://marc.info/?l=bugtraq&m=139905653828999&w=2
FULLDISC	http://seclists.org/fulldisclosure/2014/Apr/90
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
HP	http://marc.info/?l=bugtraq&m=139905458328378&w=2
FULLDISC	http://seclists.org/fulldisclosure/2014/Dec/23
HP	http://marc.info/?l=bugtraq&m=139905243827825&w=2
CONFIRM	http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
HP	http://marc.info/?l=bugtraq&m=140015787404650&w=2
EXPLOIT-DB	http://www.exploit-db.com/exploits/32745
HP	http://marc.info/?l=bugtraq&m=139905405728262&w=2
CISCO	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
FULLDISC	http://seclists.org/fulldisclosure/2014/Apr/190
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=swg21670161
DEBIAN	http://www.debian.org/security/2014/dsa-2896
CONFIRM	http://www.f-secure.com/en/web/labs_global/fsc-2014-1
CONFIRM	http://www-01.ibm.com/support/docview.wss?uid=isg400001843
REDHAT	http://rhn.redhat.com/errata/RHSA-2014-0376.html
HP	http://marc.info/?l=bugtraq&m=139905351928096&w=2
CONFIRM	http://www.openssl.org/news/secadv_20140407.txt
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=1084875
MLIST	https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html
SECTRACK	http://www.securitytracker.com/id/1030079
CONFIRM	https://code.google.com/p/mod-spdy/issues/detail?id=85
CONFIRM	http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
CONFIRM	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
BID	http://www.securityfocus.com/bid/66690
CERT	http://www.us-cert.gov/ncas/alerts/TA14-098A
MISC	https://gist.github.com/chapmajs/10473815
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
MISC	https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
SECTRACK	http://www.securitytracker.com/id/1030074
SECTRACK	http://www.securitytracker.com/id/1030078
CONFIRM	http://www.splunk.com/view/SP-CAAAMB3
CONFIRM	https://filezilla-project.org/versions.php?type=server
SECTRACK	http://www.securitytracker.com/id/1030026
SECTRACK	http://www.securitytracker.com/id/1030082
SECTRACK	http://www.securitytracker.com/id/1030077
SECTRACK	http://www.securitytracker.com/id/1030080
SECTRACK	http://www.securitytracker.com/id/1030081
CONFIRM	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
HP	https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
CONFIRM	http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
CONFIRM	http://support.citrix.com/article/CTX140605
CONFIRM	https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

History of changes

Date

Event

2019-09-27 18:22

References changed

114 changed

http://seclists.org/fulldisclosure/2014/Apr/91	UNKNOWN->VENDOR_ADVISORY
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html	UNKNOWN->VENDOR_ADVISORY
http://seclists.org/fulldisclosure/2014/Apr/109	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139758572430452&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139833395230364&w=2	UNKNOWN->VENDOR_ADVISORY
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=142660345230545&w=2	UNKNOWN->VENDOR_ADVISORY
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1030079	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139889295732144&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139842151128341&w=2	UNKNOWN->VENDOR_ADVISORY
http://secunia.com/advisories/59139	UNKNOWN->VENDOR_ADVISORY
https://code.google.com/p/mod-spdy/issues/detail?id=85	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139889113431619&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/	UNKNOWN->VENDOR_ADVISORY
http://www.blackberry.com/btsc/KB35882	UNKNOWN->VENDOR_ADVISORY
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html	UNKNOWN->VENDOR_ADVISORY
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/	UNKNOWN->VENDOR_ADVISORY
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139905295427946&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.exploit-db.com/exploits/32764	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139817727317190&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139835815211508&w=2	UNKNOWN->VENDOR_ADVISORY
http://www-01.ibm.com/support/docview.wss?uid=isg400001841	UNKNOWN->VENDOR_ADVISORY
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139757919027752&w=2	UNKNOWN->VENDOR_ADVISORY
http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01	UNKNOWN->VENDOR_ADVISORY
http://advisories.mageia.org/MGASA-2014-0165.html	UNKNOWN->VENDOR_ADVISORY
http://www.kerio.com/support/kerio-control/release-history	UNKNOWN->VENDOR_ADVISORY
http://www.kb.cert.org/vuls/id/720951	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139835844111589&w=2	UNKNOWN->VENDOR_ADVISORY
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html	UNKNOWN->VENDOR_ADVISORY
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf	UNKNOWN->VENDOR_ADVISORY
http://www.securityfocus.com/bid/66690	UNKNOWN->VENDOR_ADVISORY
http://www.us-cert.gov/ncas/alerts/TA14-098A	UNKNOWN->VENDOR_ADVISORY
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139869891830365&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139824993005633&w=2	UNKNOWN->VENDOR_ADVISORY
https://gist.github.com/chapmajs/10473815	UNKNOWN->VENDOR_ADVISORY
http://secunia.com/advisories/59243	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139843768401936&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.ubuntu.com/usn/USN-2165-1	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139836085512508&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139905202427693&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=141287864628122&w=2	UNKNOWN->VENDOR_ADVISORY
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661	UNKNOWN->VENDOR_ADVISORY
http://rhn.redhat.com/errata/RHSA-2014-0378.html	UNKNOWN->VENDOR_ADVISORY
http://seclists.org/fulldisclosure/2014/Apr/173	UNKNOWN->VENDOR_ADVISORY
http://rhn.redhat.com/errata/RHSA-2014-0377.html	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139757726426985&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139817685517037&w=2	UNKNOWN->VENDOR_ADVISORY
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139905868529690&w=2	UNKNOWN->VENDOR_ADVISORY
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160	UNKNOWN->VENDOR_ADVISORY
https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E	UNKNOWN->VENDOR_ADVISORY
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html	UNKNOWN->VENDOR_ADVISORY
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html	UNKNOWN->VENDOR_ADVISORY
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139824923705461&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1030074	UNKNOWN->VENDOR_ADVISORY
http://secunia.com/advisories/59347	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139808058921905&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=140752315422991&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=140724451518351&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1030078	UNKNOWN->VENDOR_ADVISORY
http://www.splunk.com/view/SP-CAAAMB3	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139869720529462&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/	UNKNOWN->VENDOR_ADVISORY
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008	UNKNOWN->VENDOR_ADVISORY
http://cogentdatahub.com/ReleaseNotes.html	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=140075368411126&w=2	UNKNOWN->VENDOR_ADVISORY
https://www.cert.fi/en/reports/2014/vulnerability788210.html	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139765756720506&w=2	UNKNOWN->VENDOR_ADVISORY
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/	UNKNOWN->VENDOR_ADVISORY
http://rhn.redhat.com/errata/RHSA-2014-0396.html	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139757819327350&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139905653828999&w=2	UNKNOWN->VENDOR_ADVISORY
http://heartbleed.com/	UNKNOWN->VENDOR_ADVISORY
http://seclists.org/fulldisclosure/2014/Apr/90	UNKNOWN->VENDOR_ADVISORY
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139905458328378&w=2	UNKNOWN->VENDOR_ADVISORY
https://filezilla-project.org/versions.php?type=server	UNKNOWN->VENDOR_ADVISORY
http://seclists.org/fulldisclosure/2014/Dec/23	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139905243827825&w=2	UNKNOWN->VENDOR_ADVISORY
http://support.citrix.com/article/CTX140605	UNKNOWN->VENDOR_ADVISORY
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=140015787404650&w=2	UNKNOWN->VENDOR_ADVISORY
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html	UNKNOWN->VENDOR_ADVISORY
http://www.exploit-db.com/exploits/32745	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1030026	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139722163017074&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139905405728262&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1030082	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1030077	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1030080	UNKNOWN->VENDOR_ADVISORY
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E	UNKNOWN->VENDOR_ADVISORY
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed	UNKNOWN->VENDOR_ADVISORY
http://seclists.org/fulldisclosure/2014/Apr/190	UNKNOWN->VENDOR_ADVISORY
http://www-01.ibm.com/support/docview.wss?uid=swg21670161	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139774703817488&w=2	UNKNOWN->VENDOR_ADVISORY
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00	UNKNOWN->VENDOR_ADVISORY
http://www.debian.org/security/2014/dsa-2896	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1030081	UNKNOWN->VENDOR_ADVISORY
http://www.securityfocus.com/archive/1/534161/100/0/threaded	UNKNOWN->VENDOR_ADVISORY
http://www.f-secure.com/en/web/labs_global/fsc-2014-1	UNKNOWN->VENDOR_ADVISORY
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	UNKNOWN->VENDOR_ADVISORY
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken	UNKNOWN->VENDOR_ADVISORY
http://www-01.ibm.com/support/docview.wss?uid=isg400001843	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139774054614965&w=2	UNKNOWN->VENDOR_ADVISORY
http://rhn.redhat.com/errata/RHSA-2014-0376.html	UNKNOWN->VENDOR_ADVISORY
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139905351928096&w=2	UNKNOWN->VENDOR_ADVISORY
http://marc.info/?l=bugtraq&m=139817782017443&w=2	UNKNOWN->VENDOR_ADVISORY