CVE-2014-0160 OpenSSL Heartbleed Vulnerability

About Networking Vendors

Vendor Affected Announcement Announce Date
A10 None External link at A10 2014-04-09
Arbor Networks None Internal Field Notification Only (login required) 2014-04-15
Aruba Networks Few Version External Document at Aruba Alert 2014-04-08
BlueCoat Few Version & Platform External link at BlueCoat KB 2014-04-09
Brocade None External link at Brocade 2014-04-16
CheckPoint Verifing… External link at CheckPoint 2014-04-08
Cisco Verifing… External link at Cisco 2014-04-09
Dlink Being Confirmed…
Enterasys (Part of Extreme) Being Confirmed…
Extreme Networks Few Products External link at Extreme 2014-04-14
F5 Few Version External link at F5 Detect Attack iRule 2014-04-08
FireEye Few Product External link at FireEye 2014-04-16
Fortinet Few Version & Platform External link at FortiGuard 2014-04-08
iMPERVA Only v10.5 External link at iMPERVA (login required) 2014-04-11
Juniper Multi Platform :!: External link at Juniper KB 2014-04-08
McAfee Multi Products External link at McAfee 2014-04-08
NetAxle None External link at NetAxle
Palo Alto None External link at Palo Alto 2014-04-09
Ruckus Wireless Only “Smart Cell Gateway” External link at Ruckus Security 2014-04-14
Sophers Few Version External link at Sophers 2014-04-08
Sourcefire (Part of Cisco) Check Cisco
Splunk Few Version External link at Splunk Answers 2014-04-09
TippingPoint None PDF at TMC 2014-04-09
VMware Multi Version :!: External link at VMware KB 2014-04-09
Websense Few Version External link at Websense 2014-04-09

Best Practices

  • Upgrade if possible (if not, then disable heartbeats)
  • Revoke all current keys and replace them with new ones
  • Reissue certificate and revocation old certificate
  • Change any credentials that may have been loaded into memory by the vulnerable processes

Further Reading

cve/cve-2014-0160.txt · 上一次變更: 2014/04/17 11:18 由 jal
上一頁 | 下一頁 | 回首頁 | RSS Feed | Facebook