Details | |
---|---|
Alert ID | 20015 |
Alert Type | Active |
Status | release |
Risk | High |
CWE | 119 |
WASC | 20 |
Technologies Targeted | All |
Tags |
CVE-2014-0160 CWE-119 OWASP_2017_A09 OWASP_2021_A06 POLICY_QA_FULL WSTG-V42-CRYP-01 |
More Info |
Scan Rule Help |
Summary
The TLS implementation in OpenSSL 1.0.1 before 1.0.1g does not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, potentially disclosing sensitive information.