Vulnerability identifier: #VU5373

Vulnerability risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2014-0160

CWE-ID: CWE-200

Exploitation vector: Network

Exploits in database: 14

• October 21, 2020
  • ssl-heartbleed.nse (Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160) [Github]
• September 1, 2020
  • Heartexploit (Aquí está mi nuevo y primer exploit web, este exploit ataca a la vulnerabilidad de HeartBleed (CVE-2014-0160) espero que os guste.) [Github]
• July 15, 2020
  • heartbleed (Simple OpenSSL TLS Heartbeat (CVE-2014-0160) Scanner and Exploit (Multiple SSL/TLS versions)) [Github]
• March 18, 2020
  • CVE-2014-0160 (openssl Heart Bleed Exploit: CVE-2014-0160 Mass Security Auditor) [Github]
  • ssl-heartbleed.nse (Nmap NSE script that discovers/exploits Heartbleed/CVE-2014-0160.) [Github]
  • heartbleed-PoC (:broken_heart: Hearbleed exploit to retrieve sensitive information CVE-2014-0160 :broken_heart:) [Github]
  • pacemaker (Heartbleed (CVE-2014-0160) client exploit) [Github]
  • Heartexploit (Aquí está mi nuevo y primer exploit web, este exploit ataca a la vulnerabilidad de HeartBleed (CVE-2014-0160) espero que os guste.) [Github]
  • OpenSSL Heartbeat (Heartbleed) Client Memory Exposure [Metasploit]
  • OpenSSL Heartbeat (Heartbleed) Information Leak [Metasploit]
  • OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (2) (DTLS Support) [Exploit-DB]
  • OpenSSL TLS Heartbeat Extension - 'Heartbleed' Information Leak Exploit (1) [Exploit-DB]
  • OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS versions) [Exploit-DB]
  • OpenSSL TLS Heartbeat Extension - ''Heartbleed' Memory Disclosure [Exploit-DB]

Impact: Code execution

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation