1006010 – Restrict OpenSSL TLS/DTLS Heartbeat Request
1006011 – OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerability
1006012 – Identified Suspicious OpenSSL TLS/DTLS Heartbeat Request
Need Help?
Need More Help?
Create a technical support case if you need further support.
Deep Security: Protecting against the Heartbleed Bug (CVE-2014-0160)
Summary
Just recently, a vulnerability involving the Heartbeat extension of OpenSSL has been released. This vulnerability, dubbed as the Heartbleed Bug, exists on all OpenSSL implementations that use the Heartbeat extension. When exploited on a vulnerable server, it can allow an attacker to read a portion — up to 64 KB’s worth — of the computer’s memory at a time, without leaving any traces.
Read more here:
Who are Affected:
1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.
Details
For customers using Deep Security, we have released DSRU14-009, which includes coverage for the OpenSSL Heartbeat Information Disclosure Vulnerability (CVE-2014-0160).
We recommend customers to download and apply the latest rule update, released on April 8, 2014.
You can double-check and make sure the latest rule has been applied by going to Administration > Updates > Security Updates.
Also ensure that the related rules are also properly assigned to the policy and/or affected computers:
Note: These rules are not subject to being recommended by Recommendation scans because we cannot detect the embedded OpenSSL version. Customers are advised to assign the rules manually to affected machines.
Rating: |
Category: Configure; Remove a Malware / Virus |
Solution Id: 1103115 |
Feedback
Did this article help you?
Thank you for your feedback!