Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: heartbleed OpenSSL bug CVE-2014-0160
From: Andrew Case <atcuno () gmail com>
Date: Mon, 07 Apr 2014 19:35:47 -0500

its 64KB per request so you can read much more than that through
multiple requests

Thanks,
Andrew (@attrc)

On 4/7/2014 7:10 PM, Kirils Solovjovs wrote:
We are doomed.

Description: http://www.openssl.org/news/vulnerabilities.html
Article dedicated to the bug: http://heartbleed.com/
Tool to check if TLS heartbeat extension is supported:
http://possible.lv/tools/hb/

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64kB of memory to a connected client or server.

1.0.1[ abcdef] affected.


P.S. Happy Monday!

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault