https://wiki.openssl.org/index.php?title=SECADV_20140407&feed=atom&action=history
SECADV 20140407 - Revision history
2024-03-29T10:04:13Z
Revision history for this page on the wiki
MediaWiki 1.35.6
https://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1698&oldid=prev
Tjh: correct page name
2014-06-05T23:30:13Z
<p>correct page name</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 23:30, 5 June 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>= <del class="diffchange diffchange-inline">SECADV_2014047 </del>=</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>= <ins class="diffchange diffchange-inline">SECADV_20140407 </ins>=</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>A missing bounds check in the handling of the TLS heartbeat extension can be</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>A missing bounds check in the handling of the TLS heartbeat extension can be</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l14" >Line 14:</td>
<td colspan="2" class="diff-lineno">Line 14:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|-</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|-</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| 07-Apr-2014 </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| 07-Apr-2014 </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>| [https://www.openssl.org/news/secadv_20140407.txt <del class="diffchange diffchange-inline">SECADV_20140477</del>] </div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>| [https://www.openssl.org/news/secadv_20140407.txt <ins class="diffchange diffchange-inline">SECADV_20140407</ins>] </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| TLS heartbeat read overrun</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| TLS heartbeat read overrun</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] </div></td></tr>
</table>
Tjh
https://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1695&oldid=prev
Tjh: moved SECADV 2014047 to SECADV 20140407: get the name right
2014-06-05T23:29:06Z
<p>moved <a href="/index.php/SECADV_2014047" class="mw-redirect" title="SECADV 2014047">SECADV 2014047</a> to <a href="/index.php/SECADV_20140407" title="SECADV 20140407">SECADV 20140407</a>: get the name right</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 23:29, 5 June 2014</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>
Tjh
https://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1629&oldid=prev
Jwalton: Cloudfare -> Cloudflare.
2014-04-27T21:12:31Z
<p>Cloudfare -> Cloudflare.</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 21:12, 27 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l59" >Line 59:</td>
<td colspan="2" class="diff-lineno">Line 59:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>:* [https://gist.github.com/epixoip/10570627 '''<del class="diffchange diffchange-inline">Cloudfare </del>Challenge Writeup'''] Jeremi M Gosney</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>:* [https://gist.github.com/epixoip/10570627 '''<ins class="diffchange diffchange-inline">Cloudflare </ins>Challenge Writeup'''] Jeremi M Gosney</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]</div></td></tr>
</table>
Jwalton
https://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1627&oldid=prev
Matt: Typo correction
2014-04-27T11:50:28Z
<p>Typo correction</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 11:50, 27 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l33" >Line 33:</td>
<td colspan="2" class="diff-lineno">Line 33:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Either party in an SSL/TLS channel can request a heartbeat response from the peer. </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Either party in an SSL/TLS channel can request a heartbeat response from the peer. </div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This means a client <del class="diffchange diffchange-inline">and </del>send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This means a client <ins class="diffchange diffchange-inline">can </ins>send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Solutions and Workarounds ==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Solutions and Workarounds ==</div></td></tr>
</table>
Matt
https://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1625&oldid=prev
Tjh at 04:21, 27 April 2014
2014-04-27T04:21:25Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 04:21, 27 April 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l21" >Line 21:</td>
<td colspan="2" class="diff-lineno">Line 21:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| OpenSSL-1.0.1g </div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>| OpenSSL-1.0.1g </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>OpenSSL-1.0.2-beta2</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>OpenSSL-1.0.2-beta2</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">| [[SECADV_2014047]]</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|}</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|}</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>
Tjh
https://wiki.openssl.org/index.php?title=SECADV_20140407&diff=1624&oldid=prev
Tjh: Initial list of useful links and summary details for heartbeat advisory
2014-04-27T04:20:43Z
<p>Initial list of useful links and summary details for heartbeat advisory</p>
<p><b>New page</b></p><div>= SECADV_2014047 =<br />
<br />
A missing bounds check in the handling of the TLS heartbeat extension can be<br />
used to reveal up to 64k of memory to a connected client or server.<br />
<br />
{| class="wikitable" border="1"<br />
|-<br />
! scope="col" | Date<br />
! scope="col" | Advisory<br />
! scope="col" | Description<br />
! scope="col" | CVE<br />
! scope="col" | Affected Versions<br />
! scope="col" | Fixed In Versions<br />
|-<br />
| 07-Apr-2014 <br />
| [https://www.openssl.org/news/secadv_20140407.txt SECADV_20140477] <br />
| TLS heartbeat read overrun<br />
| [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 CVE-2014-1060] <br />
| OpenSSL-1.0.1a to OpenSSL-1.0.1f<br />
OpenSSL-1.0.2 betas<br />
| OpenSSL-1.0.1g <br />
OpenSSL-1.0.2-beta2<br />
| [[SECADV_2014047]]<br />
|}<br />
<br />
== Abstract ==<br />
<br />
Due to a missing / incorrect bounds check in the code it is possible to return chunks of memory from a TLS peer (client or server)<br />
by sending invalid requests which are incorrectly processed.<br />
<br />
The memory returned may contain sensitive information such as the private key, account names and/or passwords.<br />
<br />
== Technical Details ==<br />
<br />
Either party in an SSL/TLS channel can request a heartbeat response from the peer. <br />
This means a client and send a request to a server or a server can send a request to a client making each vulnerable to attach from the other end.<br />
<br />
== Solutions and Workarounds ==<br />
<br />
:* Upgrade to OpenSSL 1.0.1g. <br />
:** This is the recommended option from the OpenSSL team.<br />
:* Rebuild your affected OpenSSL release with the heartbeat feature disabled<br />
:** This is as simple as a recompilation with -DOPENSSL_NO_HEARTBEATS<br />
:* Block the heartbeat processing in your application code<br />
:** [https://gist.github.com/t-j-h/11337380 heartbeat_block.c] Example application code showing msg_cb use to block heartbeat<br />
<br />
== Detecting Vulnerability ==<br />
<br />
:* [https://gist.github.com/robstradling/10363389 heartbleed.c] Rob Stradling<br />
::* C code exampling using OpenSSL library to detect if a server is vulnerable. Requires completed handshake prior to sending invalid heartbeat probe.<br />
:* [https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl check-ssl-heartbleed.pl] Steffen Ullrich<br />
::* Standalone perl script to detect if a server is vulnerable. Sends a ClientHello message and then an invalid heartbeat probe without waiting for the handshake to complete.<br />
:* [https://code.google.com/p/mike-bland/source/browse/heartbleed/heartbleed_test.c heartbleed_test.c] Mike Bland ([https://github.com/openssl/openssl/pull/81 git pull request])<br />
::* Regression / Unit Test Suite<br />
:* [http://blog.meldium.com/home/2014/4/10/testing-for-reverse-heartbleed Testing For Reverse HeartBleed]<br />
:* [https://github.com/ah8r/cardiac-arrest Cardiac Arrest] <br />
::* Standalone Python script to detect if a server is vulnerable. <br />
<br />
== References ==<br />
<br />
:* [http://heartbleed.com/ '''HeartBleed'''] [http://www.codenomicon.com/ CodeNomicon ]<br />
:* [https://gist.github.com/epixoip/10570627 '''Cloudfare Challenge Writeup'''] Jeremi M Gosney<br />
:* [https://bugzilla.redhat.com/attachment.cgi?id=883475 RedHat fix commit]<br />
:* [https://plus.google.com/+MarkJCox/posts/TmCbp3BhJma Timeline] Mark J Cox<br />
:* [http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140415-zqurk.html Heartbleed disclosure timeline: who knew what and when] Sydney Morning Herald<br />
:* [http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- Bugs in Heartbleed detection scripts]</div>
Tjh