Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [heartbleed]

The Heartbleed bug is a vulnerability in OpenSSL's TLS implementation. The CVE ID for this issue is CVE-2014-0160

The Heartbleed vulnerability allows stealing the information which is protected by SSL/TLS encryption, as well as potential disclosure of private keys.

Any application using OpenSSL for its TLS implementation is potentially vulnerable, which means there is large variety of vulnerable applications such as Web browsers, Email clients and Instant Messaging softare.

See http://heartbleed.com or CVE-2014-0160 for more information.

63 questions
-1
votes
2 answers

Is a server running iis with a certificate issued by godaddy vulnerable to heartbleed

Is a server running IIS that is hosted by rackspace but using an SSL certificate issued by godaddy vulnerable to heartbleed? Since it seemed that somebody thought this was worthy of down-voting, let me generalize the question a bit: if an IIS server…
balazs
  • 155
  • 1
  • 1
  • 4
-2
votes
1 answer

Fedora 15 openssl heartbleed

I am running a fedora 15 2.6.32-042stab081.3 x64, I have OpenSSL 1.0.0j-fips 10 May 2012 which I understand to not be infected. However every test tool out there is reporting the site maybe vulnerable based on the age of the certificate. So while…
Shaun Forsyth
  • 160
  • 1
  • 4
-4
votes
1 answer

Heartbleed: What if OpenSSL has been patched but SSL certs not yet rekeyed?

Does anyone know what entry point a hacker could have if a sever's OpenSSL has been patched but a site's SSL certs have not yet been rekeyed? Thanks!
Honey Badger
  • 809
  • 3
  • 11
  • 15
1 2 3 4
5