https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22323#M16279 <HTML><HEAD></HEAD><BODY><P>And the choices that you have on the PA are to alert or block. How many users are blocking?</P></BODY></HTML> Fri, 11 Apr 2014 15:51:23 GMT infotech 2014-04-11T15:51:23Z https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22318#M16274 <HTML><HEAD></HEAD><BODY><P>Palo Alto released multiple vulnerabilities for the Heartbleed bug.</P><P></P><H3>New Vulnerability Signatures (3)</H3><TABLE border="0" cellpadding="0" style="width: 90%;"><TBODY><TR><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="71"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Severity</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="71"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Attack Name</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="105"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">CVE ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="80"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Vendor ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="18%"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Default Action</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="18%"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Minimum PAN-OS Version</STRONG></P></TD></TR><TR><TD style="background: #F7D600; padding: .75pt 3.75pt .75pt 3.75pt;"><P align="center" style="text-align: center;"><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">medium</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">40039</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">OpenSSL TLS Heartbeat Brute Force - Heartbleed</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">CVE-2014-0160</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">alert</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><OL style="list-style-type: decimal;"><LI><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">3.1.0</SPAN></LI></OL></TD></TR><TR><TD style="background: white; padding: .75pt 3.75pt .75pt 3.75pt;"><P align="center" style="text-align: center;"><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">informational</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">36417</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">OpenSSL TLS Heartbeat Found</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">alert</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><OL style="list-style-type: decimal;"><LI><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">3.1.0</SPAN></LI></OL></TD></TR><TR><TD style="background: #F7D600; padding: .75pt 3.75pt .75pt 3.75pt;"><P align="center" style="text-align: center;"><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">medium</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">36418</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">OpenSSL TLS Malformed Heartbeat Response Found - Heartbleed</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">alert</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><OL style="list-style-type: decimal;"><LI><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">3.1.0</SPAN></LI></OL></TD></TR></TBODY></TABLE><P></P><H3>Modified Vulnerability Signatures (1)</H3><TABLE border="0" cellpadding="0" width="90%"><TBODY><TR><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="71"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Severity</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="71"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Attack Name</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="105"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">CVE ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="80"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Vendor ID</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="18%"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Default Action</STRONG></P></TD><TD style="background: #999999; padding: 1.5pt 1.5pt 1.5pt 1.5pt;" width="18%"><P align="center" style="text-align: center;"><STRONG style="color: white; font-size: 9.0pt; font-family: 'Tahoma','sans-serif';">Minimum PAN-OS Version</STRONG></P></TD></TR><TR><TD style="background: #EF3942; padding: .75pt 3.75pt .75pt 3.75pt;"><P align="center" style="text-align: center;"><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">critical</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">36416</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">OpenSSL TLS Heartbeat Information Disclosure Vulnerability - Heartbleed</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">CVE-2014-0160</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">reset-server</SPAN></P></TD><TD style="background: #EEEEEE; padding: .75pt 3.75pt .75pt 3.75pt;"><OL style="list-style-type: decimal;"><LI><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">3.1.0</SPAN></LI></OL></TD></TR></TBODY></TABLE><P></P><P>Are we fully protected when using the default settings?</P><P>Could there be any negative impact when setting "<SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">OpenSSL TLS Malformed Heartbeat Response Found - Heartbleed" also to drop? Or any of the other?<BR /></SPAN></P><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;"><BR /></SPAN></P><P><SPAN style="font-size: 9.0pt; font-family: 'Tahoma','sans-serif'; color: #111111;">Kind regards</SPAN></P></BODY></HTML> Fri, 11 Apr 2014 11:02:43 GMT https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22318#M16274 ${userLoginName} 2014-04-11T11:02:43Z https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22319#M16275 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>This new package it too new for having feeback? But you can test it with "alert" as action with no risk <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Hope help</P><P></P><P>V.</P></BODY></HTML> Fri, 11 Apr 2014 12:01:56 GMT https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22319#M16275 VinceM 2014-04-11T12:01:56Z https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22320#M16276 <HTML><HEAD></HEAD><BODY><P>So there is another updated issue for heartbleed?</P></BODY></HTML> Fri, 11 Apr 2014 13:02:21 GMT https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22320#M16276 infotech 2014-04-11T13:02:21Z https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22321#M16277 <HTML><HEAD></HEAD><BODY><P>FYI just for the benefit of the community, I have run ssltest.py against an internal server that is known to be susceptible to heartbleed and ssltest.py reports it as NOT VULNERABLE. We have tested nmap's ssl-heartbleed NSE script against the same server and Nmap's NSE script correctly identifies it as vulnerable.</P><P></P><P>Long story short, be careful what scripts you're running to verify if servers seem to be vulnerable or not</P></BODY></HTML> Fri, 11 Apr 2014 15:41:40 GMT https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22321#M16277 ericgearhart 2014-04-11T15:41:40Z https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22322#M16278 <HTML><HEAD></HEAD><BODY><P>Also I just looked and it appears that the NMAP NSE script causes our PA4020 to correctly flag "OpenSSL TLS Heartbeat found" when I scan the vulnerable server! So the PA threat update is working</P></BODY></HTML> Fri, 11 Apr 2014 15:43:47 GMT https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22322#M16278 ericgearhart 2014-04-11T15:43:47Z https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22323#M16279 <HTML><HEAD></HEAD><BODY><P>And the choices that you have on the PA are to alert or block. How many users are blocking?</P></BODY></HTML> Fri, 11 Apr 2014 15:51:23 GMT https://live.paloaltonetworks.com/t5/general-topics/heratbleed-cve-2014-0160-new-vulnerability-signatures/m-p/22323#M16279 infotech 2014-04-11T15:51:23Z