This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Heratbleed CVE-2014-0160 - New Vulnerability Signatures

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Heratbleed CVE-2014-0160 - New Vulnerability Signatures

bdeschut
L4 Transporter

‎04-11-2014 04:02 AM

Palo Alto released multiple vulnerabilities for the Heartbleed bug.

New Vulnerability Signatures (3)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

medium

40039

OpenSSL TLS Heartbeat Brute Force - Heartbleed

CVE-2014-0160

alert

  1. 3.1.0

informational

36417

OpenSSL TLS Heartbeat Found

alert

  1. 3.1.0

medium

36418

OpenSSL TLS Malformed Heartbeat Response Found - Heartbleed

alert

  1. 3.1.0

Modified Vulnerability Signatures (1)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

critical

36416

OpenSSL TLS Heartbeat Information Disclosure Vulnerability - Heartbleed

CVE-2014-0160

reset-server

  1. 3.1.0

Are we fully protected when using the default settings?

Could there be any negative impact when setting "OpenSSL TLS Malformed Heartbeat Response Found - Heartbleed" also to drop? Or any of the other?


Kind regards

Labels:
0 Likes Likes
5 REPLIES 5

VinceM
L5 Sessionator

‎04-11-2014 05:01 AM

Hi,

This new package it too new for having feeback? But you can test it with "alert" as action with no risk 🙂

Hope help

V.

0 Likes Likes

infotech
L4 Transporter

‎04-11-2014 06:02 AM

So there is another updated issue for heartbleed?

0 Likes Likes

ericgearhart
L4 Transporter

‎04-11-2014 08:41 AM

FYI just for the benefit of the community, I have run ssltest.py against an internal server that is known to be susceptible to heartbleed and ssltest.py reports it as NOT VULNERABLE. We have tested nmap's ssl-heartbleed NSE script against the same server and Nmap's NSE script correctly identifies it as vulnerable.

Long story short, be careful what scripts you're running to verify if servers seem to be vulnerable or not

ericgearhart
L4 Transporter

‎04-11-2014 08:43 AM

Also I just looked and it appears that the NMAP NSE script causes our PA4020 to correctly flag "OpenSSL TLS Heartbeat found" when I scan the vulnerable server! So the PA threat update is working

0 Likes Likes

infotech
L4 Transporter
In response to ericgearhart

‎04-11-2014 08:51 AM

And the choices that you have on the PA are to alert or block. How many users are blocking?

0 Likes Likes
  • 3405 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks