OpenSSL Heartbleed bug: CVE-2014-0160

Reply
Not applicable

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Yes, it looks to have just went live. Any reason as to why it was originally pulled and then re-released?

L7 Applicator

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Initially there was an issue, the newly added signature was not visible until the user logout and login again into the GUI.

Thanks

L2 Linker

Re: OpenSSL Heartbleed bug: CVE-2014-0160

I have applied it but when we test our websites using Test your server for Heartbleed (CVE-2014-0160) it reports our sites as vulnerable.

L4 Transporter

Re: OpenSSL Heartbleed bug: CVE-2014-0160

So this update can be installed during work hours and not cause any issues to the operation of the PA

L4 Transporter

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Is that a question? If it is the answer is yes.

L4 Transporter

Re: OpenSSL Heartbleed bug: CVE-2014-0160

rgreens, mine is doing the same thing still. Is the update not working?

L1 Bithead

Re: OpenSSL Heartbleed bug: CVE-2014-0160

rgreens, Are you seeing the vulnerability signature firing in the Threat Log?  When we try either that website or the Python script that is going around against our websites, I do not see anything in the Threat log after we have applied 429-2164.

L2 Linker

Re: OpenSSL Heartbleed bug: CVE-2014-0160

Nothing in the threat log either.

L4 Transporter

Re: OpenSSL Heartbleed bug: CVE-2014-0160

I'm using ssltest.py to test various sites both behind a pair of PA firewalls and internal sites where traffic is monitored by a PA4020 in tap mode only, and I can't get the threat alert to fire off when I test sites. Is anyone else having trouble verifying the threat rule is working?

For reference I'm using ssltest.py from here:

Python Heartbleed (CVE-2014-0160) Proof of Concept

L4 Transporter

Re: OpenSSL Heartbleed bug: CVE-2014-0160

I was not able to get the signature to fire neither....

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!