Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Heratbleed CVE-2014-0160 - New Vulnerability Signatures

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Heratbleed CVE-2014-0160 - New Vulnerability Signatures

L4 Transporter

Palo Alto released multiple vulnerabilities for the Heartbleed bug.

New Vulnerability Signatures (3)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

medium

40039

OpenSSL TLS Heartbeat Brute Force - Heartbleed

CVE-2014-0160

alert

  1. 3.1.0

informational

36417

OpenSSL TLS Heartbeat Found

alert

  1. 3.1.0

medium

36418

OpenSSL TLS Malformed Heartbeat Response Found - Heartbleed

alert

  1. 3.1.0

Modified Vulnerability Signatures (1)

Severity

ID

Attack Name

CVE ID

Vendor ID

Default Action

Minimum PAN-OS Version

critical

36416

OpenSSL TLS Heartbeat Information Disclosure Vulnerability - Heartbleed

CVE-2014-0160

reset-server

  1. 3.1.0

Are we fully protected when using the default settings?

Could there be any negative impact when setting "OpenSSL TLS Malformed Heartbeat Response Found - Heartbleed" also to drop? Or any of the other?


Kind regards

5 REPLIES 5

L5 Sessionator

Hi,

This new package it too new for having feeback? But you can test it with "alert" as action with no risk 🙂

Hope help

V.

L4 Transporter

So there is another updated issue for heartbleed?

L4 Transporter

FYI just for the benefit of the community, I have run ssltest.py against an internal server that is known to be susceptible to heartbleed and ssltest.py reports it as NOT VULNERABLE. We have tested nmap's ssl-heartbleed NSE script against the same server and Nmap's NSE script correctly identifies it as vulnerable.

Long story short, be careful what scripts you're running to verify if servers seem to be vulnerable or not

L4 Transporter

Also I just looked and it appears that the NMAP NSE script causes our PA4020 to correctly flag "OpenSSL TLS Heartbeat found" when I scan the vulnerable server! So the PA threat update is working

And the choices that you have on the PA are to alert or block. How many users are blocking?

  • 3807 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!