OpenSSL Heartbleed bug: CVE-2014-0160

Showing results for 
Show  only  | Search instead for 
Did you mean: 

OpenSSL Heartbleed bug: CVE-2014-0160

L1 Bithead


Just wondering if any Palo Alto versions are affected by this bug in OpenSSL?



Application and Threat Content Release Notes

Version 429

Notes: A critical vulnerability in OpenSSL (CVE-2014-0160: OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, which effectively exposes primary key material and compromises the integrity of the secure channel.

To address this vulnerability, Palo Alto Networks has released an emergency content update that provides detection of attempted exploitation of CVE-2014-0160 with IPS vulnerability signature ID 36416 ("OpenSSL TLS Heartbeat Information Disclosure Vulnerability") with critical severity and a default action of block. Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices. If you have any questions about coverage for this advisory, please contact Support.

Modified Decoders (1)



New Vulnerability Signatures (1)



Attack Name


Vendor ID

Default Action

Minimum PAN-OS Version



OpenSSL TLS Heartbeat Information Disclosure Vulnerability



  1. 3.1.0

L4 Transporter

How do you check for ssl version

Anyone else not able to get this update to show up in dynamic updates? Or am I missing something?

I have installed Application and Threat Content Release 429 but I cannot find the Signature....?





Anyone else ?

I just checked on the Dynamic Updates Website on Support, it's not there.... Withdrawal ?

Version 429 isn't showing up for me either.

Ok I have deleted the Content Image 429 on the Firewall and hit the Check now button again, not coming down the line anymore ...

Something screwed up 429 ?

Hello gafrol,

If you have an issue with 429 not being able to see the new tid, can you log out of the device then log back in again and see if you see it.



Did not help either. For some reason 429 is not available for download anymore.

I just was told that they revoked the 429 update... New release time is unknown

L4 Transporter

openssl version does not work on my windows server

Windows has its own implementation of SSL they are not using openssl. To check openssl version simply enter "openssl version" on the cmd line.

Hello gafrol,

Contents 429 has been pulled, it is not available for download anymore.


Content 429 has been pulled and PAN engineering team  is working on it. We will keep you updated on this.


yes I tried that command and it did not work on my windows servers

Looks like it's available again...just a minute ago.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!