- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
OpenSSL Heartbleed bug: CVE-2014-0160
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- OpenSSL Heartbleed bug: CVE-2014-0160
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
OpenSSL Heartbleed bug: CVE-2014-0160
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-07-2014 10:35 PM
Hi,
Just wondering if any Palo Alto versions are affected by this bug in OpenSSL?
Regards
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 02:46 AM
Palo Alto has just released threat and content version 430
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 02:49 AM
yes, and I've just applied it and still the same. No entries in threat log for threated 36416 when doing vulnerability tests with all available online tools.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 03:35 AM
Are you performing SSL inspection? Still trying to work out if this is required to catch this vulnerability with IPS... Depends if it happens inside an establish TLS tunnel or in clear text I suppose?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 03:39 AM
This does not require to have inbound SSL inspection in place. The vuln is detected during SSL negotiation.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 03:56 AM
I guess the targeted host must have a vulnerable version of openssl installed to trigger one of the four TP signatures. At least I cannot trigger an alert with 430 installed against a non vulnerable host. Makes sense somehow...
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 05:10 AM
Thank you!
Got it all working perfectly now at several locations. I also created a custom rule to block/drop those medium severity signatures in the latest update, this results in the online tests failing too (malformed response) to give clients some extra peace of mind.
Seeing a large number of IPs from China trying to exploit this!
Several days of replacing SSL certificates ahead of me now!
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 05:30 AM
Good luck !
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 05:49 AM
davido140 wrote:
Thank you!
Got it all working perfectly now at several locations. I also created a custom rule to block/drop those medium severity signatures in the latest update, this results in the online tests failing too (malformed response) to give clients some extra peace of mind.
Seeing a large number of IPs from China trying to exploit this!
Several days of replacing SSL certificates ahead of me now!
What parameters did you use to trigger this rule? I'm not seeing any way to trigger on a threat ID or anything like that.:smileyconfused:
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 06:03 AM
Just used heartbleed in the threat name on the rule in the Vuln' protection profile and set the action to block
This forces traffic to be dropped for the "medium" severity threats related to heartbleed in the 430 update.
Effect from one of the online tests will be a timeout and you'll get an event in the threat log.
The target system MUST be vulnerable to trigger these signatures, if you've already patched it you wont see anything in the logs.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-10-2014 06:09 AM
I cannot get the 430 update to download it failed
- Firewall shows disconnected from Panorama after upgrade to 10.1.5-h1 in General Topics
- CVE-2022-0778 OpenSSL infinite loop vulnerability in Threat & Vulnerability Discussions
- Failures to connect with GlobalProtect 5.2.10 on Android 12 devices in GlobalProtect Discussions
- Global Protect stopped working after upgrade to 5.2.9 in GlobalProtect Discussions
- Mac OS userID using Syslog and Web Server Authentication in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
