It can be used to detect heartbleed vulnerability via URL, host list (text file) or even IP range.
Problem has been uncovered by Neel Mehta at Google and a team (Riku, Antti and Matti) at Codenomicon, and the following versions of OpenSSL are affected:OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 – OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)
Versions lower than 1.0.1 are not vulnerable (0.9.x) or compiled with -DOPENSSL_NO_HEARTBEATS.
0 comments:
Post a Comment