CVE-2014-0160

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2014-0160, commonly known as the Heartbleed vulnerability, is a significant flaw in software design or implementation that was discovered in 2014. The vulnerability lies within OpenSSL, a widely used open-source software for encrypting internet services. Despite its age, this vulnerability continues to pose a significant threat. Symantec observed attempts by Leafminer, an advanced persistent threat group, to scan for the Heartbleed vulnerability from an attacker-controlled IP address, emphasizing the ongoing risk associated with this flaw. The Heartbleed vulnerability has remained stubbornly prevalent over the years, ranking fifth on the list of most common vulnerabilities from the KEV Catalog. Even eight years after its discovery, more than 190,000 systems appear to still be vulnerable to this flaw. This high number of potentially exploitable systems highlights the need for continued vigilance and patching efforts from businesses and individuals alike. Despite the widespread awareness and media coverage of the Heartbleed vulnerability, it remains a significant issue. Recent reports have dominated infosec headlines, indicating that the problem is far from resolved. While newer vulnerabilities like the BlueKeep from 2019 and a medium-severity flaw (CVE-2021-40438) from 2021 also pose threats, the enduring presence of the Heartbleed vulnerability underscores the importance of addressing both old and new security flaws to ensure comprehensive protection.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Heartbleed
1
Heartbleed is a significant software vulnerability that was discovered in 2014 within the OpenSSL cryptographic software library, which provides secure communication for applications such as web, email, instant messaging, and some virtual private networks. The flaw, officially known as CVE-2014-0160
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Symantec
flaw
Docker
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LeafminerUnspecified
1
Leafminer is a highly active threat actor group, primarily targeting organizations in the Middle East. The group employs various intrusion methods such as watering hole websites, vulnerability scans of network services on the internet, and brute-force/dictionary login attempts. Leafminer's arsenal i
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-40438Unspecified
1
None
Source Document References
Information about the CVE-2014-0160 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
50+ Network Penetration Testing Tools for Hackers & Security Professionals - 2023
CERT-EU
a year ago
April 2023’s Most Wanted Malware: Qbot Launches Substantial Malspam Campaign and Mirai Makes its Return - Check Point Blog
MITRE
a year ago
Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions
CERT-EU
a year ago
15M+ Services & Apps Remain Sitting Ducks for Known Exploits
CERT-EU
a year ago
May 2023's Most Wanted Malware : New Version of Guloader Delivers Encrypted Cloud-Based Payloads – Global Security Mag Online
CERT Polska
a year ago
Testing Heartbleed from the client-side perspective
DARKReading
a month ago
Heartbleed: When Is It Good to Name a Vulnerability?
CERT-EU
5 months ago
CVE-2014-0224 | Security
CERT-EU
a year ago
Information disclosure in HP Smart Update Manager (SUM)