Summary

Acunetix 360 identified the OpenSSL Heartbleed vulnerability in the target web server.

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.

Impact

An attacker can obtain information such as:

  • Private keys.
  • Information about the cookies.
  • HTTP(S) headers.
  • User credentials from the HTTP POST data.

Remediation

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

Severity

Critical

Classification

PCI v3.2-6.5.2 CAPEC-216 CWE-119 ISO27001-A.14.2.5 OWASP 2013-A6 OWASP 2017-A9 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C