SSL Heartbleed
Overview #
The SSL standard includes a heartbeat option, which allows a computer at one end of an SSL connection to send a short message to verify that the other computer is still online and get a response back. Researchers found that it’s possible to send a cleverly formed, malicious heartbeat message that tricks the computer at the other end into divulging secret information. Specifically, a vulnerable computer can be tricked into transmitting the contents of the server’s memory, known as RAM.
CVE-2014-0160
Versions Affected #
- SSL V3
Public Exlploits #
you may need to run exploits multiple times to capture some output from server memory such as scheduled processes