Os artigos refletem a opinião pessoal do autor, e não de seus empregadores.

segunda-feira, 14 de abril de 2014

Lista Heartbleed

Segue uma lista de referencia para o problema do Heartbleed

Descrição da vulnerabilidade:

Use as aplicações abaixo para verificar se um site está vulnerável: 

Alertas de Fabricantes: 
Aruba - http://www.arubanetworks.com/support/alerts/aid-040814.asc
Bluecoat - http://kb.bluecoat.com/index?page=content&id=SA79&actp=RSS
Checkpoint - https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173
Cisco/Sourcefire IDS/IPS signature updates - http://blogs.cisco.com/security/openssl-heartbleed-vulnerability-cve-2014-0160-cisco-products-and-mitigations/
Cisco - http://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Citrix - http://support.citrix.com/article/CTX140605
Debian - http://www.debian.org/security/2014/dsa-2896
F5 - http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
F5 - https://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160#.U0VzBMdEjKR
Fortinet - http://www.fortiguard.com/advisory/FG-IR-14-011/
IBM Endpoint - https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910/entry/security_bulletin_ibm_endpoint_manager_9_1_1065_openssl_tls_heartbeat_read_overrun_vulnerability?lang=en
Juniper - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623&cat=SIRT_1&actp=LIST&showDraft=false
McAfee Stonesoft - https://update.stonesoft.com/releases/575-5211-RLNT.html
Novell - http://support.novell.com/security/cve/CVE-2014-0160.html
PaloAlto - Signatures released via Content release 429-2164 + CVE-2014-0160 (update via threat prevention subscription)
RedHat - https://access.redhat.com/security/cve/CVE-2014-0160   e https://rhn.redhat.com/errata/RHSA-2014-0376.html
Riverbed - https://supportkb.riverbed.com/support/index?page=content&id=S23635
Sophos - http://blogs.sophos.com/2014/04/08/important-note-openssl-vulnerability-cve-2014-0160-in-sophos-utm/
Ubuntu - http://www.ubuntu.com/usn/usn-2165-1/
VMWare - http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225

Scanners de Vulnerabilidade para detecção
Beyond Trust - http://blog.beyondtrust.com/heartbleed-when-openssl-breaks-your-heart            
Rapid7 - https://community.rapid7.com/community/infosec/blog/2014/04/08/gaping-ssl-my-heartbleeds
Qualys - http://investor.qualys.com/releasedetail.cfm?ReleaseID=839015


às
Marcadores:

Nenhum comentário:

Postar um comentário