Signature Detail

SSL: OpenSSL TLS DTLS Heartbeat Information Disclosure (Server, Client, and STARTTLS Support)

This signature detects attempts to exploit a known flaw in OpenSSL. An information disclosure vulnerability exists in OpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. An attacker can leverage this vulnerability to disclose memory contents of a connected client or server. This signature is an alternate version to SSL:OPENSSL-TLS-DTLS-HEARTBEAT that supports both clients as well as servers, including STARTTLS connections. It is, however, extremely performance impacting and could also be false-positive prone. Its use, therefore, is not recommended in a general configuration and should only be used in specific circumstances where it is required. This is a non-Recommended, performance-impacting signature. It will not be in any predefined groups. You must add this signature, by name, manually to your policy, or create your own custom dynamic group.

References

• BugTraq: 66690
• CVE: CVE-2014-0160
• URL: http://heartbleed.com/
• URL: http://www.openssl.org/news/secadv_20140407.txt