Ukraine-Russia Global Conflict

May 7, 2014 02:00 PM


A critical vulnerability was recenty found in OpenSSL. Due to a missing bounds check in the handling of the TLS heartbeat extension, 64K of memory can be revealed to a connected client or server. Only OpenSSL versions 1.0.1-1.0.1f, 1.0.2-beta and 1.0.2- beta1 are affected.


A remote attacker can exploit the vulnerability by sending a malformed heartbeat request with a payload size bigger than the actual request; and in response, the vulnerable server would return a heartbeat response that contains a memory block of up to 64KB in the payload. This memory block may reveal potentially confidential information, including SSL certificate user passwords and more.

An attacker cannot control what memory block the server returns, but by performing multiple requests, some critical data might be leaked.

Additional Information

For additional information regarding the threat, read the full Threat Alert.

Download Now

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center