OpenSSL CVE-2014-0160 “heartbleed” online test page

Here it is, online test for the CVE-2014-0160 by Filippo Valsorda.

Test all your server ports that are in some way being served via SSL, not only the HTTPS 443 port: every service that is using OpenSSL are potentially vulnerable, not only Apache. These include 993 (POP3/SSL), 995 (POP3/SSL) or 465 (SMTP/SSL). You must test all SSL ports, even if you don’t have a valid SSL certificate (i.e. are using a self signed certificate), as the information leaked could be anything, not only private keys – use the “Advanced (might cause false results): ignore certificates” option to test if your SSL certificate is invalid. Also, don’t forget other non-standard ports, often used by control panels such as Plesk or CPanel.


Posted

in

by

Comments

One response to “OpenSSL CVE-2014-0160 “heartbleed” online test page”

  1. Karthi Avatar

    Thank you :) I could not find this in man curl

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from try {} except

Subscribe now to keep reading and get access to the full archive.

Continue reading