OpenSSL heartbleed CVE-2014-0160
On 04/07/2014 CVE-2014-0160 Was published in the national vulnerability database. On 04/8/2014 at approximately 8:30AM the SWAMP Infrastructure Manager, Daniel Creed, became aware of this new CVE. Upon notification the SWAMP Infrastructure team assembled and began assessment of which servers in the SWAMP infrastructure had a version of openssl installed that is vulnerable to this exploit. At 10:38 a complete inventory of all machines SSL versions was completed, in which 28 servers were identified within the SWAMP infrastructure that had vulnerable versions of openssl running on them. At that point, the SWAMP Infrastructure team was directed to patch all vulnerable servers, generate new SSL keys, and to order new SSL certificates with those new keys. At 12:03PM all servers were reported to the Infrastructure Manager as being patched, in which the Infrastructure Manager then connected to each system and verified that they had been patched. This work was completed by 1:23PM CST 4/8/2014.
For more information please contact me at email@example.com, or see http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160&cid=4 for specific information about this vulnerability.