OpenSSL heartbleed CVE-2014-0160

heartbleed LogoOn 04/07/2014 CVE-2014-0160 Was published in the national vulnerability database.  On 04/8/2014 at approximately 8:30AM the SWAMP Infrastructure Manager, Daniel Creed, became aware of this new CVE.  Upon notification the SWAMP Infrastructure team assembled and began assessment of which servers in the SWAMP infrastructure had a version of openssl installed that is vulnerable to this exploit.   At 10:38 a complete inventory of all machines SSL versions was completed, in which 28 servers were identified within the SWAMP infrastructure that had vulnerable versions of openssl running on them.  At that point, the SWAMP Infrastructure team was directed to patch all vulnerable servers, generate new SSL keys, and to order new SSL certificates with those new keys.  At 12:03PM all servers were reported to the Infrastructure Manager as being patched, in which the Infrastructure Manager then connected to each system and verified that they had been patched.  This work was completed by 1:23PM CST 4/8/2014. 

For more information please contact me at dcreed@continuousassurance.org, or see http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160&cid=4 for specific information about this vulnerability.

Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s