Re: OpenSSL Heartbleed bug, Apache still vulnerable?

To: debian-user@lists.debian.org
Subject: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
From: Reco <recoverym4n@gmail.com>
Date: Tue, 8 Apr 2014 18:56:31 +0400
Message-id: <[🔎] 20140408145629.GB22048@x101h>
In-reply-to: <[🔎] 20140408144912.GA21675@well-adjusted.de>
References: <[🔎] 20140408144912.GA21675@well-adjusted.de>

Hi.

On Tue, Apr 08, 2014 at 04:49:13PM +0200, Jochen Spieker wrote:

> Am I doing anything wrong? Is the testing tool broken? I also tried the
> one at https://gist.github.com/takeshixx/10107280 which confirms there
> is still a problem on port 443 (HTTPS served by Apache).

No, chances are, you're using the tool correctly.
I'm using this [1] to test servers for this vulnerability (as I can't
force myself to install Go), and your server shows as vulnerable.

[1] http://pastebin.com/WmxzjkXJ

Reco

Reply to:

Follow-Ups:
- Re: OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>

References:
- OpenSSL Heartbleed bug, Apache still vulnerable?
  - From: Jochen Spieker <ml@well-adjusted.de>

Prev by Date: Re: vesa mode code?
Next by Date: Re: vesa mode code?
Previous by thread: OpenSSL Heartbleed bug, Apache still vulnerable?
Next by thread: Re: OpenSSL Heartbleed bug, Apache still vulnerable?
Index(es):
- Date
- Thread