/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsPORTLAND,USA: Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced detection for Heartbleed (CVE-2014-0160), the OpenSSL vulnerability announced on April 8, 2014, by Codenomicon and Neel Mehta, a security researcher for Google. All Tripwire vulnerability management products, including Tripwire® IP360TM, Tripwire PureCloud and Tripwire SecureScan, provide authenticated and unauthenticated checks for Heartbleed.
According to Lamar Bailey, director of Tripwire's Vulnerability and Exposure Research Team (VERT): "While the response to this vulnerability has initially focused on web servers, it is much more widespread than that. It's important that information security professionals validate multiple services and operating systems with specific vulnerability checks in order to really understand their exposure to this risk. Simple banner checks and running only authenticated tests are not comprehensive enough, particularly for something this serious."
OpenSSL is used with a variety of networking products, and many organizations will have more than one vulnerable application or operating system. While web servers are an obvious target, Heartbleed also affects File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Post Office Protocol version 3 (POP3), Extensible Messaging and Presence Protocol (XMPP), and Simple Mail Transfer Protocol (SMTP). Because Heartbleed can affect so many different applications, finding and remediating this critical vulnerability quickly across multiple machines can be a daunting task.
Tripwire SecureScan provides free vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Heartbleed in a wide variety of conditions. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.