心脏滴血(CVE-2014-0160)检测与防御
用Nmap检测
nmap -sV --script=ssl-heartbleed [your ip] -p 443
有心脏滴血漏洞的报告:
➜ ~ nmap -sV --script=ssl-heartbleed 111.X.X.53 -p 443
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-22 12:10 CST
Nmap scan report for 111.X.X.53
Host is up (0.040s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/http nginx
| ssl-heartbleed:
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|
| References:
| http://www.openssl.org/news/secadv_20140407.txt
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
|_ http://cvedetails.com/cve/2014-0160/
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.26 seconds
没有心脏滴血漏洞的报告:
➜ ~ nmap -sV --script=ssl-heartbleed 39.156.69.79 -p 443
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-13 07:59 CST
Nmap scan report for 39.156.69.79
Host is up (0.0091s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/http Baidu Front End httpd 1.0.8.18
|_http-server-header: bfe/1.0.8.18
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 37.99 seconds
修复建议
- 若发现出现漏洞的服务器,立刻下线,避免其继续暴露敏感信息。
- 停止旧版本的SSL服务,升级新版SSL服务。
版权声明:本文为mysticbinary原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。