API-Geek.com

Découverte d'une faille de sécurité extrêmement dommageable au sein le la librairie OpenSSL ... son nom : « Heartbleed »

Cette faille permet à n'importe qui d'accéder aux informations stockées sur les serveurs utilisant OpenSSL ( apache, nginx, postfix, etc ... )
Heartbleed rend donc vulnérable toute clés privées utilisées sur des serveurs web !!!
Mieux encore il n'existe aucun moyen de savoir si vos serveurs ont été victimes d'une telle attaque car Heartbleed permet aux hackers d'accéder aux serveurs sans laisser la moindre trace ...

Le bug est apparu avec OpenSSL 1.0.1 en mars 2012 ... cela fait donc maintenant 2 ans que tous les login / mot de passe ont potentiellement été victimes dune attaque "Man In The Middle". Ces informations ont donc pu être récupérée pas un hacker ce qui lui permet d'avoir accès sans le moindre soucis aux serveurs, comptes utilisateurs etc ...
Je vous laisse imaginer l'ampleur de la situation ...

Mon Conseil Sécurité

pour tous :

- attendez les infos de mise a jours sur les différents sites que vous utilisez
- des que tout sera remis en ordre changez tout vos login / mot de passe

« Si vous avez besoin d’anonymat et de vie privée sur Internet, vous feriez mieux de rester loin du Net dans son ensemble pendant les prochains jours, le temps que les choses s’arrangent. »

pour ceux ayant des serveurs :

- mettez a jours vos OS si il font partie des OS vulnérables
- renouvelez tout vos certificats avec de nouvelles clef privées
- faite une RÉVOCATION IMMÉDIATE de vos anciens certificats
- changez tout vos login / mot de passe

---

Versions vulnérable d'OpenSSL

OpenSSL versions 1.0.1 à 1.0.1f (incluse) sont vulnérables
OpenSSL 1.0.1g n'est PAS vulnérable
OpenSSL 1.0.0 n'est PAS vulnérable
OpenSSL 0.9.8 n'est PAS vulnérable

OS susceptibles d'utiliser une version vulnérable d'OpenSSL!

Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4
OpenBSD 5.3 (OpenSSL 1.0.1c 10 Mai 2012) et 5.4 (OpenSSL 1.0.1c 10 Mai 2012)
FreeBSD 10.0 (OpenSSL 1.0.1e 11 Fév 2013)
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)
Red Hat Enterprise Linux 6.5, Red Hat Enterprise Virtualization Hypervisor 6.5 et Red Hat Storage 2.1 (OpenSSL 1.0.1e)

OS non impactés

Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
SUSE Linux Enterprise Server
FreeBSD 8.4 (OpenSSL 0.9.8y 5 Fév 2013)
FreeBSD 9.2 (OpenSSL 0.9.8y 5 Fév 2013)
FreeBSD Ports (OpenSSL 1.0.1g -> le 7 Avr 21:46:40 2014 UTC)

Je reviens un peu sur cette faille mais cette fois ci pour les possesseurs de NAS ... il sont bien entendu pour la plupart eux aussi vulnérable a Heartbleed

Synology viens de publier la mise a jour 5.0-4458 Update 2 ...

- mettez immédiatement a jour votre NAS avec cette version de DSM publiée aujourd'hui qui corrige le faille de sécurité Heartbleed
- renouvelez tout vos certificats avec de nouvelles clef privées
- faite une RÉVOCATION IMMÉDIATE de vos anciens certificats
- changez immédiatement tout vos login / mot de passe etc

---

Version: 5.0-4458 Update 2

(2014/04/10)
Change Log

Fixed a critical security issue of OpenSSL (heartbleed) to prevent secret keys from being compromised. (CVE-2014-0160)
Enhanced the reliability of moving shared folders to different volumes.
Fixed a security issue causing encrypted shared folders to be mounted automatically after resetting the admin's password by pressing the reset button.
Fixed an issue causing system services and applications to possibly stop working.
Fixed an issue causing files indexing in Media Library to possibly stop working.
Fixed an issue preventing users from logging into FTP service when Personal Website was enabled and the homes shared folder was located on an ext3 volume.
Fixed an issue causing hard drives to not hibernate when SSD read-write cache was enabled.

bon histoire d’être certain que vous y avez pensé ... openpli4 est bien entendu aussi vulnérable a Heartbleed !!
et je pense pas qui ai d'update donc ne l'utilisez pas tant que ce n'est pas certain qu'un mise a jour soit faite pour corriger la faille

voici une liste non exhaustive basée sur le top 10000 alexa des sites les plus connu qui était tjs vulnérable a la faille après de sa divulgation publique ... et ou il faudra changer ses mot de passe quand tt sera corrigé

sinon pour tester vos serveurs ou ceux des sites que vous utilisez vous pouvez aller ici
http://filippo.io/Heartbleed/

test effectué le 8 Avril, 16:00 UTC

Code: Tout sélectionner

Testing yahoo.com... vulnerable.
Testing imgur.com... vulnerable.
Testing stackoverflow.com... vulnerable.
Testing kickass.to... vulnerable.
Testing flickr.com... vulnerable.
Testing sogou.com... vulnerable.
Testing adf.ly... vulnerable.
Testing outbrain.com... vulnerable.
Testing archive.org... vulnerable.
Testing addthis.com... vulnerable.
Testing stackexchange.com... vulnerable.
Testing popads.net... vulnerable.
Testing php.net... vulnerable.
Testing avito.ru... vulnerable.
Testing kaskus.co.id... vulnerable.
Testing web.de... vulnerable.
Testing chaturbate.com... vulnerable.
Testing zeobit.com... vulnerable.
Testing beeg.com... vulnerable.
Testing seznam.cz... vulnerable.
Testing okcupid.com... vulnerable.
Testing pch.com... vulnerable.
Testing xda-developers.com... vulnerable.
Testing steamcommunity.com... vulnerable.
Testing scoop.it... vulnerable.
Testing hidemyass.com... vulnerable.
Testing 123rf.com... vulnerable.
Testing m-w.com... vulnerable.
Testing dreamstime.com... vulnerable.
Testing majesticseo.com... vulnerable.
Testing amung.us... vulnerable.
Testing duckduckgo.com... vulnerable.
Testing leo.org... vulnerable.
Testing eventbrite.com... vulnerable.
Testing wetransfer.com... vulnerable.
Testing sh.st... vulnerable.
Testing entrepreneur.com... vulnerable.
Testing zoho.com... vulnerable.
Testing yts.re... vulnerable.
Testing usmagazine.com... vulnerable.
Testing letitbit.net... vulnerable.
Testing fool.com... vulnerable.
Testing digitalpoint.com... vulnerable.
Testing picmonkey.com... vulnerable.
Testing petflow.com... vulnerable.
Testing squidoo.com... vulnerable.
Testing avazutracking.net... vulnerable.
Testing elegantthemes.com... vulnerable.
Testing 500px.com... vulnerable.
Testing wpmudev.org... vulnerable.
Testing junbi-tracker.com... vulnerable.
Testing gogetlinks.net... vulnerable.
Testing freelotto.com... vulnerable.
Testing cheezburger.com... vulnerable.
Testing weather.gov... vulnerable.
Testing zergnet.com... vulnerable.
Testing city-data.com... vulnerable.
Testing mail.com... vulnerable.
Testing bab.la... vulnerable.
Testing internettrafficformula.com... vulnerable.
Testing startimes.com... vulnerable.
Testing homeshop18.com... vulnerable.
Testing rollingstone.com... vulnerable.
Testing smi2.ru... vulnerable.
Testing gogvo.com... vulnerable.
Testing indiegogo.com... vulnerable.
Testing livetv.sx... vulnerable.
Testing infowars.com... vulnerable.
Testing zap2it.com... vulnerable.
Testing breitbart.com... vulnerable.
Testing fatwallet.com... vulnerable.
Testing internetdownloadmanager.com... vulnerable.
Testing yjc.ir... vulnerable.
Testing chess.com... vulnerable.
Testing doodle.com... vulnerable.
Testing sendspace.com... vulnerable.
Testing similarweb.com... vulnerable.
Testing inc.com... vulnerable.
Testing bomnegocio.com... vulnerable.
Testing studiopress.com... vulnerable.
Testing privatbank.ua... vulnerable.
Testing juicyads.com... vulnerable.
Testing theatlantic.com... vulnerable.
Testing chefkoch.de... vulnerable.
Testing mirtesen.ru... vulnerable.
Testing clickey.com... vulnerable.
Testing letras.mus.br... vulnerable.
Testing tusfiles.net... vulnerable.
Testing reverbnation.com... vulnerable.
Testing digitaltrends.com... vulnerable.
Testing searchenginejournal.com... vulnerable.
Testing torcache.net... vulnerable.
Testing yify-torrents.com... vulnerable.
Testing championat.com... vulnerable.
Testing arstechnica.com... vulnerable.
Testing sme.sk... vulnerable.
Testing zomato.com... vulnerable.
Testing economist.com... vulnerable.
Testing slimspots.com... vulnerable.
Testing jasmin.com... vulnerable.
Testing lonelyplanet.com... vulnerable.
Testing unity3d.com... vulnerable.
Testing androidcentral.com... vulnerable.
Testing wanggou.com... vulnerable.
Testing tubegalore.com... vulnerable.
Testing gi-akademie.com... vulnerable.
Testing rarbg.com... vulnerable.
Testing prezentacya.ru... vulnerable.
Testing watchtower.com... vulnerable.
Testing xxxbunker.com... vulnerable.
Testing kaspersky.com... vulnerable.
Testing adxcore.com... vulnerable.
Testing depositfiles.com... vulnerable.
Testing xtool.ru... vulnerable.
Testing rantlifestyle.com... vulnerable.
Testing xml-sitemaps.com... vulnerable.
Testing banglanews24.com... vulnerable.
Testing worldoftanks.ru... vulnerable.
Testing webpagetest.org... vulnerable.
Testing rapidshare.com... vulnerable.
Testing funnie.st... vulnerable.
Testing vipzona.info... vulnerable.
Testing bizrate.com... vulnerable.
Testing creativecommons.org... vulnerable.
Testing izlesene.com... vulnerable.
Testing therichest.com... vulnerable.
Testing dailycaller.com... vulnerable.
Testing newsnow.co.uk... vulnerable.
Testing webutations.org... vulnerable.
Testing srclick.ru... vulnerable.
Testing tokopedia.com... vulnerable.
Testing minus.com... vulnerable.
Testing cyberciti.biz... vulnerable.
Testing tune.pk... vulnerable.
Testing filmaffinity.com... vulnerable.
Testing skrill.com... vulnerable.
Testing paipai.com... vulnerable.
Testing oschina.net... vulnerable.
Testing fitbit.com... vulnerable.
Testing myanimelist.net... vulnerable.
Testing bidorbuy.co.za... vulnerable.
Testing rantsports.com... vulnerable.
Testing wikispaces.com... vulnerable.
Testing worldoftanks.eu... vulnerable.
Testing cdn4711.net... vulnerable.
Testing hotukdeals.com... vulnerable.
Testing zovi.com... vulnerable.
Testing dfiles.ru... vulnerable.
Testing zone-telechargement.com... vulnerable.
Testing drugs.com... vulnerable.
Testing mediatemple.net... vulnerable.
Testing xmarks.com... vulnerable.
Testing rozetka.com.ua... vulnerable.
Testing appannie.com... vulnerable.
Testing thestreet.com... vulnerable.
Testing arvixe.com... vulnerable.
Testing transfermarkt.de... vulnerable.
Testing worldoftanks.com... vulnerable.
Testing affiliatewindow.com... vulnerable.
Testing bigpoint.com... vulnerable.
Testing zdf.de... vulnerable.
Testing profitcentr.com... vulnerable.
Testing mydealz.de... vulnerable.
Testing ssisurveys.com... vulnerable.
Testing toshiba.com... vulnerable.
Testing indowebster.com... vulnerable.
Testing dsdomination.com... vulnerable.
Testing utorrent.com... vulnerable.
Testing nosub.tv... vulnerable.
Testing filelist.ro... vulnerable.
Testing gazzetta.gr... vulnerable.
Testing medium.com... vulnerable.
Testing imperiaonline.org... vulnerable.
Testing vic.gov.au... vulnerable.
Testing creditkarma.com... vulnerable.
Testing online-convert.com... vulnerable.
Testing myegy.to... vulnerable.
Testing searchfunmoods.com... vulnerable.
Testing fark.com... vulnerable.
Testing scamadviser.com... vulnerable.
Testing bizdec.ru... vulnerable.
Testing bannersbroker.com... vulnerable.
Testing joomlart.com... vulnerable.
Testing webinarjam.net... vulnerable.
Testing pornyaz.com... vulnerable.
Testing unetenet.com... vulnerable.
Testing joyreactor.cc... vulnerable.
Testing globallshare.com... vulnerable.
Testing tuniu.com... vulnerable.
Testing csfd.cz... vulnerable.
Testing uservoice.com... vulnerable.
Testing trafficfactory.biz... vulnerable.
Testing barclaycardus.com... vulnerable.
Testing mci.ir... vulnerable.
Testing noulinx.com... vulnerable.
Testing ingbank.pl... vulnerable.
Testing gonzoxxxmovies.com... vulnerable.
Testing cabelas.com... vulnerable.
Testing khamsat.com... vulnerable.
Testing 2gis.ru... vulnerable.
Testing fab.com... vulnerable.
Testing digitalmarketer.com... vulnerable.
Testing billionuploads.com... vulnerable.
Testing efukt.com... vulnerable.
Testing shaparak.ir... vulnerable.
Testing radiojavan.com... vulnerable.
Testing christianpost.com... vulnerable.
Testing pons.com... vulnerable.
Testing ymlp.com... vulnerable.
Testing btcclicks.com... vulnerable.
Testing mythemeshop.com... vulnerable.
Testing seo-fast.ru... vulnerable.
Testing mojo-themes.com... vulnerable.
Testing draugiem.lv... vulnerable.
Testing final.ir... vulnerable.
Testing madmimi.com... vulnerable.
Testing sinaapp.com... vulnerable.
Testing ptcsolution.com... vulnerable.
Testing bytes.com... vulnerable.
Testing attracta.com... vulnerable.
Testing dek-d.com... vulnerable.
Testing dfiles.eu... vulnerable.
Testing graphicstock.com... vulnerable.
Testing europe1.fr... vulnerable.
Testing fineartamerica.com... vulnerable.
Testing text.ru... vulnerable.
Testing dastelefonbuch.de... vulnerable.
Testing enter.ru... vulnerable.
Testing awempire.com... vulnerable.
Testing docnhat.net... vulnerable.
Testing megaindex.ru... vulnerable.
Testing ucla.edu... vulnerable.
Testing wisegeek.com... vulnerable.
Testing flightaware.com... vulnerable.
Testing peerfly.com... vulnerable.
Testing wistia.com... vulnerable.
Testing extremetracking.com... vulnerable.
Testing ghatreh.com... vulnerable.
Testing depositfiles.org... vulnerable.
Testing palcomp3.com... vulnerable.
Testing uiuc.edu... vulnerable.
Testing fancy.com... vulnerable.
Testing tagesanzeiger.ch... vulnerable.
Testing dynadot.com... vulnerable.
Testing soup.io... vulnerable.
Testing ip138.com... vulnerable.
Testing jumia.com.ng... vulnerable.
Testing worthofweb.com... vulnerable.
Testing adage.com... vulnerable.
Testing talktalk.co.uk... vulnerable.
Testing playcast.ru... vulnerable.
Testing congratulations-you-won.com... vulnerable.
Testing ge.tt... vulnerable.
Testing informador.com.mx... vulnerable.
Testing hammihan.com... vulnerable.
Testing onedio.com... vulnerable.
Testing olx.co.th... vulnerable.
Testing gi-backoffice.com... vulnerable.
Testing gorillavid.in... vulnerable.
Testing talkingpointsmemo.com... vulnerable.
Testing 518.com.tw... vulnerable.
Testing fast-torrent.ru... vulnerable.
Testing animoto.com... vulnerable.
Testing webinarjam.com... vulnerable.
Testing arioo.com... vulnerable.
Testing gogoanime.com... vulnerable.
Testing mojomarketplace.com... vulnerable.
Testing nanapi.jp... vulnerable.
Testing bahseazad.ir... vulnerable.
Testing serpbook.com... vulnerable.
Testing libsyn.com... vulnerable.
Testing playxn.com... vulnerable.
Testing classifiedads.com... vulnerable.
Testing myus.com... vulnerable.
Testing q.gs... vulnerable.
Testing lijit.com... vulnerable.
Testing joxi.ru... vulnerable.
Testing vbox7.com... vulnerable.
Testing ocj.com.cn... vulnerable.
Testing giga.de... vulnerable.
Testing tomoson.com... vulnerable.
Testing alkislarlayasiyorum.com... vulnerable.
Testing overclock.net... vulnerable.
Testing domainnamesales.com... vulnerable.
Testing appthemes.com... vulnerable.
Testing katestube.com... vulnerable.
Testing lupoporno.com... vulnerable.
Testing windguru.cz... vulnerable.
Testing designmodo.com... vulnerable.
Testing berlin.de... vulnerable.
Testing lifo.gr... vulnerable.
Testing diepresse.com... vulnerable.
Testing postjoint.com... vulnerable.
Testing bittorrent.com... vulnerable.
Testing worldoftanks.asia... vulnerable.
Testing okitspace.com... vulnerable.
Testing sparkasse.at... vulnerable.
Testing nascar.com... vulnerable.
Testing slate.fr... vulnerable.
Testing njuskalo.hr... vulnerable.
Testing astro.com... vulnerable.
Testing lavozdegalicia.es... vulnerable.
Testing androidpolice.com... vulnerable.
Testing longtailvideo.com... vulnerable.
Testing webbirga.net... vulnerable.
Testing idwebgame.com... vulnerable.
Testing gfan.com... vulnerable.
Testing webempresa.com... vulnerable.
Testing bibsonomy.org... vulnerable.
Testing wenyard.com... vulnerable.
Testing readwrite.com... vulnerable.
Testing vmoptions.com... vulnerable.
Testing wowkeren.com... vulnerable.
Testing ay.gy... vulnerable.
Testing ibtimes.co.in... vulnerable.
Testing ss.lv... vulnerable.
Testing coinmill.com... vulnerable.
Testing memecenter.com... vulnerable.
Testing dhnet.be... vulnerable.
Testing ifttt.com... vulnerable.
Testing songmeanings.com... vulnerable.
Testing kicktipp.de... vulnerable.
Testing graphixshare.com... vulnerable.
Testing jango.com... vulnerable.
Testing zoomit.ir... vulnerable.
Testing userscripts.org... vulnerable.
Testing uyan.cc... vulnerable.
Testing down1oads.com... vulnerable.
Testing full-stream.net... vulnerable.
Testing 1001freefonts.com... vulnerable.
Testing hotnews.ro... vulnerable.
Testing mightydeals.com... vulnerable.
Testing zimbra.free.fr... vulnerable.
Testing apktops.ir... vulnerable.
Testing selfhtml.org... vulnerable.
Testing shopzilla.com... vulnerable.
Testing dha.com.tr... vulnerable.
Testing copy.com... vulnerable.
Testing coderanch.com... vulnerable.
Testing darty.com... vulnerable.
Testing 24tv.ua... vulnerable.
Testing smashwords.com... vulnerable.
Testing castorama.fr... vulnerable.
Testing solidtrustpay.com... vulnerable.
Testing yatedo.com... vulnerable.
Testing neurs.com... vulnerable.
Testing mdir.ir... vulnerable.
Testing thewire.com... vulnerable.
Testing futbol24.com... vulnerable.
Testing keek.com... vulnerable.
Testing elitetorrent.net... vulnerable.
Testing ecosia.org... vulnerable.
Testing j.gs... vulnerable.
Testing jonloomer.com... vulnerable.
Testing deseretnews.com... vulnerable.
Testing spinding.com... vulnerable.
Testing theme123.net... vulnerable.
Testing biography.com... vulnerable.
Testing check24.de... vulnerable.
Testing cplusplus.com... vulnerable.
Testing safecart.com... vulnerable.
Testing healthkart.com... vulnerable.
Testing baskino.com... vulnerable.
Testing cifraclub.com.br... vulnerable.
Testing exactseek.com... vulnerable.
Testing expatriates.com... vulnerable.
Testing saharareporters.com... vulnerable.
Testing feebbo.com... vulnerable.
Testing adshostnet.com... vulnerable.
Testing webartex.ru... vulnerable.
Testing pond5.com... vulnerable.
Testing wpml.org... vulnerable.
Testing dl-protect.com... vulnerable.
Testing seocentro.com... vulnerable.
Testing flexmls.com... vulnerable.
Testing a2hosting.com... vulnerable.
Testing gov.cl... vulnerable.
Testing savenkeep.com... vulnerable.
Testing internetlifestylenetwork.com... vulnerable.
Testing uploadbaz.com... vulnerable.
Testing optimizepress.com... vulnerable.
Testing mttbsystem.com... vulnerable.
Testing pulptastic.com... vulnerable.
Testing theme.co... vulnerable.
Testing swansonvitamins.com... vulnerable.
Testing afterbuy.de... vulnerable.
Testing zorpia.com... vulnerable.
Testing 1c-bitrix.ru... vulnerable.
Testing holidaylettings.co.uk... vulnerable.
Testing premiere.fr... vulnerable.
Testing socialadr.com... vulnerable.
Testing sixrevisions.com... vulnerable.
Testing hypovereinsbank.de... vulnerable.
Testing themefuse.com... vulnerable.
Testing roodo.com... vulnerable.
Testing cbr.ru... vulnerable.
Testing marunadanmalayali.com... vulnerable.
Testing jquery4u.com... vulnerable.
Testing powtoon.com... vulnerable.
Testing ubersuggest.org... vulnerable.
Testing markethealth.com... vulnerable.
Testing freelogoservices.com... vulnerable.
Testing readthedocs.org... vulnerable.
Testing mandrillapp.com... vulnerable.
Testing pixeden.com... vulnerable.
Testing nukistream.com... vulnerable.
Testing tractionize.com... vulnerable.
Testing avito.ma... vulnerable.
Testing 101domain.com... vulnerable.
Testing sinemalar.com... vulnerable.
Testing weathernews.jp... vulnerable.
Testing nasgo.net... vulnerable.
Testing luxup.ru... vulnerable.
Testing wasanga.com... vulnerable.
Testing realself.com... vulnerable.
Testing matadornetwork.com... vulnerable.
Testing ee.co.uk... vulnerable.
Testing lovoo.net... vulnerable.
Testing paperblog.com... vulnerable.
Testing technobuffalo.com... vulnerable.
Testing zoom.com.br... vulnerable.
Testing bimlatino.com... vulnerable.
Testing dramafever.com... vulnerable.
Testing xojane.com... vulnerable.
Testing azhibo.com... vulnerable.
Testing edgecastcdn.net... vulnerable.
Testing duke.edu... vulnerable.
Testing mobilelikez.com... vulnerable.
Testing cooperativa.cl... vulnerable.
Testing asiatech.ir... vulnerable.
Testing phpnuke.org... vulnerable.
Testing avsforum.com... vulnerable.
Testing 99wed.com... vulnerable.
Testing wine-searcher.com... vulnerable.
Testing cyberchimps.com... vulnerable.
Testing umd.edu... vulnerable.
Testing t24.com.tr... vulnerable.
Testing imgsrc.ru... vulnerable.
Testing farnell.com... vulnerable.
Testing phpbb.com... vulnerable.
Testing fermasosedi.ru... vulnerable.
Testing smartinsights.com... vulnerable.
Testing pik.ba... vulnerable.
Testing qq163.com... vulnerable.
Testing pciconcursos.com.br... vulnerable.
Testing hsoub.com... vulnerable.
Testing sixfigurefunnelformula.com... vulnerable.
Testing kingworldnews.com... vulnerable.
Testing heritage.org... vulnerable.
Testing quidco.com... vulnerable.
Testing mediapost.com... vulnerable.
Testing watchcric.com... vulnerable.
Testing vodafone.co.uk... vulnerable.
Testing viki.com... vulnerable.
Testing bplans.com... vulnerable.
Testing all-union.com... vulnerable.
Testing clickprime8.com... vulnerable.
Testing competitor.com... vulnerable.
Testing beliefnet.com... vulnerable.
Testing pingler.com... vulnerable.
Testing worthytoshare.com... vulnerable.
Testing millenium.org... vulnerable.
Testing encuentra24.com... vulnerable.
Testing skimlinks.com... vulnerable.
Testing mubasher.info... vulnerable.
Testing marksdailyapple.com... vulnerable.
Testing buenosaires.gob.ar... vulnerable.
Testing gelbeseiten.de... vulnerable.
Testing lalibre.be... vulnerable.
Testing mobikwik.com... vulnerable.
Testing affilorama.com... vulnerable.
Testing appcelerator.com... vulnerable.
Testing invisionpower.com... vulnerable.
Testing tz4.com... vulnerable.
Testing favstar.fm... vulnerable.
Testing zenhabits.net... vulnerable.
Testing customink.com... vulnerable.
Testing templateism.com... vulnerable.
Testing getsatisfaction.com... vulnerable.
Testing rosnet.ru... vulnerable.
Testing digitalriver.com... vulnerable.
Testing joomlashine.com... vulnerable.
Testing fide.com... vulnerable.
Testing lyricsmode.com... vulnerable.
Testing trovit.it... vulnerable.
Testing socialfabric.us... vulnerable.
Testing rcgroups.com... vulnerable.
Testing directadmin.com... vulnerable.
Testing hrsmart.com... vulnerable.
Testing eprize.com... vulnerable.
Testing qoinpro.com... vulnerable.
Testing path.com... vulnerable.
Testing mobeoffice.com... vulnerable.
Testing taz.de... vulnerable.
Testing authorityroi.com... vulnerable.
Testing jqueryscript.net... vulnerable.
Testing wakeupnow.com... vulnerable.
Testing abakus-internet-marketing.de... vulnerable.
Testing cinepolis.com... vulnerable.
Testing dlisted.com... vulnerable.
Testing joomlaportal.de... vulnerable.
Testing ncsu.edu... vulnerable.
Testing imasters.com.br... vulnerable.
Testing adworkmedia.com... vulnerable.
Testing entropay.com... vulnerable.
Testing unionpaysecure.com... vulnerable.
Testing maxpark.com... vulnerable.
Testing popupads.ir... vulnerable.
Testing getrichradio.com... vulnerable.
Testing proranktracker.com... vulnerable.
Testing androidpit.com... vulnerable.
Testing polki.pl... vulnerable.
Testing ip2location.com... vulnerable.
Testing radiko.jp... vulnerable.
Testing wisegeek.org... vulnerable.
Testing trovit.com... vulnerable.
Testing jobisjob.co.in... vulnerable.
Testing quondos.com... vulnerable.
Testing softportal.com... vulnerable.
Testing nationaljournal.com... vulnerable.
Testing ebesucher.de... vulnerable.
Testing zive.cz... vulnerable.
Testing neurs.net... vulnerable.
Testing telewebion.com... vulnerable.
Testing performancehorizon.com... vulnerable.
Testing springpad.com... vulnerable.
Testing theync.com... vulnerable.
Testing mg.gov.br... vulnerable.
Testing globus-inter.com... vulnerable.
Testing osclass.org... vulnerable.
Testing cpasuperaffiliate.com... vulnerable.
Testing naukrigulf.com... vulnerable.
Testing trovit.com.mx... vulnerable.
Testing eventbrite.co.uk... vulnerable.
Testing paris.fr... vulnerable.
Testing kenrockwell.com... vulnerable.
Testing zagat.com... vulnerable.
Testing 444.hu... vulnerable.
Testing barchart.com... vulnerable.
Testing edlen24.com... vulnerable.
Testing peixeurbano.com.br... vulnerable.
Testing flamingtext.com... vulnerable.
Testing speedyshare.com... vulnerable.
Testing seratnews.ir... vulnerable.
Testing bizpowa.com... vulnerable.
Testing grasscity.com... vulnerable.
Testing downloadab.com... vulnerable.
Testing sportdog.gr... vulnerable.
Testing programmableweb.com... vulnerable.
Testing fontpalace.com... vulnerable.
Testing head-fi.org... vulnerable.
Testing bitterstrawberry.com... vulnerable.
Testing responsinator.com... vulnerable.
Testing cuisineaz.com... vulnerable.
Testing work.ua... vulnerable.
Testing utsandiego.com... vulnerable.
Testing foozine.com... vulnerable.
Testing androidpit.de... vulnerable.
Testing invisionzone.com... vulnerable.
Testing top.de... vulnerable.
Testing rememberthemilk.com... vulnerable.
Testing infogr.am... vulnerable.
Testing blizko.ru... vulnerable.
Testing elle.fr... vulnerable.
Testing aremo.com.br... vulnerable.
Testing static.squarespace.com... vulnerable.
Testing fotki.com... vulnerable.
Testing datropy.com... vulnerable.
Testing adscendmedia.com... vulnerable.
Testing spartoo.com... vulnerable.
Testing wordcounter.net... vulnerable.
Testing example.com... vulnerable.
Testing turkcealtyazi.org... vulnerable.
Testing worthytoshare.net... vulnerable.
Testing ideeli.com... vulnerable.
Testing trthaber.com... vulnerable.
Testing romedic.ro... vulnerable.
Testing vudu.com... vulnerable.
Testing aplus.com... vulnerable.
Testing lavozdelmuro.com... vulnerable.
Testing citruspay.com... vulnerable.
Testing optimizehub.com... vulnerable.
Testing hobo-web.co.uk... vulnerable.
Testing dailybasis.com... vulnerable.
Testing sports.fr... vulnerable.
Testing dressupgamesite.com... vulnerable.
Testing smartbrief.com... vulnerable.
Testing scoopwhoop.com... vulnerable.
Testing dev7studios.com... vulnerable.
Testing longurl.it... vulnerable.
Testing privatbank.ru... vulnerable.
Testing wannonce.com... vulnerable.
Testing topnews.ru... vulnerable.
Testing 55188.com... vulnerable.
Testing cinepolis.com.mx... vulnerable.
Testing gorilla-evolution.com... vulnerable.
Testing keyandway.com... vulnerable.
Testing perfectworld.eu... vulnerable.
Testing shopware.de... vulnerable.
Testing kyivpost.com... vulnerable.
Testing bavotasan.com... vulnerable.
Testing gnetwork.biz... vulnerable.
Testing farsisubtitle.com... vulnerable.
Testing kat.ph... vulnerable.
Testing vocabulary.com... vulnerable.
Testing daveramsey.com... vulnerable.
Testing mumsnet.com... vulnerable.
Testing alfajertv.com... vulnerable.
Testing gordonua.com... vulnerable.
Testing friendorfollow.com... vulnerable.
Testing peeplo.com... vulnerable.
Testing free-ebooks.net... vulnerable.
Testing adslzone.net... vulnerable.
Testing adultbay.org... vulnerable.
Testing softcoin.com... vulnerable.
Testing trovit.es... vulnerable.
Testing evsuite.com... vulnerable.
Testing waseet.net... vulnerable.
Testing sudaneseonline.com... vulnerable.
Testing mobypicture.com... vulnerable.
Testing pinkbike.com... vulnerable.
Testing fizzle.co... vulnerable.
Testing telly.com... vulnerable.
Testing blip.tv... vulnerable.
Testing basketball-reference.com... vulnerable.
Testing resellerratings.com... vulnerable.
Testing quirktools.com... vulnerable.
Testing afrihost.com... vulnerable.
Testing 18qt.com... vulnerable.
Testing winscp.net... vulnerable.

tjs vulnérable pour le moment

Code: Tout sélectionner

Testing suning.com... vulnerable.
Testing gogvo.com... vulnerable.
Testing studiopress.com... vulnerable.
Testing juicyads.com... vulnerable.
Testing championat.com... vulnerable.
Testing tradus.com... vulnerable.
Testing gi-akademie.com... vulnerable.
Testing prezentacya.ru... vulnerable.
Testing watchtower.com... vulnerable.
Testing banglanews24.com... vulnerable.
Testing cdn4711.net... vulnerable.
Testing transfermarkt.de... vulnerable.
Testing profitcentr.com... vulnerable.
Testing gazzetta.gr... vulnerable.
Testing myegy.to... vulnerable.
Testing scamadviser.com... vulnerable.
Testing noulinx.com... vulnerable.
Testing final.ir... vulnerable.
Testing haodf.com... vulnerable.
Testing text.ru... vulnerable.
Testing docnhat.net... vulnerable.
Testing wisegeek.com... vulnerable.
Testing gi-backoffice.com... vulnerable.
Testing gorillavid.in... vulnerable.
Testing arioo.com... vulnerable.
Testing gogoanime.com... vulnerable.
Testing playxn.com... vulnerable.
Testing joxi.ru... vulnerable.
Testing tomoson.com... vulnerable.
Testing djelfa.info... vulnerable.
Testing postjoint.com... vulnerable.
Testing okitspace.com... vulnerable.
Testing webbirga.net... vulnerable.
Testing idwebgame.com... vulnerable.
Testing graphixshare.com... vulnerable.
Testing down1oads.com... vulnerable.
Testing yatedo.com... vulnerable.
Testing neurs.com... vulnerable.
Testing mdir.ir... vulnerable.
Testing ecosia.org... vulnerable.
Testing spinding.com... vulnerable.
Testing healthkart.com... vulnerable.
Testing expatriates.com... vulnerable.
Testing seocentro.com... vulnerable.
Testing internetlifestylenetwork.com... vulnerable.
Testing uploadbaz.com... vulnerable.
Testing pulptastic.com... vulnerable.
Testing theme.co... vulnerable.
Testing themefuse.com... vulnerable.
Testing marunadanmalayali.com... vulnerable.
Testing laiguana.tv... vulnerable.
Testing jquery4u.com... vulnerable.
Testing nukistream.com... vulnerable.
Testing tractionize.com... vulnerable.
Testing luxup.ru... vulnerable.
Testing paperblog.com... vulnerable.
Testing asiatech.ir... vulnerable.
Testing t24.com.tr... vulnerable.
Testing farnell.com... vulnerable.
Testing fermasosedi.ru... vulnerable.
Testing sixfigurefunnelformula.com... vulnerable.
Testing watchcric.com... vulnerable.
Testing all-union.com... vulnerable.
Testing beliefnet.com... vulnerable.
Testing worthytoshare.com... vulnerable.
Testing tz4.com... vulnerable.
Testing fide.com... vulnerable.
Testing joomlaportal.de... vulnerable.
Testing polki.pl... vulnerable.
Testing wisegeek.org... vulnerable.
Testing neurs.net... vulnerable.
Testing telewebion.com... vulnerable.
Testing theync.com... vulnerable.
Testing mg.gov.br... vulnerable.
Testing cpasuperaffiliate.com... vulnerable.
Testing naukrigulf.com... vulnerable.
Testing edlen24.com... vulnerable.
Testing seratnews.ir... vulnerable.
Testing downloadab.com... vulnerable.
Testing sportdog.gr... vulnerable.
Testing fontpalace.com... vulnerable.
Testing anoox.com... vulnerable.
Testing foozine.com... vulnerable.
Testing aremo.com.br... vulnerable.
Testing datropy.com... vulnerable.
Testing wordcounter.net... vulnerable.
Testing turkcealtyazi.org... vulnerable.
Testing worthytoshare.net... vulnerable.
Testing lavozdelmuro.com... vulnerable.
Testing sheinside.com... vulnerable.
Testing hobo-web.co.uk... vulnerable.
Testing dressupgamesite.com... vulnerable.
Testing longurl.it... vulnerable.
Testing wannonce.com... vulnerable.
Testing 55188.com... vulnerable.
Testing perfectworld.eu... vulnerable.
Testing gnetwork.biz... vulnerable.
Testing alfajertv.com... vulnerable.
Testing gordonua.com... vulnerable.
Testing adultbay.org... vulnerable.
Testing evsuite.com... vulnerable.
Testing sudaneseonline.com... vulnerable.
Testing telly.com... vulnerable.
Testing quirktools.com... vulnerable.

et la liste des produit cisco et juniper affectés

Vulnerable Products

The following Cisco products are affected by this vulnerability:

Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488]
Cisco Desktop Collaboration Experience DX650
Cisco Unified 7800 series IP Phones
Cisco Unified 8961 IP Phone
Cisco Unified 9951 IP Phone
Cisco Unified 9971 IP Phone
Cisco IOS XE [CSCuo19730]
Cisco Unified Communications Manager (UCM) 10.0
Cisco Universal Small Cell 5000 Series running V3.4.2.x software
Cisco Universal Small Cell 7000 Series running V3.4.2.x software
Small Cell factory recovery root filesystem V2.99.4 or later
Cisco MS200X Ethernet Access Switch
Cisco Mobility Service Engine (MSE)
Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
Cisco TelePresence Conductor
Cisco TelePresence Supervisor MSE 8050
Cisco TelePresence Server 8710, 7010
Cisco TelePresence Server on Multiparty Media 310, 320
Cisco TelePresence Server on Virtual Machine
Cisco TelePresence ISDN Gateway 8321 and 3201 Series
Cisco TelePresence Serial Gateway Series
Cisco TelePresence IP Gateway Series
Cisco WebEx Meetings Server versions 2.x [CSCuo17528]
Cisco Security Manager [CSCuo19265]

Other Cisco products may be affected by this vulnerability. The list of affected products will be updated as the investigation continues.

The following Cisco hosted services are affected by this vulnerability:

No Cisco hosted services are currently known to be affected.

The following Cisco hosted services were previously identified as vulnerable and have been remediated:

Cisco Registered Envelope Service (CRES)
Cisco Webex Messenger Service
Cisco USC Invicta Series Autosupport Portal


The following Cisco products are currently under investigation:

Cisco IOS XR
Cisco Nexus 1000V Series Switches
Cisco Nexus 4000 Series Switches
Cisco Nexus 5000 Series Switches
Cisco Nexus 6000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco IPS
Cisco Webex Messenger
Cisco Jabber client
Cisco OnePK All-in-One VM
Cisco DCM Series 9900-Digital Content Manager
Cisco D9034-S Encoder
Cisco D9054 HDTV Encoder
Cisco Show and Share
WebEx Social
Cisco Adaptive Security Device Manager (ASDM)
Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module (FWSM)
Cisco Digital Media Manager
Cisco Digital Media Players
Cisco Edge 300 Digital Media Player
Cisco Edge 340 Digital Media Player
Cisco Emergency Responder
Cisco Internet Streamer CDS
Cisco Enterprise Content Delivery System (ECDS)
Cisco IP Communicator
Cisco TelePresence Recording Server
Cisco Network Analysis Module Software (NAM)
Cisco Wireless Location Appliance
CiscoWorks Wireless LAN Solution Engine (WLSE)
Cisco Physical Access Gateways
Cisco Physical Access Manager
Cisco Video Surveillance Media Server Software
Cisco Video Surveillance Operations Manager Software
Cisco NetFlow Generation Appliance 3240
Cisco Prime Data Center Network Manager
Cisco Prime Analytics for SPs
Cisco Prime Central for SPs
Cisco Prime Provisioning for SPs
Cisco Prime Performance Manager for SPs
Cisco Prime Optical for SPs
Cisco Prime Network Services Controller (formerly the Cisco Virtual Network Management Center)
Cisco Prime Network Registrar
Cisco Unified Contact Center Products
Cisco Unified Department Attendant Console
Cisco Unified E-Mail Interaction Manager
Cisco Unified Enterprise Attendant Console
Cisco Unified Mobility
Cisco Unified Operations Manager
Cisco Unified Personal Communicator
Cisco Unified Presence
Cisco Unified Provisioning Manager
Cisco Unified Quick Connect
Cisco Unified Service Monitor
Cisco Unified Service Statistics Manager
Cisco UCS Invicta Series Solid State Systems
Cisco NAC Server
Cisco NAC Manager
Cisco NAC Agent
Cisco NAC Guest Server
Cisco ONS 15454 Series Multiservice Provisioning Platforms
Cisco Quantum Policy Server (QPS)
Cisco TelePresence System 500
Cisco TelePresence System 1100
Cisco TelePresence System 1300 Series
Cisco TelePresence System 3000 Series
Cisco TelePresence System T Series
Cisco IP Video Phone E20
Cisco TelePresence MX Series
Cisco TelePresence EX Series
Cisco Telepresence Integrator C Series
Cisco TelePresence Profile Series
Cisco TelePresence SX Series
Cisco TelePresence Movi with Precision HD USB / Jabber Video
Cisco TelePresence MXP Series
Cisco TelePresence MCU all series
Cisco TelePresence Advanced Media Gateway Series
Cisco TelePresence IP VCR Series
Cisco TelePresence ISDN GW 3241
Tandberg Codian ISDN GW 3210/3220/3240
Tandberg Codian MSE 8310 model
Tandberg 770/880/990 MXP Series

---

Vulnerable Products

Junos OS 13.3R1 (Fixed code is listed in the "Solution" section)
SSL VPN (IVEOS) 7.4r1 and later, and SSL VPN (IVEOS) 8.0r1 and later (Fixed code is listed in the "Solution" section)
UAC 4.4r1 and later, and UAC 5.0r1 and later (Fixed code is listed in the "Solution" section)
Junos Pulse (Desktop) 5.0r1 and later, and Junos Pulse (Desktop) 4.0r5 and later (Fixed code is listed in the "Solution" section)
Network Connect (windows only) version 7.4R5 to 7.4R9.1 & 8.0R1 to 8.0R3.1. (This client is only impacted when used in FIPS mode.) (Fixed code is listed in the "Solution" section)
Junos Pulse (Mobile) on Android version 4.2R1 and higher. (Fixed code is listed in the "Solution" section)
Junos Pulse (Mobile) on iOS version 4.2R1 and higher. (This client is only impacted when used in FIPS mode.) (Fixed code is listed in the "Solution" section)
Odyssey client 5.6r5 and later


Products currently under investigation

Stand Alone IDP