NewsBot Posted June 21, 2014 Posted June 21, 2014 Secunia Research classifies vulnerabilities by rating the severity of vulnerabilities from 1: "not critical" to 5: "extremely critical." Going by the PR Heartbleed received, you would be excused for thinking that what we were dealing with here was, indeed, "extremely critical." But it was not, as vulnerabilities go. That rating we use for "remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild." The Heartbleed vulnerability was in fact only rated as a 3 of 5 by Secunia: "moderately critical", which is typically used for "remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction." It gets this rating because it enables information retrieval from remote without any user interaction or authentication requirements. View the full article Quote
Administrator Tarun Posted June 22, 2014 Administrator Posted June 22, 2014 For anyone who wants to understand how Heartbleed worked, check out this awesome xkcd comic. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.