zoukankan      html  css  js  c++  java
  • namp检测heartbleed 心脏滴血

    命令

    nmap -sV --script=ssl-heartbleed 111.X.X.53 -p 443
    

    输出结果

    ➜  ~ nmap -sV --script=ssl-heartbleed 111.X.X.53 -p 443
    Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-22 12:10 CST
    Nmap scan report for 111.X.X.53
    Host is up (0.040s latency).
    
    PORT    STATE SERVICE  VERSION
    443/tcp open  ssl/http nginx
    | ssl-heartbleed:
    |   VULNERABLE:
    |   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
    |     State: VULNERABLE
    |     Risk factor: High
    |       OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
    |
    |     References:
    |       http://www.openssl.org/news/secadv_20140407.txt
    |       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
    |_      http://cvedetails.com/cve/2014-0160/
    
    Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 16.26 seconds
    
    

    修复建议

    1. 若发现出现漏洞的服务器,立刻下线,避免其继续暴露敏感信息。
    2. 停止旧版本的SSL服务,升级新版SSL服务。
  • 相关阅读:
    glide引出恶心的git submodule
    恶心的hadoop集群
    恶心的sbt 超级慢--解决
    gradle 如何操作命令行
    TextView使用SpannableString设置复合文本(转)
    在gradle 中使用ant 执行 “命令行”(CMD)不出日志解决方案
    SQLServer常用运维SQL整理(转)
    github 拉取代码慢 的处理
    Docker部署Sentry
    下载网站的视频
  • 原文地址:https://www.cnblogs.com/mysticbinary/p/12936406.html
Copyright © 2011-2022 走看看