OpenSSL BUG! aka. „The Heartbleed Bug“

Mehr Informationen hier : http://heartbleed.com/

Hier kann man Hosts überprüfen, ob diese für CVE-2014-0160 angreifbar ist: http://filippo.io/Heartbleed/
(bitte mit Vorsicht benutzen)

Full Disclosure: http://seclists.org/fulldisclosure/2014/Apr/90

Bash-Test:
(Zeigt aber nur, ob die heartbeat-extention verfügbar ist)

openssl s_client -connect $url:443 -tlsextdebug | grep heartbeat

//modules/xfsection/modify.php?dir_module=
//index.php?option=com_dbquery&Itemid=&mosConfig_absolute_path=
/binaries/log/errors.php?error=
//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=
/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
/?sourcedir=
//components/com_flyspray/startdown.php?file=
//administrator/components/com_virtuemart/export.php?mosConfig_absolute_path=
///administrator/components/com_virtuemart/export.php?mosConfig_absolute_path=
//include/write.php?dir=

FYI

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine – Cisco Systems.