PRABATH'S TECH BLOG

Heartbleed is the vulnerable which is identifying in very famous TSL level security library call OpenSSL. It is widely used to implement TSL level security. Heartbleed is effecting if user using vulnerable OpenSSL instance for the client side or server side. Note that only the number of OpenSSL version are reported as an effected by vulnerability. OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable OpenSSL 1.0.1g is NOT vulnerable OpenSSL 1.0.0 branch is NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable OpenSSL 0.9.7 branch is NOT vulnerable CVE-2014-0160 is the official name for this vulnerability. These vulnerability names are maintain by the CVE (http://cve.mitre.org/) What actually happened? When Heartbleed is exploited it leads to the leak of memory information from the server to the client and from client to the server side. RFC6520 is for the transport layer security (TLS) and datagram transport layer security (DTLS). RFC6520 heartbeat extension is

Step 1: Download cuubez from the Repository The first step is to download the latest cuubez stable release from:  http://www.cuubez.com/index.php/2014-05-20-11-01-54 Maven repo < dependencies >     < dependency >       < groupId >com.cuubez</ groupId >       < artifactId >cuubez-core</ artifactId >       < version >1.0.0</ version >     </ dependency > </ dependencies > Step 2: Add the following libraries to your Web application   com . thoughtworks . xstream   commons - logging   javax . servlet   javassist   javax . ws . rs   com . google . code . gson Step 3: Define listeners and bootstrap classes\ < web-app >    < display-name >Employee Example</ display-name >      < listener >          < listener-class >com.cuubez.core.servlet.BootstrapContextListener</ listener-class >      </ listener >      < servlet-mapping >