Can someone share QID for CVE-2014-0224 ?. Do you know when Qualys is planning to implement new QID for this CVE ?
Today we are planning to release the following remote un-authenticated QID for the OpenSSL advisory: http://www.openssl.org/news/secadv_20140605.txt
38602 OpenSSL Multiple Remote Security Vulnerabilities
For customers who cannot run un-authenticated scans we are also releasing the following authenticated QIDs:
195488 Ubuntu Security Notification for OpenSSL Vulnerabilities (USN-2232-1)
122119 Red Hat Update for openssl097a and openssl098e (RHSA-2014-0626)
122120 OpenSSL Multiple Remote Security Vulnerabilities for Windows
122118 Red Hat Update for openssl (RHSA-2014-0624)
122117 Red Hat Update for openssl (RHSA-2014-0625)
The QIDs will be in production in a few hours.
Alex we currently multiple QIDs that are in process to address this CVE. As of right now, I don't have an estimate as to when they will be added to the knowledgebase, however our team is working diligently to complete the required testing before they are added.
Could you verify if the QID's will be un-authenticated tests? Obviously the priority is assess external facing networks first, so hoping the Qualys QID's will provide this prioritisation for tests.
Any ETA on this QID
The QIDs are now live in production.
Retrieving data ...