Forge logo
❮ Return to Incident Remediation

Detect & remediate Heartbleed

by Puppet
Posted: October 30, 2019

Heartbleed is a serious vulnerability that lets attackers steal information normally protected by SSL/TLS encryption. Follow the steps below to find out if you have affected systems, and fix the vulnerability.

Before you begin

  • Ensure your Puppet Remediate instance has access to the systems you want to scan and update.

1. Search for vulnerabilities

Open Puppet Remediate, navigate to Vulnerabilities, type the following value into the CVE Search box, and press Return to see related vulnerabilities:

CVE-2014-0160

If any results were returned, click each one to read more detail and find out which nodes are affected, and continue to the next step.

2. Select the appropriate task

Select the Manage package task to use the list of affected servers that Remediate already provided as search results.

3. Execute the task

Select upgrade and type in openssl and run the Task.

4. Confirm the remediation

After your next security scan has synced into Puppet Remediate, use the CVE Search box again to confirm Heartbleed is gone.