Heartbleed
(español: hemorragia de corazón) es un agujero de seguridad (bug) de software
en la biblioteca de código abierto OpenSSL, solo vulnerable en su versión
1.0.1f, que permite a un atacante leer la memoria de un servidor o un cliente,
permitiéndole por ejemplo, conseguir las claves privadas SSL de un servidor.
http://es.wikipedia.org/wiki/Heartbleed
Heartbleed is a security bug
in the OpenSSL cryptography library that gained widespread attention in April
2014. OpenSSL is a widely used implementation of the Transport Layer Security
(TLS) protocol. Heartbleed may be exploited whether the party using a
vulnerable OpenSSL instance for TLS is a server or a client. Heartbleed results
from improper input validation (due to a missing bounds check) in the
implementation of the TLS heartbeat extension, the heartbeat being the basis
for the bug's name. The vulnerability is classified as a buffer over-read, a
situation where software allows more data to be read than should be allowed.
http://en.wikipedia.org/wiki/Heartbleed