Hello All,
Follow the below steps and you are ready to scan for Heartbleed vulnerability:
1. In the CCSVM Console Web interface, click Administration from the top menu. Under the Scan Options Section on the administration page, click the manage link for Templates.
2. Find the scan template named “Full audit” and select the Copy scan template icon at the right.
3. Under the Type of Checks, ensure that Vulnerabilities and Web Spidering options are selected, unselect the “Policies” option.
4. Under the Name and Description, rename the template to “Heartbleed Testing” and modify the description text so you will be able to recognize later that the template is customized for Heartbleed bug.
5. Click Next to go to the Asset Discovery section. Check Send ICMP “pings” and Send TCP packets to ports. Enter any TCP ports that may be running SSL on your network.
6. Select the “Vulnerability Checks” option from the left menu, then expand the “By Category” section and click the “Remove categories” button.
7. Select the check box for the top row (Vulnerability Category), which will auto-select the check boxes for all categories. Then click Save.
8. Expand the By Individual Check section and click the “Add checks” button.
9. Enter or paste CVE-2014-0160 in the Search Criteria box and click the Search button. Note: If search does not find the CVE, please run “Manual Update” (Administration, under Global and Console settings, click Administrator, choose updates from the left menu and click on the “Manual Update” button).
10. Select the check box for the top row (Vulnerability Check), which will auto-select the check boxes for all types. Then click Save.
11. Save the scan template.
This site is now set up to scan for Heartbleed Vulnerabilities only.