CVSS Vector: AV:N/AC:L/AU:N/C:P/I:N/A:N
The heartbleed vulnerability allows attackers to steal the private key of a server certificate. If the server is vulnerable to heartbleed, this means that an attacker can retrieve the private key and impersonate the server. Therefore secure connections to the webserver are not possible anymore. The heartbleed vulnerability was one of the most critical vulnerabilities in the last years. According to security researcher Bruce Schneier: '"Catastrophic" is the right word. On the scale of 1 to 10, this is an 11.'
Follow this guide to prevent the heartbleed attack:
Update OpenSSLto the latest version. The following versions are known to have fixed the heartbleed vulnerability:
apt-get update; apt-get upgrade # Debian / Ubuntu
yum update # RHeL / CentOS
pacman -Syu # Arch Linux