How to check if the domain is vulnerable to Heartbleed?
According to National Vulnerability Database, Heartbleed vulnerability, or CVE-2014-0160, affects OpenSSL 1.0.1 before 1.0.1g. OpenSSL is used by web-servers on Linux to establish SSL/TLS connection with clients.
Plesk does not provide vulnerable versions of OpenSSL, therefore, it is invulnerable to the Heartbleed, as long as all packages are updated.
To update packages to the latest version run the following command:
# plesk installer update
Note: Plesk major version will remain the same after the update.
To check if the domain is vulnerable to the Heartbleed use the Qualys SSL Server Test:
The string "Heartbeat (extension) Yes " means that Heartbeat Extension for the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols are in use on the server.
The string "Heartbleed (vulnerability) No " informs that versions that installed on the server are not affected by this vulnerability.
Note: For more information on Heartbleed vulnerability refer to the official article about it.