For pentesting purposes I have created a Docker container that uses a vulnerable version of libssl/openssl.
For further details, please see GitHub or simply install the container via the Docker hub.
This docker container is based on Debian Wheezy and has been modified to use a vulernable version of openssl/libssl(openssl_1.0.1e-2_amd64.deb, libssl1.0.0_1.0.1e-2_amd64.deb);
A web application is available via Apache 2 and serves a static web page.
Install the container with
docker pull hmlio/vaas-cve-2014-0160
Run the container with a port mapping
docker run -d -p 8443:443 hmlio/vaas-cve-2014-0160
You should be able to access the web application at http://your-ip:8443/.
The web server/vulnerable openssl/libssl version can be verified and exploited as shown below (using a Kali machine is recommended):
Using msfcli from the Metasploit framework: