[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2014-3566

Date: (C)2014-10-16   (M)2017-12-13 


The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECTRACK-1031029
SECTRACK-1031039
SECTRACK-1031085
SECTRACK-1031086
SECTRACK-1031087
SECTRACK-1031088
SECTRACK-1031089
SECTRACK-1031090
SECTRACK-1031091
SECTRACK-1031092
SECTRACK-1031093
SECTRACK-1031094
SECTRACK-1031095
SECTRACK-1031096
SECTRACK-1031105
SECTRACK-1031106
SECTRACK-1031107
SECTRACK-1031120
SECTRACK-1031123
SECTRACK-1031124
SECTRACK-1031130
SECTRACK-1031131
SECTRACK-1031132
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
http://seclists.org/fulldisclosure/2015/Apr/5
SECUNIA-59627
SECUNIA-60056
SECUNIA-60206
SECUNIA-60792
SECUNIA-60859
SECUNIA-61019
SECUNIA-61130
SECUNIA-61303
SECUNIA-61316
SECUNIA-61345
SECUNIA-61359
SECUNIA-61782
SECUNIA-61810
SECUNIA-61819
SECUNIA-61825
SECUNIA-61827
SECUNIA-61926
SECUNIA-61995
BID-70574
APPLE-SA-2014-10-16-1
APPLE-SA-2014-10-16-3
APPLE-SA-2014-10-16-4
APPLE-SA-2014-10-20-1
APPLE-SA-2014-10-20-2
APPLE-SA-2015-01-27-4
APPLE-SA-2015-09-16-2
DSA-3053
DSA-3144
DSA-3147
DSA-3253
DSA-3489
FEDORA-2014-12951
FEDORA-2014-13012
FEDORA-2014-13069
FEDORA-2015-9090
FEDORA-2015-9110
GLSA-201507-14
GLSA-201606-11
HPSBGN03164
HPSBGN03191
HPSBGN03192
HPSBGN03201
HPSBGN03202
HPSBGN03203
HPSBGN03205
HPSBGN03209
HPSBGN03222
HPSBGN03305
HPSBGN03332
HPSBGN03391
HPSBGN03569
HPSBHF03156
HPSBHF03300
HPSBMU03152
HPSBMU03183
HPSBMU03184
HPSBMU03214
HPSBMU03223
HPSBMU03234
HPSBMU03259
HPSBMU03261
HPSBMU03263
HPSBMU03267
HPSBMU03304
HPSBMU03416
HPSBPI03107
HPSBPI03360
HPSBST03195
HPSBST03265
HPSBST03418
HPSBUX03162
HPSBUX03281
MDVSA-2014:203
MDVSA-2015:062
NetBSD-SA2014-015
RHSA-2014:1652
RHSA-2014:1653
RHSA-2014:1692
RHSA-2014:1876
RHSA-2014:1877
RHSA-2014:1880
RHSA-2014:1881
RHSA-2014:1882
RHSA-2014:1920
RHSA-2014:1948
RHSA-2015:0068
RHSA-2015:0079
RHSA-2015:0080
RHSA-2015:0085
RHSA-2015:0086
RHSA-2015:0264
RHSA-2015:0698
RHSA-2015:1545
RHSA-2015:1546
SSRT101767
SSRT101779
SSRT101790
SSRT101795
SSRT101834
SSRT101838
SSRT101846
SSRT101849
SSRT101854
SSRT101868
SSRT101892
SSRT101894
SSRT101896
SSRT101897
SSRT101898
SSRT101899
SSRT101916
SSRT101921
SSRT101922
SSRT101928
SSRT101951
SSRT101968
SSRT101998
SUSE-SU-2014:1357
SUSE-SU-2014:1361
SUSE-SU-2014:1526
SUSE-SU-2014:1549
SUSE-SU-2015:0336
SUSE-SU-2015:0344
SUSE-SU-2015:0345
SUSE-SU-2015:0376
SUSE-SU-2015:0392
SUSE-SU-2015:0503
SUSE-SU-2015:0578
SUSE-SU-2016:1457
SUSE-SU-2016:1459
TA14-290A
USN-2486-1
USN-2487-1
VU#577193
http://marc.info/?l=openssl-dev&m=141333049205629&w=2
http://advisories.mageia.org/MGASA-2014-0416.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
http://downloads.asterisk.org/pub/security/AST-2014-011.html
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
http://support.apple.com/HT204244
http://support.citrix.com/article/CTX200238
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www-01.ibm.com/support/docview.wss?uid=swg21687172
http://www-01.ibm.com/support/docview.wss?uid=swg21687611
http://www-01.ibm.com/support/docview.wss?uid=swg21688283
http://www-01.ibm.com/support/docview.wss?uid=swg21692299
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
https://access.redhat.com/articles/1232123
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
https://bto.bluecoat.com/security-advisory/sa83
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
https://bugzilla.redhat.com/show_bug.cgi?id=1152789
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kc.mcafee.com/corporate/index?page=content&id=SB10090
https://kc.mcafee.com/corporate/index?page=content&id=SB10091
https://kc.mcafee.com/corporate/index?page=content&id=SB10104
https://puppet.com/security/cve/poodle-sslv3-vulnerability
https://security.netapp.com/advisory/ntap-20141015-0001/
https://support.apple.com/HT205217
https://support.apple.com/kb/HT6527
https://support.apple.com/kb/HT6529
https://support.apple.com/kb/HT6531
https://support.apple.com/kb/HT6535
https://support.apple.com/kb/HT6536
https://support.apple.com/kb/HT6541
https://support.apple.com/kb/HT6542
https://support.citrix.com/article/CTX216642
https://support.lenovo.com/product_security/poodle
https://support.lenovo.com/us/en/product_security/poodle
https://technet.microsoft.com/library/security/3009008.aspx
https://www-01.ibm.com/support/docview.wss?uid=swg21688165
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
https://www.elastic.co/blog/logstash-1-4-3-released
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/news/secadv_20141015.txt
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://www.suse.com/support/kb/doc.php?id=7015773
openSUSE-SU-2014:1331
openSUSE-SU-2015:0190
openSUSE-SU-2016:0640

CPE    133
cpe:/a:openssl:openssl:1.0.0h
cpe:/a:openssl:openssl:1.0.1:beta1
cpe:/a:openssl:openssl:1.0.0g
cpe:/a:openssl:openssl:1.0.0j
...
CWE    1
CWE-310
OVAL    82
oval:org.secpod.oval:def:21746
oval:org.secpod.oval:def:108125
oval:org.secpod.oval:def:1600161
oval:org.secpod.oval:def:601802
...

© 2013 SecPod Technologies