Junos SSLv3 POODLE Vulnerability

Summary
Junos OS is prone to a OpenSSL information disclosure vulnerability, also known as the 'POODLE' vulnerability.
Impact
The vulnerability makes it easier for a man in the middle attacker to obtain cleartext data.
Solution
New builds of Junos OS software are available from Juniper.
Insight
The SSL protocol 3.0 (SSLv3) uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.
Affected
Junos OS 11.4, 12.1, 12.3, 13.2, 13.3, 14.1 and 14.2
Detection
Check the OS build.
References

Updated on 2015-03-25