POODLE SSLv3 Protocol CBC Ciphers Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with OpenSSL and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream. Impact Level: Application

Solution

Vendor released a patch to address this vulnerabiliy, For updates contact vendor or refer to https://www.openssl.org NOTE: The only correct way to fix POODLE is to disable SSL v3.0

Insight

The flaw is due to the block cipher padding not being deterministic and not covered by the Message Authentication Code

Affected

OpenSSL through 1.0.1i

Detection

Send a SSLv3 request and check the response.

References

http://googleonlinesecurity.blogspot.in/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://osvdb.com/113251
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3566

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Apache Tomcat Multiple Vulnerabilities - 02 Mar14
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)

POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability

Take action and discover your vulnerabilities