Description
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
Remediation
References
Related Vulnerabilities
Plone CMS CVE-2011-3587 Vulnerability (CVE-2011-3587)
PHP Other Vulnerability (CVE-2011-3182)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-32621)
PHP Improper Input Validation Vulnerability (CVE-2014-5120)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2020-35452)