POODLE vulnerability assessment

2014-10-15T15:18:55
ID COALFIRE:C2818772B436CEE4436831AF1CA1830D
Type coalfire
Reporter The Coalfire Blog
Modified 2014-10-15T15:18:55

Description

Vulnerability Summary: The POODLE vulnerability is due to a bug in SSL protocol, whereas Heartbleed and Shellshock were vulnerability due to a bug in software. Heartbleed and Shellshock were confined to systems that ran vulnerable versions of software, whereas POODLE affects any system running any software that implements SSL 3.0, which is a widely implemented protocol used to provide encrypted network transmissions. This is an "industry-wide" vulnerability. Of Heartbleed and Shellshock, POODLE is most similar to Heartbleed as both Heartbleed and POODLE exploit vulnerabilities having to do with SSL.