Lucene search

[email protected]CVE-2014-3566

HistoryOct 15, 2014 - 12:55 a.m.

CVE-2014-3566

2014-10-1500:55:00

CWE-310

[email protected]

web.nvd.nist.gov

629

cve-2014-3566

ssl protocol

openssl

vulnerability

poodle issue

nvd

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.

CPENameOperatorVersion
redhat:enterprise_linux_desktop_supplementaryredhat enterprise linux desktop supplementaryeq6.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0
redhat:enterprise_linux_server_supplementaryredhat enterprise linux server supplementaryeq6.0
redhat:enterprise_linux_workstation_supplementaryredhat enterprise linux workstation supplementaryeq6.0
redhat:enterprise_linux_workstation_supplementaryredhat enterprise linux workstation supplementaryeq7.0
redhat:enterprise_linux_server_supplementaryredhat enterprise linux server supplementaryeq7.0
redhat:enterprise_linuxredhat enterprise linuxeq5
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq6.0

CPE	Name	Operator	Version
redhat:enterprise_linux_desktop_supplementary	redhat enterprise linux desktop supplementary	eq	6.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0
redhat:enterprise_linux_server_supplementary	redhat enterprise linux server supplementary	eq	6.0
redhat:enterprise_linux_workstation_supplementary	redhat enterprise linux workstation supplementary	eq	6.0
redhat:enterprise_linux_workstation_supplementary	redhat enterprise linux workstation supplementary	eq	7.0
redhat:enterprise_linux_server_supplementary	redhat enterprise linux server supplementary	eq	7.0
redhat:enterprise_linux	redhat enterprise linux	eq	5
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	6.0

Rows per page:

1-10 of 1361

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc

advisories.mageia.org/MGASA-2014-0416.html

aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc

archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566

blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html

blog.nodejs.org/2014/10/23/node-v0-10-33-stable/

blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx

docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf

downloads.asterisk.org/pub/security/AST-2014-011.html

googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581

h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.apple.com/archives/security-announce/2015/Jan/msg00003.html

lists.apple.com/archives/security-announce/2015/Sep/msg00002.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html

lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html

lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html

lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html

lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html

lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html

lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html

lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html

marc.info/?l=bugtraq&m=141450452204552&w=2

marc.info/?l=bugtraq&m=141450973807288&w=2

marc.info/?l=bugtraq&m=141477196830952&w=2

marc.info/?l=bugtraq&m=141576815022399&w=2

marc.info/?l=bugtraq&m=141577087123040&w=2

marc.info/?l=bugtraq&m=141577350823734&w=2

marc.info/?l=bugtraq&m=141620103726640&w=2

marc.info/?l=bugtraq&m=141628688425177&w=2

marc.info/?l=bugtraq&m=141694355519663&w=2

marc.info/?l=bugtraq&m=141697638231025&w=2

marc.info/?l=bugtraq&m=141697676231104&w=2

marc.info/?l=bugtraq&m=141703183219781&w=2

marc.info/?l=bugtraq&m=141715130023061&w=2

marc.info/?l=bugtraq&m=141775427104070&w=2

marc.info/?l=bugtraq&m=141813976718456&w=2

marc.info/?l=bugtraq&m=141814011518700&w=2

marc.info/?l=bugtraq&m=141879378918327&w=2

marc.info/?l=bugtraq&m=142103967620673&w=2

marc.info/?l=bugtraq&m=142118135300698&w=2

marc.info/?l=bugtraq&m=142296755107581&w=2

marc.info/?l=bugtraq&m=142350196615714&w=2

marc.info/?l=bugtraq&m=142350298616097&w=2

marc.info/?l=bugtraq&m=142350743917559&w=2

marc.info/?l=bugtraq&m=142354438527235&w=2

marc.info/?l=bugtraq&m=142357976805598&w=2

marc.info/?l=bugtraq&m=142495837901899&w=2

marc.info/?l=bugtraq&m=142496355704097&w=2

marc.info/?l=bugtraq&m=142546741516006&w=2

marc.info/?l=bugtraq&m=142607790919348&w=2

marc.info/?l=bugtraq&m=142624590206005&w=2

marc.info/?l=bugtraq&m=142624619906067

marc.info/?l=bugtraq&m=142624619906067&w=2

marc.info/?l=bugtraq&m=142624679706236&w=2

marc.info/?l=bugtraq&m=142624719706349&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

marc.info/?l=bugtraq&m=142721830231196&w=2

marc.info/?l=bugtraq&m=142721887231400&w=2

marc.info/?l=bugtraq&m=142740155824959&w=2

marc.info/?l=bugtraq&m=142791032306609&w=2

marc.info/?l=bugtraq&m=142804214608580&w=2

marc.info/?l=bugtraq&m=142805027510172&w=2

marc.info/?l=bugtraq&m=142962817202793&w=2

marc.info/?l=bugtraq&m=143039249603103&w=2

marc.info/?l=bugtraq&m=143101048219218&w=2

marc.info/?l=bugtraq&m=143290371927178&w=2

marc.info/?l=bugtraq&m=143290437727362&w=2

marc.info/?l=bugtraq&m=143290522027658&w=2

marc.info/?l=bugtraq&m=143290583027876&w=2

marc.info/?l=bugtraq&m=143558137709884&w=2

marc.info/?l=bugtraq&m=143558192010071&w=2

marc.info/?l=bugtraq&m=143628269912142&w=2

marc.info/?l=bugtraq&m=144101915224472&w=2

marc.info/?l=bugtraq&m=144251162130364&w=2

marc.info/?l=bugtraq&m=144294141001552&w=2

marc.info/?l=bugtraq&m=145983526810210&w=2

marc.info/?l=openssl-dev&m=141333049205629&w=2

people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html

rhn.redhat.com/errata/RHSA-2014-1652.html

rhn.redhat.com/errata/RHSA-2014-1653.html

rhn.redhat.com/errata/RHSA-2014-1692.html

rhn.redhat.com/errata/RHSA-2014-1876.html

rhn.redhat.com/errata/RHSA-2014-1877.html

rhn.redhat.com/errata/RHSA-2014-1880.html

rhn.redhat.com/errata/RHSA-2014-1881.html

rhn.redhat.com/errata/RHSA-2014-1882.html

rhn.redhat.com/errata/RHSA-2014-1920.html

rhn.redhat.com/errata/RHSA-2014-1948.html

rhn.redhat.com/errata/RHSA-2015-0068.html

rhn.redhat.com/errata/RHSA-2015-0079.html

rhn.redhat.com/errata/RHSA-2015-0080.html

rhn.redhat.com/errata/RHSA-2015-0085.html

rhn.redhat.com/errata/RHSA-2015-0086.html

rhn.redhat.com/errata/RHSA-2015-0264.html

rhn.redhat.com/errata/RHSA-2015-0698.html

rhn.redhat.com/errata/RHSA-2015-1545.html

rhn.redhat.com/errata/RHSA-2015-1546.html

secunia.com/advisories/59627

secunia.com/advisories/60056

secunia.com/advisories/60206

secunia.com/advisories/60792

secunia.com/advisories/60859

secunia.com/advisories/61019

secunia.com/advisories/61130

secunia.com/advisories/61303

secunia.com/advisories/61316

secunia.com/advisories/61345

secunia.com/advisories/61359

secunia.com/advisories/61782

secunia.com/advisories/61810

secunia.com/advisories/61819

secunia.com/advisories/61825

secunia.com/advisories/61827

secunia.com/advisories/61926

secunia.com/advisories/61995

support.apple.com/HT204244

support.citrix.com/article/CTX200238

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

www-01.ibm.com/support/docview.wss?uid=isg3T1021431

www-01.ibm.com/support/docview.wss?uid=isg3T1021439

www-01.ibm.com/support/docview.wss?uid=swg21686997

www-01.ibm.com/support/docview.wss?uid=swg21687172

www-01.ibm.com/support/docview.wss?uid=swg21687611

www-01.ibm.com/support/docview.wss?uid=swg21688283

www-01.ibm.com/support/docview.wss?uid=swg21692299

www.debian.org/security/2014/dsa-3053

www.debian.org/security/2015/dsa-3144

www.debian.org/security/2015/dsa-3147

www.debian.org/security/2015/dsa-3253

www.debian.org/security/2016/dsa-3489

www.kb.cert.org/vuls/id/577193

www.mandriva.com/security/advisories?name=MDVSA-2014:203

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/archive/1/533724/100/0/threaded

www.securityfocus.com/archive/1/533746

www.securityfocus.com/archive/1/533747

www.securityfocus.com/bid/70574

www.securitytracker.com/id/1031029

www.securitytracker.com/id/1031039

www.securitytracker.com/id/1031085

www.securitytracker.com/id/1031086

www.securitytracker.com/id/1031087

www.securitytracker.com/id/1031088

www.securitytracker.com/id/1031089

www.securitytracker.com/id/1031090

www.securitytracker.com/id/1031091

www.securitytracker.com/id/1031092

www.securitytracker.com/id/1031093

www.securitytracker.com/id/1031094

www.securitytracker.com/id/1031095

www.securitytracker.com/id/1031096

www.securitytracker.com/id/1031105

www.securitytracker.com/id/1031106

www.securitytracker.com/id/1031107

www.securitytracker.com/id/1031120

www.securitytracker.com/id/1031123

www.securitytracker.com/id/1031124

www.securitytracker.com/id/1031130

www.securitytracker.com/id/1031131

www.securitytracker.com/id/1031132

www.ubuntu.com/usn/USN-2486-1

www.ubuntu.com/usn/USN-2487-1

www.us-cert.gov/ncas/alerts/TA14-290A

www.vmware.com/security/advisories/VMSA-2015-0003.html

www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm

access.redhat.com/articles/1232123

blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6

bto.bluecoat.com/security-advisory/sa83

bugzilla.mozilla.org/show_bug.cgi?id=1076983

bugzilla.redhat.com/show_bug.cgi?id=1152789

devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip

github.com/mpgn/poodle-PoC

groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

ics-cert.us-cert.gov/advisories/ICSMA-18-058-02

kc.mcafee.com/corporate/index?page=content&id=SB10090

kc.mcafee.com/corporate/index?page=content&id=SB10091

kc.mcafee.com/corporate/index?page=content&id=SB10104

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

puppet.com/security/cve/poodle-sslv3-vulnerability

security.gentoo.org/glsa/201507-14

security.gentoo.org/glsa/201606-11

security.netapp.com/advisory/ntap-20141015-0001/

support.apple.com/HT205217

support.apple.com/kb/HT6527

support.apple.com/kb/HT6529

support.apple.com/kb/HT6531

support.apple.com/kb/HT6535

support.apple.com/kb/HT6536

support.apple.com/kb/HT6541

support.apple.com/kb/HT6542

support.citrix.com/article/CTX216642

support.lenovo.com/product_security/poodle

support.lenovo.com/us/en/product_security/poodle

technet.microsoft.com/library/security/3009008.aspx

www-01.ibm.com/support/docview.wss?uid=swg21688165

www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7

www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html

www.dfranke.us/posts/2014-10-14-how-poodle-happened.html

www.elastic.co/blog/logstash-1-4-3-released

www.imperialviolet.org/2014/10/14/poodle.html

www.openssl.org/news/secadv_20141015.txt

www.openssl.org/~bodo/ssl-poodle.pdf

www.suse.com/support/kb/doc.php?id=7015773

Social References

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.975 High

EPSS

Percentile

100.0%

JSON

Related for CVE-2014-3566

ibm98 fedora18 nessus44 suse1 redhat2 cisco1 centos1 openvas19 seebug1 osv1 hackerone1 citrix1 veracode1 f51 amazon2 cert1 checkpoint_advisories1 debian2 arista1 virtuozzo1 mageia1