Lucene search
HistoryAug 03, 2015 - 1:59 a.m.
CVE-2015-5537
siemens
ruggedcom
ros
rox ii
ssl
https
cbc padding
man-in-the-middle
cleartext data
padding-oracle
cve-2015-5537
nvd
4.5 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
Affected configurations
Node
siemensruggedcom_rox_ii_firmwareMatch-
ORsiemensruggedcom_rugged_operating_systemRange<4.2.0
Related
nvd
nvd
CVE-2015-5537
2015-08-03 01:59:02
prion
prion
Security feature bypass
2015-08-03 01:59:00
Code injection
2014-10-15 00:55:00
cvelist
cvelist
CVE-2015-5537
2015-08-03 01:00:00
CVE-2014-3566
2014-10-15 00:00:00
ics
ics
nessus
nessus
FreeBSD : asterisk -- Asterisk Susceptibility to POODLE Vulnerability (76c7a0f5-5928-11e4-adc7-001999f8d30b) (POODLE)
2014-10-22 00:00:00
Fedora 20 : openssl-1.0.1e-40.fc20 (2014-13069) (POODLE)
2014-10-20 00:00:00
Amazon Linux AMI : openssl (ALAS-2014-426) (POODLE)
2014-10-16 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: claws-mail-plugins-3.11.1-1.fc19
2015-01-05 07:36:19
[SECURITY] Fedora 20 Update: nodejs-0.10.33-1.fc20
2014-12-15 04:34:00
[SECURITY] Fedora 19 Update: python-rhsm-1.13.6-1.fc19
2014-11-07 02:33:12
ibm
ibm
redhat
redhat
(RHSA-2014:1653) Moderate: openssl security update
2014-10-16 00:00:00
(RHSA-2015:1546) Important: node.js security update
2015-08-04 00:00:00
(RHSA-2015:1545) Important: node.js security update
2015-08-04 00:00:00
cisco
cisco
SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2014-10-15 18:30:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-429)
2015-09-08 00:00:00
Fedora Update for nodejs FEDORA-2014-15411
2015-01-05 00:00:00
Fedora Update for asterisk FEDORA-2014-15621
2015-01-05 00:00:00
centos
centos
openssl security update
2014-10-16 15:21:39
suse
suse
Security update for suseRegister (important)
2015-01-05 21:04:43
hackerone
hackerone
New Relic: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
2017-03-26 19:08:23
MariaDB: smtp service vulnerable to POODLE SSLv3
2019-03-24 06:26:55
seebug
seebug
SSL 3.0 POODLE(CVE-2014-3566)
2017-02-17 00:00:00
f5
f5
K15702 : SSLv3 vulnerability CVE-2014-3566
2015-09-18 00:00:00
cert
cert
POODLE vulnerability in SSL 3.0
2014-10-17 00:00:00
citrix
citrix
CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw
2014-10-14 04:00:00
amazon
amazon
Important: openssl
2014-10-14 22:32:00
osv
osv
lighttpd - security update
2015-07-25 00:00:00
lighttpd - security update
2016-02-23 00:00:00
veracode
veracode
Information Disclosure
2017-02-07 00:05:45
Information Disclosure
2019-01-15 08:54:41
POODLE Attack
2017-04-27 06:54:17
checkpoint_security
checkpoint_security
Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)
2014-10-13 21:00:00
securityvulns
securityvulns
TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack
2014-10-18 00:00:00
APPLE-SA-2014-10-16-4 OS X Server v3.2.2
2014-10-18 00:00:00
fortinet
fortinet
SSL v3 "POODLE" Vulnerability
2014-10-15 00:00:00
aix
aix
Vulnerability in SSLv3 affects AIX,Vulnerability in SSLv3 affects VIOS
2015-06-17 09:52:06
freebsd
freebsd
asterisk -- Asterisk Susceptibility to POODLE Vulnerability
2014-10-20 00:00:00
debian
debian
[SECURITY] [DSA 3489-1] lighttpd security update
2016-02-23 18:26:44
huawei
huawei
Security Advisory-SSLv3 POODLE Vulnerability in Huawei Products
2014-12-15 00:00:00
4.5 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Related for CVE-2015-5537