3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Summary:
POODLE SSLv3 bug on multiple servers
Description:
CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.
root@jancok:~# nmap -sV --version-light -Pn --script ssl-poodle -p 443 -iL ip.txt
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2018-02-22 23:40 EST
Nmap scan report for server-54-230-149-17.sin2.r.cloudfront.net (54.230.149.17)
Host is up (0.029s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/https?
| ssl-poodle:
| VULNERABLE:
| SSL POODLE information leak
| State: LIKELY VULNERABLE
| IDs: OSVDB:113251 CVE:CVE-2014-3566
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
| other products, uses nondeterministic CBC padding, which makes it easier
| for man-in-the-middle attackers to obtain cleartext data via a
| padding-oracle attack, aka the "POODLE" issue.
| Disclosure date: 2014-10-14
| Check results:
| TLS_RSA_WITH_AES_128_CBC_SHA
| TLS_FALLBACK_SCSV properly implemented
| References:
| https://vulners.com/cve/CVE-2014-3566
| https://www.imperialviolet.org/2014/10/14/poodle.html
| https://www.openssl.org/~bodo/ssl-poodle.pdf
|_ http://osvdb.org/113251
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port443-TCP:V=7.25BETA1%T=SSL%I=2%D=2/22%Time=5A8F9B45%P=x86_64-pc-linu
SF:x-gnu%r(GetRequest,36B,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x
SF:20CloudFront\r\nDate:\x20Thu,\x2022\x20Feb\x202018\x2016:40:40\x20GMT\r
SF:\nContent-Type:\x20text/html\r\nContent-Length:\x20551\r\nConnection:\x
SF:20close\r\nX-Cache:\x20Error\x20from\x20cloudfront\r\nVia:\x201\.1\x209
SF:f6b01a312a31ea74b95b305e8d62497\.cloudfront\.net\x20\(CloudFront\)\r\nX
SF:-Amz-Cf-Id:\x20wTZjtVmAWgTRJcBZoY1eKmML1MIGDjqyL8HHIbcopGOT3RptvM0oAw==
SF:\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x
SF:20Transitional//EN\"\x20\"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<
SF:HTML><HEAD><META\x20HTTP-EQUIV=\"Content-Type\"\x20CONTENT=\"text/html;
SF:\x20charset=iso-8859-1\">\n<TITLE>ERROR:\x20The\x20request\x20could\x20
SF:not\x20be\x20satisfied</TITLE>\n</HEAD><BODY>\n<h1>ERROR</h1>\n<h2>The\
SF:x20request\x20could\x20not\x20be\x20satisfied\.</h2>\n<HR\x20noshade\x2
SF:0size=\"1px\">\nBad\x20request\.\n<BR\x20clear=\"all\">\n<HR\x20noshade
SF:\x20size=\"1px\">\n<pre>\nGenerated\x20by\x20cloudfront\x20\(CloudFront
SF:\)\nRequest\x20ID:\x20wTZjtVmAWgTRJcBZoY1eKmML1MIGDjqyL8HHIbcopGOT3Rptv
SF:M0oAw==\n</pre>\n<address>\n</address>\n</BODY></HTML>")%r(HTTPOptions,
SF:36B,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x20CloudFront\r\nDat
SF:e:\x20Thu,\x2022\x20Feb\x202018\x2016:40:40\x20GMT\r\nContent-Type:\x20
SF:text/html\r\nContent-Length:\x20551\r\nConnection:\x20close\r\nX-Cache:
SF:\x20Error\x20from\x20cloudfront\r\nVia:\x201\.1\x20c811a11df2d0d24d49e3
SF:cdf48257de21\.cloudfront\.net\x20\(CloudFront\)\r\nX-Amz-Cf-Id:\x20dUUs
SF:gtWLhorBbOSJMk6AESCL5MYIhEXtXdoSrTQ5pa0vKwxzKOa_0Q==\r\n\r\n<!DOCTYPE\x
SF:20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\
SF:"\x20\"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<HTML><HEAD><META\x2
SF:0HTTP-EQUIV=\"Content-Type\"\x20CONTENT=\"text/html;\x20charset=iso-885
SF:9-1\">\n<TITLE>ERROR:\x20The\x20request\x20could\x20not\x20be\x20satisf
SF:ied</TITLE>\n</HEAD><BODY>\n<h1>ERROR</h1>\n<h2>The\x20request\x20could
SF:\x20not\x20be\x20satisfied\.</h2>\n<HR\x20noshade\x20size=\"1px\">\nBad
SF:\x20request\.\n<BR\x20clear=\"all\">\n<HR\x20noshade\x20size=\"1px\">\n
SF:<pre>\nGenerated\x20by\x20cloudfront\x20\(CloudFront\)\nRequest\x20ID:\
SF:x20dUUsgtWLhorBbOSJMk6AESCL5MYIhEXtXdoSrTQ5pa0vKwxzKOa_0Q==\n</pre>\n<a>\n</address>\n</BODY></HTML>");
Nmap scan report for server-54-230-149-158.sin2.r.cloudfront.net (54.230.149.158)
Host is up (0.028s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/https?
| ssl-poodle:
| VULNERABLE:
| SSL POODLE information leak
| State: LIKELY VULNERABLE
| IDs: OSVDB:113251 CVE:CVE-2014-3566
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and
| other products, uses nondeterministic CBC padding, which makes it easier
| for man-in-the-middle attackers to obtain cleartext data via a
| padding-oracle attack, aka the "POODLE" issue.
| Disclosure date: 2014-10-14
| Check results:
| TLS_RSA_WITH_AES_128_CBC_SHA
| TLS_FALLBACK_SCSV properly implemented
| References:
| https://vulners.com/cve/CVE-2014-3566
| https://www.imperialviolet.org/2014/10/14/poodle.html
| https://www.openssl.org/~bodo/ssl-poodle.pdf
|_ http://osvdb.org/113251
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port443-TCP:V=7.25BETA1%T=SSL%I=2%D=2/22%Time=5A8F9B45%P=x86_64-pc-linu
SF:x-gnu%r(GetRequest,36B,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x
SF:20CloudFront\r\nDate:\x20Thu,\x2022\x20Feb\x202018\x2016:40:40\x20GMT\r
SF:\nContent-Type:\x20text/html\r\nContent-Length:\x20551\r\nConnection:\x
SF:20close\r\nX-Cache:\x20Error\x20from\x20cloudfront\r\nVia:\x201\.1\x209
SF:80b603eea89acb9f5bc806e2efdf82c\.cloudfront\.net\x20\(CloudFront\)\r\nX
SF:-Amz-Cf-Id:\x200GA88OFJqyG4qDARfjyQ1jGVyWfzjEnIf0PKUOQI1r6-AuHswKbacw==
SF:\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x
SF:20Transitional//EN\"\x20\"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<
SF:HTML><HEAD><META\x20HTTP-EQUIV=\"Content-Type\"\x20CONTENT=\"text/html;
SF:\x20charset=iso-8859-1\">\n<TITLE>ERROR:\x20The\x20request\x20could\x20
SF:not\x20be\x20satisfied</TITLE>\n</HEAD><BODY>\n<h1>ERROR</h1>\n<h2>The\
SF:x20request\x20could\x20not\x20be\x20satisfied\.</h2>\n<HR\x20noshade\x2
SF:0size=\"1px\">\nBad\x20request\.\n<BR\x20clear=\"all\">\n<HR\x20noshade
SF:\x20size=\"1px\">\n<pre>\nGenerated\x20by\x20cloudfront\x20\(CloudFront
SF:\)\nRequest\x20ID:\x200GA88OFJqyG4qDARfjyQ1jGVyWfzjEnIf0PKUOQI1r6-AuHsw
SF:Kbacw==\n</pre>\n<address>\n</address>\n</BODY></HTML>")%r(HTTPOptions,
SF:36B,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x20CloudFront\r\nDat
SF:e:\x20Thu,\x2022\x20Feb\x202018\x2016:40:40\x20GMT\r\nContent-Type:\x20
SF:text/html\r\nContent-Length:\x20551\r\nConnection:\x20close\r\nX-Cache:
SF:\x20Error\x20from\x20cloudfront\r\nVia:\x201\.1\x20e14935429e8b5cfb258b
SF:503fe0233feb\.cloudfront\.net\x20\(CloudFront\)\r\nX-Amz-Cf-Id:\x20s4YG
SF:LwviLFSBvGk8WD5Z0N2LIqbeVPqlxi2Y6JXysX-6zPgTxSvnSg==\r\n\r\n<!DOCTYPE\x
SF:20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\
SF:"\x20\"http://www\.w3\.org/TR/html4/loose\.dtd\">\n<HTML><HEAD><META\x2
SF:0HTTP-EQUIV=\"Content-Type\"\x20CONTENT=\"text/html;\x20charset=iso-885
SF:9-1\">\n<TITLE>ERROR:\x20The\x20request\x20could\x20not\x20be\x20satisf
SF:ied</TITLE>\n</HEAD><BODY>\n<h1>ERROR</h1>\n<h2>The\x20request\x20could
SF:\x20not\x20be\x20satisfied\.</h2>\n<HR\x20noshade\x20size=\"1px\">\nBad
SF:\x20request\.\n<BR\x20clear=\"all\">\n<HR\x20noshade\x20size=\"1px\">\n
SF:<pre>\nGenerated\x20by\x20cloudfront\x20\(CloudFront\)\nRequest\x20ID:\
SF:x20s4YGLwviLFSBvGk8WD5Z0N2LIqbeVPqlxi2Y6JXysX-6zPgTxSvnSg==\n</pre>\n<a>\n</address>\n</BODY></HTML>");
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 2 IP addresses (2 hosts up) scanned in 27.51 seconds
its vulnerable CVE-2014-3566
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%