Lucene search
K

673 matches found

Tenable Nessus
Tenable Nessus
added 2014/10/15 12:0 a.m.3159 views

MS KB3009008: Vulnerability in SSL 3.0 Could Allow Information Disclosure (POODLE)

The remote host is missing one of the workarounds referenced in the Microsoft Security Advisory 3009008. If the client registry key workaround has not been applied, any client software installed on the remote host including IE is affected by an information disclosure vulnerability when using SSL...

4.3CVSS6.4AI score0.99999EPSS
Exploits7References7
Tenable Nessus
Tenable Nessus
added 2014/10/15 12:0 a.m.848 views

SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

The remote host is affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. MitM attackers can decrypt a...

4.3CVSS6.8AI score0.99999EPSS
Exploits7References4
Opera Security Advisories
Opera Security Advisories
added 2014/10/15 12:0 a.m.8 views

Security changes in Opera 25; the poodle attacks

Security Security changes in Opera 25; the poodle attacks Share October 15th, 2014 So the last weeks have been rather hectic behind the scenes in the browser security world, when Google security group found a new way to exploit a rather well known design weakness in SSLv3 published in the paper...

8.8CVSS7.2AI score0.01654EPSS
Exploits4References1
The Hacker News
The Hacker News
added 2014/10/14 11:44 p.m.12 views

POODLE SSL 3.0 Attack Exploits Widely-used Web Encryption Standard

Another Heartbleed-like vulnerability has been discovered in the decade old but still widely used Secure Sockets Layer SSL 3.0 cryptographic protocol that could allow an attacker to decrypt contents of encrypted connections to websites. Google's Security Team revealed on Tuesday that the most...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2014/10/14 8:13 p.m.12 views

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue

A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...

1.3AI score
Exploits0References6
Citrix
Citrix
added 2014/10/14 4:0 a.m.293 views

CVE-2014-3566 - Citrix Security Advisory for SSLv3 Protocol Flaw

Description of Problem The recently disclosed protocol flaw in SSLv3, referred to as CVE-2014-3566 or POODLE, could expose some deployments that support SSLv3 to a risk of an active Man in the Middle MITM attack. A successful attack could lead to the disclosure of the information that is being se...

4.3CVSS5.8AI score0.99999EPSS
Exploits7
OSV
OSV
added 2014/10/14 12:0 a.m.7 views

UBUNTU-CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

3.4CVSS6.7AI score0.99999EPSS
Exploits7References10
UbuntuCve
UbuntuCve
added 2014/10/14 12:0 a.m.55 views

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

4.3CVSS6.7AI score0.99999EPSS
Exploits7References9
CheckPoint Security
CheckPoint Security
added 2014/10/13 9:0 p.m.28 views

Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)

...

4.3CVSS1.8AI score0.99999EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2014/09/23 12:0 a.m.190 views

IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE)

The version of IBM Domino formerly Lotus Domino installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 2 FP2. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error...

10CVSS7.7AI score0.99999EPSS
Exploits8References36
Check Point Advisories
Check Point Advisories
added 2011/11/08 12:0 a.m.7 views

Microsoft Windows Secure Sockets Layer Version 3.0 (CVE-2004-0120)

Secure Socket Layer SSL is a cryptographic protocol that provides security and data integrity for communications over TCP/IP networks. The protocol is considered obsolete and insecure. This protection can detect and prevent connections attempting to use this protocol. In particular, this protecti...

5CVSS1.6AI score0.55583EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/10/12 12:0 a.m.7011 views

SSL Version 2 and 3 Protocol Detection

The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws, including: - An insecure padding scheme with CBC ciphers. - Insecure session renegotiation and resumption schemes. An attacker can exploit these flaws ...

5.7AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 1999/01/01 12:0 a.m.9 views

PT-2014-1693

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.1i OpenSSL through 1.0.1i PAN-OS versions 6.1.1 and earlier PAN-OS versions 6.0.7 and earlier PAN-OS versions 5.1.x and 5.0.x EOS versions 4.12.0 through 4.12.7.1 EOS versions 4.13.0 through 4.13.6 Apple mac os x...

4.3CVSS8.7AI score0.99999EPSS
Exploits7
Rows per page
Query Builder