Security Bulletin: Vulnerability in SSLv3 affects Rational DOORS Web Access (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 can be enabled in IBM Rational DOORS Web Access. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts lik...

Security Bulletin: Vulnerability in SSLv3 affects DataPower (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled by default in DataPower. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerability in RC4 stream cipher affects Tivoli Storage Manager Administration Center (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" Attack for SSL/TLS affects Tivoli Storage Manager Administration Center Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...

Security Bulletin: Vulnerability in SSLv3 affects IBM Content Navigator (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in the Knowledge Center for IBM Content Navigator V2.0.3. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote...

Security Bulletin: Vulnerability in SSLv3 affects IBM Cognos Metrics Manager (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Cognos Metrics Manager. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerability in SSLv3 affects IBM Cognos Command Center (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Cognos Command Center. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : Product could allow a remote attacker to obtain sensitive...

[SECURITY] [DLA 282-1] lighttpd security update

Package : lighttpd Version : 1.4.28-2+squeeze1.7 CVE ID : CVE-2014-3566 Debian Bug : 765702 This update allows to disable SSLv3 in lighttpd in order to protect against the POODLE attack. SSLv3 is now disabled by default and can be reenabled if needed using the ssl.use-sslv3 option...

MGASA-2014-0553 Updated erlang packages fix security vulnerabilities

Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP command...

OracleVM 2.2 : xen (OVMSA-2014-0028)

The remote OracleVM system is missing necessary patches to address critical security updates : - Backport xend: disable sslv3 due to CVE-2014-356 19831405 - libxc: Support set affinity for more than 64 CPUs 18938789 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this...

SuSE 11.3 Security Update : openwsman (SAT Patch Number 9902)

This update adds a configuration option to disable SSLv2 and SSLv3 in openwsman. This is required to mitigate CVE-2014-3566. To use the new option, edit /etc/openwsman/openwsman.conf and add the following line to the server section : ssldisabledprotocols = SSLv2 SSLv3 %NASLMINLEVEL 70300 C Tenabl...