Information Disclosure

OpenSSL is vulnerable to information disclosure. This is possible because the SSL protocol 3.0 uses a nondeterministic CBC padding allowing attackers to perform man-in-the-middle MitM attacks. This is also known as the POODLE issue...

[SECURITY] [DLA 400-1] pound security update

Package : pound Version : 2.6-1+deb6u1 CVE ID : CVE-2009-3555 CVE-2011-3389 CVE-2012-4929 CVE-2014-3566 This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as...

SUSE: Security Advisory for java-1_7_1-ibm (SUSE-SU-2014:1549-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2014-0553 Updated erlang packages fix security vulnerabilities

Updated erlang packages fixes security vulnerability: An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP command...

SuSE 11.3 Security Update : IBM Java (SAT Patch Number 9992)

java-160-ibm has been updated to version 1.6.0sr16.2 to fix 18 security issues. These security issues has been fixed : - Unspecified vulnerability in Oracle Java SE 6u81. CVE-2014-3065 - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding,...

SUSE-SU-2015:0343-1 Security update for IBM Java

java-170-ibm has been updated to version 1.7.0sr7.2 to fix 21 security issues. These security issues have been fixed: Unspecified vulnerability CVE-2014-3065. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for...

SSL 3.0 MITM Attack

A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-3566. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak...

SSL 3.0 MITM Attack

A vulnerability affecting most implementations of SSL 3.0 has been discovered that allows an attacker to decrypt some encrypted contents under certain conditions CVE-2014-3566. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak...

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue...

CVE-2014-3566

CVE-2014-3566 (POODLE) affects SSLv3 in AIX and related IBM components. IBM’s advisory (nettcp) states SSLv3 padding oracle vulnerability could allow MITM decryption of SSL sessions. Affected: AIX 6.1/7.1 and VIOS 2.2.x with vulnerable bos.net.tcp.client/server file sets (various lower/upper leve...