Zurück zur CVE-Übersicht
CVE-2014-3566
LOW(3.4)CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Risk Signal Score37/100 — MITTEL
- EPSS 94% — sehr wahrscheinlich ausgenutzt
EPSS-Score
94%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
3.4
Technische Schwere
Beschreibung
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Referenzen
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
- http://advisories.mageia.org/MGASA-2014-0416.html
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
- http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vul...
- http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
- http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
- http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-rel...
- http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf