CVE-2014-3566 (aix, database, debian_linux, enterprise_linux, enterprise_linux_desktop, enterprise_linux_desktop_supplementary, enterprise_linux_server, enterprise_linux_server_supplementary, enterprise_linux_workstation, enterprise_linux_workstation_supplementary, fedora, mac_os_x, mageia, netbsd, openssl, opensuse, suse_linux_enterprise_desktop, suse_linux_enterprise_server, suse_linux_enterprise_software_development_kit, vios)

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

View Full Alert

Leave a Reply