Vulnerability Note VU#577193

POODLE vulnerability in SSL 3.0

Original Release date: 17 Oct 2014 | Last revised: 21 Jan 2015


Many modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining (CBC) mode is used. This is commonly referred to as the "POODLE" (Padding Oracle On Downgraded Legacy Encryption) attack.


CWE-327: Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-3566

Multiple implementations of SSL 3.0, including the implementation in OpenSSL up to version 1.0.1i, support the use of CBC mode. However, SSL 3.0 is vulnerable to a padding-oracle attack when CBC mode is used. A successful padding-oracle attack can provide an attacker with cleartext information from the encrypted communications.

Additionally, many modern TLS clients still support the ability to fall back to the SSL 3.0 protocol in order to communicate with legacy servers. A man-in-the-middle attacker may be able to force the protocol version negotiation sequence to downgrade to SSL 3.0, thereby opening up the opportunity to exploit the padding-oracle attack.

For more information, please refer to the original security advisory.


An adjacent, unauthenticated attacker may be able to derive cleartext information from communications that utilize the SSL 3.0 protocol with CBC mode.


OpenSSL has fixed the issue in OpenSSL versions 1.0.1j, 1.0.0o, and 0.9.8zc. For other implementations of the protocol, please check with the appropriate maintainer or vendor to determine if the implementation is affected by this issue. Additionally, consider the following workaround:


If disabling SSL 3.0 is not possible, TLS client and server implementations should make use of the TLS_FALLBACK_SCSV cipher suite value to prevent man-in-the-middle attackers from forcing unnecessary protocol downgrades.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Inc.Affected-17 Oct 2014
Aruba Networks, Inc.Affected17 Oct 201420 Oct 2014
AttachmateAffected17 Oct 201427 Oct 2014
Microsoft CorporationAffected17 Oct 201421 Jan 2015
MozillaAffected-17 Oct 2014
NEC CorporationAffected-28 Oct 2014
Novell, Inc.Affected-27 Oct 2014
OpenSSLAffected-17 Oct 2014
SUSE LinuxAffected-27 Oct 2014
Legion of the Bouncy CastleNot Affected17 Oct 201420 Oct 2014
PeerSec NetworksNot Affected17 Oct 201420 Oct 2014
Apache-SSLUnknown17 Oct 201417 Oct 2014
Apache HTTP Server ProjectUnknown17 Oct 201417 Oct 2014
BotanUnknown17 Oct 201417 Oct 2014
CerticomUnknown17 Oct 201417 Oct 2014
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N
Temporal 3.6 E:F/RL:OF/RC:C
Environmental 3.6 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND



This document was written by Todd Lewellen.

Other Information

  • CVE IDs: CVE-2014-3566
  • Date Public: 14 Oct 2014
  • Date First Published: 17 Oct 2014
  • Date Last Updated: 21 Jan 2015
  • Document Revision: 28


If you have feedback, comments, or additional information about this vulnerability, please send us email.