Vulnerability Note VU#577193
POODLE vulnerability in SSL 3.0
Many modern TLS clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding-oracle attack when Cypher-block chaining (CBC) mode is used. This is commonly referred to as the "POODLE" (Padding Oracle On Downgraded Legacy Encryption) attack.
CWE-327: Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-3566
Multiple implementations of SSL 3.0, including the implementation in OpenSSL up to version 1.0.1i, support the use of CBC mode. However, SSL 3.0 is vulnerable to a padding-oracle attack when CBC mode is used. A successful padding-oracle attack can provide an attacker with cleartext information from the encrypted communications.
An adjacent, unauthenticated attacker may be able to derive cleartext information from communications that utilize the SSL 3.0 protocol with CBC mode.
OpenSSL has fixed the issue in OpenSSL versions 1.0.1j, 1.0.0o, and 0.9.8zc. For other implementations of the protocol, please check with the appropriate maintainer or vendor to determine if the implementation is affected by this issue. Additionally, consider the following workaround:
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Inc.||Affected||-||17 Oct 2014|
|Aruba Networks, Inc.||Affected||17 Oct 2014||20 Oct 2014|
|Attachmate||Affected||17 Oct 2014||27 Oct 2014|
|Microsoft Corporation||Affected||17 Oct 2014||21 Jan 2015|
|Mozilla||Affected||-||17 Oct 2014|
|NEC Corporation||Affected||-||28 Oct 2014|
|Novell, Inc.||Affected||-||27 Oct 2014|
|OpenSSL||Affected||-||17 Oct 2014|
|SUSE Linux||Affected||-||27 Oct 2014|
|Legion of the Bouncy Castle||Not Affected||17 Oct 2014||20 Oct 2014|
|PeerSec Networks||Not Affected||17 Oct 2014||20 Oct 2014|
|Apache-SSL||Unknown||17 Oct 2014||17 Oct 2014|
|Apache HTTP Server Project||Unknown||17 Oct 2014||17 Oct 2014|
|Botan||Unknown||17 Oct 2014||17 Oct 2014|
|Certicom||Unknown||17 Oct 2014||17 Oct 2014|
CVSS Metrics (Learn More)
This document was written by Todd Lewellen.
- CVE IDs: CVE-2014-3566
- Date Public: 14 Oct 2014
- Date First Published: 17 Oct 2014
- Date Last Updated: 21 Jan 2015
- Document Revision: 28
If you have feedback, comments, or additional information about this vulnerability, please send us email.