CVE-2014-3566 - Vulnerability Details

- SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Published: 2014-10-15

Score: 3.4 Low

EPSS: 100.0% High

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*
	cpe:2.3:o:ibm:aix:7.1:::::::*

Configuration 3 [-]

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:mageia:mageia:3.0:::::::*
	cpe:2.3:o:mageia:mageia:4.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3::::::
	cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3::::::
	cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3::::vmware::*
	cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*

Configuration 7 [-]

OR	cpe:2.3:o:fedoraproject:fedora:19:::::::*
	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*

Configuration 8 [-]

OR	cpe:2.3:a:openssl:openssl:0.9.8:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8b:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8c:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8d:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8e:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8f:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8g:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8h:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8i:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8j:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8k:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8l:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8m:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8m:beta1::::::
	cpe:2.3:a:openssl:openssl:0.9.8n:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8o:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8p:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8q:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8r:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8s:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8t:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8u:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8v:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8w:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8x:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8y:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8z:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8za:::::::*
	cpe:2.3:a:openssl:openssl:0.9.8zb:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::
	cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::
	cpe:2.3:a:openssl:openssl:1.0.0a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0f:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0g:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0h:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0i:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0j:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0k:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0l:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0m:::::::*
	cpe:2.3:a:openssl:openssl:1.0.0n:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1:beta1::::::
	cpe:2.3:a:openssl:openssl:1.0.1:beta2::::::
	cpe:2.3:a:openssl:openssl:1.0.1:beta3::::::
	cpe:2.3:a:openssl:openssl:1.0.1a:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1b:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1c:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1d:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1e:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1f:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1g:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1h:::::::*
	cpe:2.3:a:openssl:openssl:1.0.1i:::::::*

Configuration 9 [-]

OR	cpe:2.3:a:ibm:vios:2.2.0.10:::::::*
	cpe:2.3:a:ibm:vios:2.2.0.11:::::::*
	cpe:2.3:a:ibm:vios:2.2.0.12:::::::*
	cpe:2.3:a:ibm:vios:2.2.0.13:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.0:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.1:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.3:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.4:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.5:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.6:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.7:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.8:::::::*
	cpe:2.3:a:ibm:vios:2.2.1.9:::::::*
	cpe:2.3:a:ibm:vios:2.2.2.0:::::::*
	cpe:2.3:a:ibm:vios:2.2.2.1:::::::*
	cpe:2.3:a:ibm:vios:2.2.2.2:::::::*
	cpe:2.3:a:ibm:vios:2.2.2.3:::::::*
	cpe:2.3:a:ibm:vios:2.2.2.4:::::::*
	cpe:2.3:a:ibm:vios:2.2.2.5:::::::*
	cpe:2.3:a:ibm:vios:2.2.3.0:::::::*
	cpe:2.3:a:ibm:vios:2.2.3.1:::::::*
	cpe:2.3:a:ibm:vios:2.2.3.2:::::::*
	cpe:2.3:a:ibm:vios:2.2.3.3:::::::*
	cpe:2.3:a:ibm:vios:2.2.3.4:::::::*

Configuration 10 [-]

OR	cpe:2.3:o:netbsd:netbsd:5.1:::::::*
	cpe:2.3:o:netbsd:netbsd:5.1.1:::::::*
	cpe:2.3:o:netbsd:netbsd:5.1.2:::::::*
	cpe:2.3:o:netbsd:netbsd:5.1.3:::::::*
	cpe:2.3:o:netbsd:netbsd:5.1.4:::::::*
	cpe:2.3:o:netbsd:netbsd:5.2:::::::*
	cpe:2.3:o:netbsd:netbsd:5.2.1:::::::*
	cpe:2.3:o:netbsd:netbsd:5.2.2:::::::*
	cpe:2.3:o:netbsd:netbsd:6.0:::::::*
	cpe:2.3:o:netbsd:netbsd:6.0:beta::::::
	cpe:2.3:o:netbsd:netbsd:6.0.1:::::::*
	cpe:2.3:o:netbsd:netbsd:6.0.2:::::::*
	cpe:2.3:o:netbsd:netbsd:6.0.3:::::::*
	cpe:2.3:o:netbsd:netbsd:6.0.4:::::::*
	cpe:2.3:o:netbsd:netbsd:6.0.5:::::::*
	cpe:2.3:o:netbsd:netbsd:6.0.6:::::::*
	cpe:2.3:o:netbsd:netbsd:6.1:::::::*
	cpe:2.3:o:netbsd:netbsd:6.1.1:::::::*
	cpe:2.3:o:netbsd:netbsd:6.1.2:::::::*
	cpe:2.3:o:netbsd:netbsd:6.1.3:::::::*
	cpe:2.3:o:netbsd:netbsd:6.1.4:::::::*
	cpe:2.3:o:netbsd:netbsd:6.1.5:::::::*

Configuration 11 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 12 [-]

OR	cpe:2.3:a:oracle:database:11.2.0.4:::::::*
	cpe:2.3:a:oracle:database:12.1.0.2:::::::*

Package	CPE	Advisory	Released Date
Oracle Java for Red Hat Enterprise Linux 5
java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:0079	2015-01-22T00:00:00Z
java-1.6.0-sun-1:1.6.0.91-1jpp.1.el5_11	cpe:/a:redhat:rhel_extras_oracle_java:5	RHSA-2015:0086	2015-01-26T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 6
java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:0079	2015-01-22T00:00:00Z
java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:0080	2015-01-22T00:00:00Z
java-1.6.0-sun-1:1.6.0.91-1jpp.1.el6	cpe:/a:redhat:rhel_extras_oracle_java:6	RHSA-2015:0086	2015-01-26T00:00:00Z
Oracle Java for Red Hat Enterprise Linux 7
java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:0079	2015-01-22T00:00:00Z
java-1.6.0-sun-1:1.6.0.91-1jpp.1.el7	cpe:/a:redhat:rhel_extras_oracle_java:7	RHSA-2015:0086	2015-01-26T00:00:00Z
Red Hat Enterprise Linux 5
java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:0068	2015-01-20T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:0085	2015-01-26T00:00:00Z
Red Hat Enterprise Linux 5 Supplementary
java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2014:1876	2014-11-19T00:00:00Z
java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2014:1877	2014-11-19T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2014:1881	2014-11-20T00:00:00Z
Red Hat Enterprise Linux 6
java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0067	2015-01-21T00:00:00Z
java-1.8.0-openjdk-1:1.8.0.31-1.b13.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0069	2015-01-21T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0085	2015-01-26T00:00:00Z
Red Hat Enterprise Linux 7
nspr-0:4.10.6-3.el7	cpe:/o:redhat:enterprise_linux:7	RHBA-2015:0364	2015-03-05T00:00:00Z
nss-0:3.16.2.3-5.el7	cpe:/o:redhat:enterprise_linux:7	RHBA-2015:0364	2015-03-05T00:00:00Z
nss-softokn-0:3.16.2.3-9.el7	cpe:/o:redhat:enterprise_linux:7	RHBA-2015:0364	2015-03-05T00:00:00Z
nss-util-0:3.16.2.3-2.el7	cpe:/o:redhat:enterprise_linux:7	RHBA-2015:0364	2015-03-05T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.75-2.5.4.2.el7_0	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0067	2015-01-21T00:00:00Z
java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el7_0	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0085	2015-01-26T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5.2
	cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0	RHSA-2015:0010	2015-01-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.3
openssl	cpe:/a:redhat:jboss_enterprise_application_platform:6.3	RHSA-2015:0012	2015-01-05T00:00:00Z
Red Hat JBoss Web Platform 5.2
	cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0	RHSA-2015:0011	2015-01-05T00:00:00Z
Red Hat JBoss Web Server 2.1
openssl	cpe:/a:redhat:jboss_enterprise_web_server:2.1	RHSA-2014:1920	2014-12-01T00:00:00Z
Red Hat OpenShift Enterprise 2.0
openshift-origin-node-proxy-0:1.16.4.2-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1546	2015-08-04T00:00:00Z
Red Hat OpenShift Enterprise 2.1
openshift-origin-node-proxy-0:1.22.3.4-1.el6op	cpe:/a:redhat:openshift:2.0::el6	RHSA-2015:1545	2015-08-04T00:00:00Z
Red Hat Satellite 5.6
java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6	cpe:/a:redhat:network_satellite:5.6::el5	RHSA-2015:0264	2015-02-24T00:00:00Z
Red Hat Satellite 6.0
candlepin-0:0.9.23.1-1.el6	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
foreman-0:1.6.0.49-1.el7sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
katello-agent-0:1.5.3-6.el6sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
pulp-0:2.4.3-1.el6sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
pulp-nodes-0:2.4.3-0.1.beta.el6sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
pulp-puppet-0:2.4.3-1.el6sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
pulp-rpm-0:2.4.3-1.el7sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
ruby193-rubygem-katello-0:1.5.0-93.el6sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
rubygem-apipie-bindings-0:0.0.8-2.el7sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
rubygem-hammer_cli_import-0:0.10.4-1.3.el7sat	cpe:/a:redhat:satellite:6.0::el6	RHBA-2014:1857	2014-11-13T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2014:1877	2014-11-19T00:00:00Z
java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2014:1880	2014-11-20T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2014:1881	2014-11-20T00:00:00Z
java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2014:1882	2014-11-20T00:00:00Z
Supplementary for Red Hat Enterprise Linux 7
java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el7_0	cpe:/a:redhat:rhel_extras:7	RHSA-2014:1880	2014-11-20T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-81-1	openssl security update
Debian DLA	DLA-157-1	openjdk-6 security update
Debian DLA	DLA-282-1	lighttpd security update
Debian DLA	DLA-400-1	pound security update
Debian DSA	DSA-3053-1	openssl security update
Debian DSA	DSA-3144-1	openjdk-7 security update
Debian DSA	DSA-3147-1	openjdk-6 security update
Debian DSA	DSA-3253-1	pound security update
Debian DSA	DSA-3489-1	lighttpd security update
Ubuntu USN	USN-2486-1	OpenJDK 6 vulnerabilities
Ubuntu USN	USN-2487-1	OpenJDK 7 vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.99999.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
http://advisories.mageia.org/MGASA-2014-0416.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
http://downloads.asterisk.org/pub/security/AST-2014-011.html
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
http://marc.info/?l=bugtraq&m=141450452204552&w=2
http://marc.info/?l=bugtraq&m=141450973807288&w=2
http://marc.info/?l=bugtraq&m=141477196830952&w=2
http://marc.info/?l=bugtraq&m=141576815022399&w=2
http://marc.info/?l=bugtraq&m=141577087123040&w=2
http://marc.info/?l=bugtraq&m=141577350823734&w=2
http://marc.info/?l=bugtraq&m=141620103726640&w=2
http://marc.info/?l=bugtraq&m=141628688425177&w=2
http://marc.info/?l=bugtraq&m=141694355519663&w=2
http://marc.info/?l=bugtraq&m=141697638231025&w=2
http://marc.info/?l=bugtraq&m=141697676231104&w=2
http://marc.info/?l=bugtraq&m=141703183219781&w=2
http://marc.info/?l=bugtraq&m=141715130023061&w=2
http://marc.info/?l=bugtraq&m=141775427104070&w=2
http://marc.info/?l=bugtraq&m=141813976718456&w=2
http://marc.info/?l=bugtraq&m=141814011518700&w=2
http://marc.info/?l=bugtraq&m=141879378918327&w=2
http://marc.info/?l=bugtraq&m=142103967620673&w=2
http://marc.info/?l=bugtraq&m=142118135300698&w=2
http://marc.info/?l=bugtraq&m=142296755107581&w=2
http://marc.info/?l=bugtraq&m=142350196615714&w=2
http://marc.info/?l=bugtraq&m=142350298616097&w=2
http://marc.info/?l=bugtraq&m=142350743917559&w=2
http://marc.info/?l=bugtraq&m=142354438527235&w=2
http://marc.info/?l=bugtraq&m=142357976805598&w=2
http://marc.info/?l=bugtraq&m=142495837901899&w=2
http://marc.info/?l=bugtraq&m=142496355704097&w=2
http://marc.info/?l=bugtraq&m=142546741516006&w=2
http://marc.info/?l=bugtraq&m=142607790919348&w=2
http://marc.info/?l=bugtraq&m=142624590206005&w=2
http://marc.info/?l=bugtraq&m=142624619906067
http://marc.info/?l=bugtraq&m=142624619906067&w=2
http://marc.info/?l=bugtraq&m=142624679706236&w=2
http://marc.info/?l=bugtraq&m=142624719706349&w=2
http://marc.info/?l=bugtraq&m=142660345230545&w=2
http://marc.info/?l=bugtraq&m=142721830231196&w=2
http://marc.info/?l=bugtraq&m=142721887231400&w=2
http://marc.info/?l=bugtraq&m=142740155824959&w=2
http://marc.info/?l=bugtraq&m=142791032306609&w=2
http://marc.info/?l=bugtraq&m=142804214608580&w=2
http://marc.info/?l=bugtraq&m=142805027510172&w=2
http://marc.info/?l=bugtraq&m=142962817202793&w=2
http://marc.info/?l=bugtraq&m=143039249603103&w=2
http://marc.info/?l=bugtraq&m=143101048219218&w=2
http://marc.info/?l=bugtraq&m=143290371927178&w=2
http://marc.info/?l=bugtraq&m=143290437727362&w=2
http://marc.info/?l=bugtraq&m=143290522027658&w=2
http://marc.info/?l=bugtraq&m=143290583027876&w=2
http://marc.info/?l=bugtraq&m=143558137709884&w=2
http://marc.info/?l=bugtraq&m=143558192010071&w=2
http://marc.info/?l=bugtraq&m=143628269912142&w=2
http://marc.info/?l=bugtraq&m=144101915224472&w=2
http://marc.info/?l=bugtraq&m=144251162130364&w=2
http://marc.info/?l=bugtraq&m=144294141001552&w=2
http://marc.info/?l=bugtraq&m=145983526810210&w=2
http://marc.info/?l=openssl-dev&m=141333049205629&w=2
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
http://rhn.redhat.com/errata/RHSA-2014-1652.html
http://rhn.redhat.com/errata/RHSA-2014-1653.html
http://rhn.redhat.com/errata/RHSA-2014-1692.html
http://rhn.redhat.com/errata/RHSA-2014-1876.html
http://rhn.redhat.com/errata/RHSA-2014-1877.html
http://rhn.redhat.com/errata/RHSA-2014-1880.html
http://rhn.redhat.com/errata/RHSA-2014-1881.html
http://rhn.redhat.com/errata/RHSA-2014-1882.html
http://rhn.redhat.com/errata/RHSA-2014-1920.html
http://rhn.redhat.com/errata/RHSA-2014-1948.html
http://rhn.redhat.com/errata/RHSA-2015-0068.html
http://rhn.redhat.com/errata/RHSA-2015-0079.html
http://rhn.redhat.com/errata/RHSA-2015-0080.html
http://rhn.redhat.com/errata/RHSA-2015-0085.html
http://rhn.redhat.com/errata/RHSA-2015-0086.html
http://rhn.redhat.com/errata/RHSA-2015-0264.html
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://rhn.redhat.com/errata/RHSA-2015-1545.html
http://rhn.redhat.com/errata/RHSA-2015-1546.html
http://secunia.com/advisories/59627
http://secunia.com/advisories/60056
http://secunia.com/advisories/60206
http://secunia.com/advisories/60792
http://secunia.com/advisories/60859
http://secunia.com/advisories/61019
http://secunia.com/advisories/61130
http://secunia.com/advisories/61303
http://secunia.com/advisories/61316
http://secunia.com/advisories/61345
http://secunia.com/advisories/61359
http://secunia.com/advisories/61782
http://secunia.com/advisories/61810
http://secunia.com/advisories/61819
http://secunia.com/advisories/61825
http://secunia.com/advisories/61827
http://secunia.com/advisories/61926
http://secunia.com/advisories/61995
http://support.apple.com/HT204244
http://support.citrix.com/article/CTX200238
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www-01.ibm.com/support/docview.wss?uid=swg21687172
http://www-01.ibm.com/support/docview.wss?uid=swg21687611
http://www-01.ibm.com/support/docview.wss?uid=swg21688283
http://www-01.ibm.com/support/docview.wss?uid=swg21692299
http://www.debian.org/security/2014/dsa-3053
http://www.debian.org/security/2015/dsa-3144
http://www.debian.org/security/2015/dsa-3147
http://www.debian.org/security/2015/dsa-3253
http://www.debian.org/security/2016/dsa-3489
http://www.kb.cert.org/vuls/id/577193
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/archive/1/533724/100/0/threaded
http://www.securityfocus.com/archive/1/533746
http://www.securityfocus.com/archive/1/533747
http://www.securityfocus.com/bid/70574
http://www.securitytracker.com/id/1031029
http://www.securitytracker.com/id/1031039
http://www.securitytracker.com/id/1031085
http://www.securitytracker.com/id/1031086
http://www.securitytracker.com/id/1031087
http://www.securitytracker.com/id/1031088
http://www.securitytracker.com/id/1031089
http://www.securitytracker.com/id/1031090
http://www.securitytracker.com/id/1031091
http://www.securitytracker.com/id/1031092
http://www.securitytracker.com/id/1031093
http://www.securitytracker.com/id/1031094
http://www.securitytracker.com/id/1031095
http://www.securitytracker.com/id/1031096
http://www.securitytracker.com/id/1031105
http://www.securitytracker.com/id/1031106
http://www.securitytracker.com/id/1031107
http://www.securitytracker.com/id/1031120
http://www.securitytracker.com/id/1031123
http://www.securitytracker.com/id/1031124
http://www.securitytracker.com/id/1031130
http://www.securitytracker.com/id/1031131
http://www.securitytracker.com/id/1031132
http://www.ubuntu.com/usn/USN-2486-1
http://www.ubuntu.com/usn/USN-2487-1
http://www.us-cert.gov/ncas/alerts/TA14-290A
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
https://access.redhat.com/articles/1232123
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
https://bto.bluecoat.com/security-advisory/sa83
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
https://bugzilla.redhat.com/show_bug.cgi?id=1152789
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
https://github.com/mpgn/poodle-PoC
https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://kc.mcafee.com/corporate/index?page=content&id=SB10090
https://kc.mcafee.com/corporate/index?page=content&id=SB10091
https://kc.mcafee.com/corporate/index?page=content&id=SB10104
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2014-3566
https://puppet.com/security/cve/poodle-sslv3-vulnerability
https://security.gentoo.org/glsa/201507-14
https://security.gentoo.org/glsa/201606-11
https://security.netapp.com/advisory/ntap-20141015-0001/
https://support.apple.com/HT205217
https://support.apple.com/kb/HT6527
https://support.apple.com/kb/HT6529
https://support.apple.com/kb/HT6531
https://support.apple.com/kb/HT6535
https://support.apple.com/kb/HT6536
https://support.apple.com/kb/HT6541
https://support.apple.com/kb/HT6542
https://support.citrix.com/article/CTX216642
https://support.lenovo.com/product_security/poodle
https://support.lenovo.com/us/en/product_security/poodle
https://technet.microsoft.com/library/security/3009008.aspx
https://templatelab.com/ssl-poodle/
https://www-01.ibm.com/support/docview.wss?uid=swg21688165
https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
https://www.cve.org/CVERecord?id=CVE-2014-3566
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
https://www.elastic.co/blog/logstash-1-4-3-released
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/news/secadv_20141015.txt
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://www.suse.com/support/kb/doc.php?id=7015773

History

Thu, 28 May 2026 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-329
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 27 Nov 2024 20:45:00 +0000

Type	Values Removed	Values Added
References		https://templatelab.com/ssl-poodle/

Subscriptions

Apple Mac Os X

Debian Debian Linux

Fedoraproject Fedora

Ibm Aix Vios

Mageia Mageia

Netbsd Netbsd

Novell Suse Linux Enterprise Desktop Suse Linux Enterprise Server Suse Linux Enterprise Software Development Kit

Openssl Openssl

Opensuse Opensuse

Oracle Database

Redhat Enterprise Linux Enterprise Linux Desktop Enterprise Linux Desktop Supplementary Enterprise Linux Server Enterprise Linux Server Supplementary Enterprise Linux Workstation Enterprise Linux Workstation Supplementary Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Web Server Network Satellite Openshift Rhel Extras Rhel Extras Oracle Java Satellite

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-10-15T00:00:00.000Z

Updated: 2026-05-28T17:35:01.304Z

Reserved: 2014-05-14T00:00:00.000Z

Link: CVE-2014-3566

Vulnrichment

Updated: 2024-11-27T19:31:57.733Z

NVD

Status : Modified

Published: 2014-10-15T00:55:02.137

Modified: 2026-06-17T00:08:29.637

Link: CVE-2014-3566

Redhat

Severity : Important

Publid Date: 2014-10-14T00:00:00Z

Links: CVE-2014-3566 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object