Информационная безопасность
[RU] switch to English


CVECVE-2014-3566
СтатусCandidate
ОписаниеThe SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Важность
Medium
CVSS score4,3
CVSS vector(AV:N/AC:M/Au:N/C:P/I:N/A:N)
PhaseAssigned (18.09.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3566
ReferencesSECTRACK : 1031029
 SECTRACK : 1031039
 SECTRACK : 1031085
 SECTRACK : 1031086
 SECTRACK : 1031087
 SECTRACK : 1031088
 SECTRACK : 1031089
 SECTRACK : 1031090
 SECTRACK : 1031091
 SECTRACK : 1031092
 SECTRACK : 1031093
 SECTRACK : 1031094
 SECTRACK : 1031095
 SECTRACK : 1031096
 SECTRACK : 1031105
 SECTRACK : 1031106
 SECTRACK : 1031107
 SECTRACK : 1031120
 SECTRACK : 1031123
 SECTRACK : 1031124
 SECTRACK : 1031130
 SECTRACK : 1031131
 SECTRACK : 1031132
 CISCO : 20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
 SECUNIA : 59627
 SECUNIA : 60056
 SECUNIA : 60206
 SECUNIA : 60792
 SECUNIA : 60859
 SECUNIA : 61019
 SECUNIA : 61130
 SECUNIA : 61303
 SECUNIA : 61316
 SECUNIA : 61345
 SECUNIA : 61359
 SECUNIA : 61782
 SECUNIA : 61810
 SECUNIA : 61819
 SECUNIA : 61825
 SECUNIA : 61827
 SECUNIA : 61926
 SECUNIA : 61995
 BID : 70574
 APPLE : APPLE-SA-2014-10-16-1
 APPLE : APPLE-SA-2014-10-16-3
 APPLE : APPLE-SA-2014-10-16-4
 APPLE : APPLE-SA-2014-10-20-1
 APPLE : APPLE-SA-2014-10-20-2
 DEBIAN : DSA-3053
 FEDORA : FEDORA-2014-12951
 FEDORA : FEDORA-2014-13012
 FEDORA : FEDORA-2014-13069
 HP : HPSBHF03156
 HP : HPSBMU03152
 HP : HPSBUX03162
 CONFIRM : http://advisories.mageia.org/MGASA-2014-0416.html
 CONFIRM : http://aix.software.ibm.com/aix/efixes/security/op...
 MISC : http://askubuntu.com/questions/537196/how-do-i-pat...
 MISC : http://blog.cryptographyengineering.com/2014/10/at...
 CONFIRM : http://blog.nodejs.org/2014/10/23/node-v0-10-33-st...
 CONFIRM : http://blogs.technet.com/b/msrc/archive/2014/10/14...
 MISC : http://googleonlinesecurity.blogspot.com/2014/10/t...
 CONFIRM : http://people.canonical.com/~ubuntu-security/cve/2...
 CONFIRM : http://support.citrix.com/article/CTX200238
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=isg3...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=isg3...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : http://www-01.ibm.com/support/docview.wss?uid=swg2...
 CONFIRM : https://access.redhat.com/articles/1232123
 CONFIRM : https://blog.mozilla.org/security/2014/10/14/the-p...
 CONFIRM : https://blogs.oracle.com/sunsecurity/entry/multipl...
 CONFIRM : https://bto.bluecoat.com/security-advisory/sa83
 CONFIRM : https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=1152789
 CONFIRM : https://devcentral.f5.com/articles/cve-2014-3566-r...
 CONFIRM : https://groups.google.com/forum/#!topic/docker-use...
 CONFIRM : https://support.apple.com/kb/HT6527
 CONFIRM : https://support.apple.com/kb/HT6529
 CONFIRM : https://support.apple.com/kb/HT6531
 CONFIRM : https://support.apple.com/kb/HT6535
 CONFIRM : https://support.apple.com/kb/HT6536
 CONFIRM : https://support.apple.com/kb/HT6541
 CONFIRM : https://support.apple.com/kb/HT6542
 CONFIRM : https://technet.microsoft.com/library/security/300...
 MISC : https://www.dfranke.us/posts/2014-10-14-how-poodle...
 MISC : https://www.imperialviolet.org/2014/10/14/poodle.html
 CONFIRM : https://www.openssl.org/news/secadv_20141015.txt
 MISC : https://www.openssl.org/~bodo/ssl-poodle.pdf
 CONFIRM : https://www.suse.com/support/kb/doc.php?id=7015773
 MANDRIVA : MDVSA-2014:203
 NETBSD : NetBSD-SA2014-015
 SUSE : openSUSE-SU-2014:1331
 REDHAT : RHSA-2014:1652
 REDHAT : RHSA-2014:1653
 REDHAT : RHSA-2014:1692
 HP : SSRT101767
 SUSE : SUSE-SU-2014:1357
 SUSE : SUSE-SU-2014:1361
 CERT : TA14-290A
 CERT-VN : VU#577193
 MLIST : [openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE")
SecurityVulns:Уязвимости безопасности в Apple TV
 Многочисленные уязвимости безопасности в Apple iOS
 Многочисленные уязвимости безопасности в Oracle / Sun / PeopleSoft / MySQL
 Многочисленные уязвимости безопасности в Oracle / Sun / PeopleSoft / MySQL
 Многочисленные уязвимости безопасности в Apple OS X / OS X Server
 Многочисленные уязвимости безопасности в OpenSSL
 Многочисленные уязвимости безопасности в Oracle / Sun / PeopleSoft / MySQL
 Утечка данных в Mozilla nss
 Многочисленные уязвимости безопасности в Apple Mac OS X
 Многочисленные уязвимости безопасности в Apple Xcode
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород