U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE

NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. You will temporarily see delays in analysis efforts during this transition. We apologize for the inconvenience and ask for your patience as we work to improve the NVD program.

CVE-2014-3566 Detail

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.


Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score:  3.4 LOW
Vector:  CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N


NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. The CNA has not provided a score within the CVE List.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc Third Party Advisory 
http://advisories.mageia.org/MGASA-2014-0416.html Third Party Advisory 
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc Third Party Advisory 
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html Third Party Advisory 
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html Third Party Advisory 
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 Third Party Advisory 
http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html Third Party Advisory 
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/ Third Party Advisory 
http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx Third Party Advisory 
http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf Third Party Advisory 
http://downloads.asterisk.org/pub/security/AST-2014-011.html Third Party Advisory 
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html Third Party Advisory 
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 Third Party Advisory 
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 Third Party Advisory 
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory 
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html Mailing List  Third Party Advisory 
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html Mailing List  Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html Third Party Advisory 
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html Third Party Advisory 
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html Third Party Advisory 
http://marc.info/?l=bugtraq&m=141450452204552&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141450973807288&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141477196830952&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141576815022399&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141577087123040&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141577350823734&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141620103726640&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141628688425177&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141694355519663&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141697638231025&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141697676231104&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141703183219781&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141715130023061&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141775427104070&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141813976718456&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141814011518700&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=141879378918327&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142103967620673&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142118135300698&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142296755107581&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142350196615714&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142350298616097&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142350743917559&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142354438527235&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142357976805598&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142495837901899&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142496355704097&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142546741516006&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142607790919348&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142624590206005&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142624619906067 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142624619906067&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142624679706236&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142624719706349&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142660345230545&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142721830231196&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142721887231400&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142740155824959&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142791032306609&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142804214608580&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142805027510172&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=142962817202793&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143039249603103&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143101048219218&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143290371927178&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143290437727362&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143290522027658&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143290583027876&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143558137709884&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143558192010071&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=143628269912142&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=144101915224472&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=144251162130364&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=144294141001552&w=2 Third Party Advisory 
http://marc.info/?l=bugtraq&m=145983526810210&w=2 Third Party Advisory 
http://marc.info/?l=openssl-dev&m=141333049205629&w=2 Third Party Advisory 
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1652.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1653.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1692.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1876.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1877.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1880.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1881.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1882.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1920.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2014-1948.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-0068.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-0079.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-0080.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-0085.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-0086.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-0264.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-0698.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-1545.html Third Party Advisory 
http://rhn.redhat.com/errata/RHSA-2015-1546.html Third Party Advisory 
http://support.apple.com/HT204244 Third Party Advisory 
http://support.citrix.com/article/CTX200238 Third Party Advisory 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21686997 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21687172 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21687611 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21688283 Third Party Advisory 
http://www-01.ibm.com/support/docview.wss?uid=swg21692299 Third Party Advisory 
http://www.debian.org/security/2014/dsa-3053 Third Party Advisory 
http://www.debian.org/security/2015/dsa-3144 Third Party Advisory 
http://www.debian.org/security/2015/dsa-3147 Third Party Advisory 
http://www.debian.org/security/2015/dsa-3253 Third Party Advisory 
http://www.debian.org/security/2016/dsa-3489 Third Party Advisory 
http://www.kb.cert.org/vuls/id/577193 Third Party Advisory  US Government Resource 
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203 Third Party Advisory 
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 Third Party Advisory 
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Patch  Third Party Advisory 
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch  Third Party Advisory 
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch  Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Third Party Advisory 
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Third Party Advisory 
http://www.securityfocus.com/archive/1/533724/100/0/threaded Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/533746 Third Party Advisory  VDB Entry 
http://www.securityfocus.com/archive/1/533747 Third Party Advisory  VDB Entry 
http://www.securityfocus.com/bid/70574 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031029 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031039 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031085 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031086 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031087 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031088 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031089 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031090 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031091 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031092 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031093 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031094 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031095 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031096 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031105 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031106 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031107 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031120 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031123 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031124 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031130 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031131 Third Party Advisory  VDB Entry 
http://www.securitytracker.com/id/1031132 Third Party Advisory  VDB Entry 
http://www.ubuntu.com/usn/USN-2486-1 Vendor Advisory 
http://www.ubuntu.com/usn/USN-2487-1 Vendor Advisory 
http://www.us-cert.gov/ncas/alerts/TA14-290A Third Party Advisory  US Government Resource 
http://www.vmware.com/security/advisories/VMSA-2015-0003.html Third Party Advisory 
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 Third Party Advisory 
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm Third Party Advisory 
https://access.redhat.com/articles/1232123 Third Party Advisory 
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ Third Party Advisory 
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6 Third Party Advisory 
https://bto.bluecoat.com/security-advisory/sa83 Third Party Advisory 
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983 Issue Tracking 
https://bugzilla.redhat.com/show_bug.cgi?id=1152789 Issue Tracking 
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip Third Party Advisory 
https://github.com/mpgn/poodle-PoC Third Party Advisory 
https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635 Third Party Advisory 
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681 Third Party Advisory 
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 Third Party Advisory 
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory 
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Third Party Advisory  US Government Resource 
https://kc.mcafee.com/corporate/index?page=content&id=SB10090 Third Party Advisory 
https://kc.mcafee.com/corporate/index?page=content&id=SB10091 Third Party Advisory 
https://kc.mcafee.com/corporate/index?page=content&id=SB10104 Third Party Advisory 
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://puppet.com/security/cve/poodle-sslv3-vulnerability Third Party Advisory 
https://security.gentoo.org/glsa/201507-14 Third Party Advisory 
https://security.gentoo.org/glsa/201606-11 Third Party Advisory 
https://security.netapp.com/advisory/ntap-20141015-0001/ Third Party Advisory 
https://support.apple.com/HT205217 Vendor Advisory 
https://support.apple.com/kb/HT6527 Vendor Advisory 
https://support.apple.com/kb/HT6529 Vendor Advisory 
https://support.apple.com/kb/HT6531 Vendor Advisory 
https://support.apple.com/kb/HT6535 Vendor Advisory 
https://support.apple.com/kb/HT6536 Vendor Advisory 
https://support.apple.com/kb/HT6541 Vendor Advisory 
https://support.apple.com/kb/HT6542 Vendor Advisory 
https://support.citrix.com/article/CTX216642 Third Party Advisory 
https://support.lenovo.com/product_security/poodle Third Party Advisory 
https://support.lenovo.com/us/en/product_security/poodle Third Party Advisory 
https://technet.microsoft.com/library/security/3009008.aspx Patch  Vendor Advisory 
https://www-01.ibm.com/support/docview.wss?uid=swg21688165 Third Party Advisory 
https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html Third Party Advisory 
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html Third Party Advisory 
https://www.elastic.co/blog/logstash-1-4-3-released Third Party Advisory 
https://www.imperialviolet.org/2014/10/14/poodle.html Third Party Advisory 
https://www.openssl.org/news/secadv_20141015.txt Vendor Advisory 
https://www.openssl.org/~bodo/ssl-poodle.pdf Vendor Advisory 
https://www.suse.com/support/kb/doc.php?id=7015773 Third Party Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-310 Cryptographic Issues cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

103 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-3566
NVD Published Date:
10/14/2014
NVD Last Modified:
09/12/2023
Source:
Red Hat, Inc.