National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-3566 Detail

Current Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Source:  MITRE      Last Modified:  10/14/2014      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2014-3566
Original release date:
10/14/2014
Last revised:
02/21/2018
Source:
US-CERT/NIST

Impact

CVSS Severity (version 3.0):
CVSS v3 Base Score:
6.8 Medium
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N (legend)
Impact Score:
4.0
Exploitability Score:
2.2
CVSS Version 3 Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None
CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc Third Party Advisory External Source NETBSD NetBSD-SA2014-015
http://advisories.mageia.org/MGASA-2014-0416.html Third Party Advisory External Source CONFIRM http://advisories.mageia.org/MGASA-2014-0416.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc Third Party Advisory External Source CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html Third Party Advisory External Source APPLE APPLE-SA-2014-10-16-1
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html Third Party Advisory External Source APPLE APPLE-SA-2014-10-16-3
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 Third Party Advisory External Source MISC http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html Third Party Advisory External Source MISC http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/ Third Party Advisory External Source CONFIRM http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx Third Party Advisory External Source CONFIRM http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf Third Party Advisory External Source CONFIRM http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
http://downloads.asterisk.org/pub/security/AST-2014-011.html Third Party Advisory External Source CONFIRM http://downloads.asterisk.org/pub/security/AST-2014-011.html
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html Third Party Advisory External Source MISC http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 Third Party Advisory External Source HP HPSBUX03281
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 Third Party Advisory External Source CONFIRM http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory External Source CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html Mailing List; Third Party Advisory External Source APPLE APPLE-SA-2015-01-27-4
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html Mailing List; Third Party Advisory External Source APPLE APPLE-SA-2015-09-16-2
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html Third Party Advisory External Source FEDORA FEDORA-2014-12951
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html Third Party Advisory External Source FEDORA FEDORA-2014-13069
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html Third Party Advisory External Source FEDORA FEDORA-2014-13012
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html Third Party Advisory External Source FEDORA FEDORA-2015-9110
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html Third Party Advisory External Source FEDORA FEDORA-2015-9090
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html Third Party Advisory External Source SUSE openSUSE-SU-2014:1331
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html Third Party Advisory External Source SUSE SUSE-SU-2014:1357
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html Third Party Advisory External Source SUSE SUSE-SU-2014:1361
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html Third Party Advisory External Source SUSE SUSE-SU-2014:1526
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html Third Party Advisory External Source SUSE SUSE-SU-2014:1549
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html Third Party Advisory External Source SUSE openSUSE-SU-2015:0190
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html Third Party Advisory External Source SUSE SUSE-SU-2015:0336
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html Third Party Advisory External Source SUSE SUSE-SU-2015:0344
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html Third Party Advisory External Source SUSE SUSE-SU-2015:0345
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html Third Party Advisory External Source SUSE SUSE-SU-2015:0376
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html Third Party Advisory External Source SUSE SUSE-SU-2015:0392
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html Third Party Advisory External Source SUSE SUSE-SU-2015:0503
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html Third Party Advisory External Source SUSE SUSE-SU-2015:0578
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Third Party Advisory External Source SUSE openSUSE-SU-2016:0640
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html Third Party Advisory External Source SUSE SUSE-SU-2016:1457
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html Third Party Advisory External Source SUSE SUSE-SU-2016:1459
http://marc.info/?l=bugtraq&m=141450452204552&w=2 Third Party Advisory External Source HP HPSBMU03152
http://marc.info/?l=bugtraq&m=141450973807288&w=2 Third Party Advisory External Source HP HPSBHF03156
http://marc.info/?l=bugtraq&m=141477196830952&w=2 Third Party Advisory External Source HP SSRT101767
http://marc.info/?l=bugtraq&m=141576815022399&w=2 Third Party Advisory External Source HP HPSBGN03191
http://marc.info/?l=bugtraq&m=141577087123040&w=2 Third Party Advisory External Source HP HPSBMU03184
http://marc.info/?l=bugtraq&m=141577350823734&w=2 Third Party Advisory External Source HP HPSBGN03164
http://marc.info/?l=bugtraq&m=141620103726640&w=2 Third Party Advisory External Source HP HPSBGN03192
http://marc.info/?l=bugtraq&m=141628688425177&w=2 Third Party Advisory External Source HP HPSBMU03183
http://marc.info/?l=bugtraq&m=141694355519663&w=2 Third Party Advisory External Source HP HPSBMU03214
http://marc.info/?l=bugtraq&m=141697638231025&w=2 Third Party Advisory External Source HP HPSBGN03201
http://marc.info/?l=bugtraq&m=141697676231104&w=2 Third Party Advisory External Source HP HPSBGN03203
http://marc.info/?l=bugtraq&m=141703183219781&w=2 Third Party Advisory External Source HP HPSBGN03202
http://marc.info/?l=bugtraq&m=141715130023061&w=2 Third Party Advisory External Source HP HPSBGN03209
http://marc.info/?l=bugtraq&m=141775427104070&w=2 Third Party Advisory External Source HP HPSBGN03205
http://marc.info/?l=bugtraq&m=141813976718456&w=2 Third Party Advisory External Source HP HPSBGN03222
http://marc.info/?l=bugtraq&m=141814011518700&w=2 Third Party Advisory External Source HP SSRT101838
http://marc.info/?l=bugtraq&m=141879378918327&w=2 Third Party Advisory External Source HP SSRT101849
http://marc.info/?l=bugtraq&m=142103967620673&w=2 Third Party Advisory External Source HP SSRT101779
http://marc.info/?l=bugtraq&m=142118135300698&w=2 Third Party Advisory External Source HP SSRT101868
http://marc.info/?l=bugtraq&m=142296755107581&w=2 Third Party Advisory External Source HP SSRT101854
http://marc.info/?l=bugtraq&m=142350196615714&w=2 Third Party Advisory External Source HP SSRT101897
http://marc.info/?l=bugtraq&m=142350298616097&w=2 Third Party Advisory External Source HP SSRT101898
http://marc.info/?l=bugtraq&m=142350743917559&w=2 Third Party Advisory External Source HP SSRT101896
http://marc.info/?l=bugtraq&m=142354438527235&w=2 Third Party Advisory External Source HP SSRT101899
http://marc.info/?l=bugtraq&m=142357976805598&w=2 Third Party Advisory External Source HP SSRT101928
http://marc.info/?l=bugtraq&m=142495837901899&w=2 Third Party Advisory External Source HP SSRT101894
http://marc.info/?l=bugtraq&m=142496355704097&w=2 Third Party Advisory External Source HP SSRT101951
http://marc.info/?l=bugtraq&m=142546741516006&w=2 Third Party Advisory External Source HP HPSBST03265
http://marc.info/?l=bugtraq&m=142607790919348&w=2 Third Party Advisory External Source HP SSRT101968
http://marc.info/?l=bugtraq&m=142624590206005&w=2 Third Party Advisory External Source HP HPSBMU03267
http://marc.info/?l=bugtraq&m=142624619906067 Third Party Advisory External Source HP SSRT101922
http://marc.info/?l=bugtraq&m=142624619906067&w=2 Third Party Advisory External Source HP HPSBMU03259
http://marc.info/?l=bugtraq&m=142624679706236&w=2 Third Party Advisory External Source HP SSRT101916
http://marc.info/?l=bugtraq&m=142624719706349&w=2 Third Party Advisory External Source HP SSRT101921
http://marc.info/?l=bugtraq&m=142660345230545&w=2 Third Party Advisory External Source HP SSRT101846
http://marc.info/?l=bugtraq&m=142721830231196&w=2 Third Party Advisory External Source HP SSRT101998
http://marc.info/?l=bugtraq&m=142721887231400&w=2 Third Party Advisory External Source HP SSRT101790
http://marc.info/?l=bugtraq&m=142740155824959&w=2 Third Party Advisory External Source HP SSRT101795
http://marc.info/?l=bugtraq&m=142791032306609&w=2 Third Party Advisory External Source HP HPSBMU03304
http://marc.info/?l=bugtraq&m=142804214608580&w=2 Third Party Advisory External Source HP HPSBHF03300
http://marc.info/?l=bugtraq&m=142805027510172&w=2 Third Party Advisory External Source HP HPSBST03195
http://marc.info/?l=bugtraq&m=142962817202793&w=2 Third Party Advisory External Source HP HPSBGN03305
http://marc.info/?l=bugtraq&m=143039249603103&w=2 Third Party Advisory External Source HP SSRT101892
http://marc.info/?l=bugtraq&m=143101048219218&w=2 Third Party Advisory External Source HP SSRT101834
http://marc.info/?l=bugtraq&m=143290371927178&w=2 Third Party Advisory External Source HP HPSBGN03332
http://marc.info/?l=bugtraq&m=143290437727362&w=2 Third Party Advisory External Source HP HPSBMU03263
http://marc.info/?l=bugtraq&m=143290522027658&w=2 Third Party Advisory External Source HP HPSBMU03261
http://marc.info/?l=bugtraq&m=143290583027876&w=2 Third Party Advisory External Source HP HPSBMU03223
http://marc.info/?l=bugtraq&m=143558137709884&w=2 Third Party Advisory External Source HP HPSBPI03107
http://marc.info/?l=bugtraq&m=143558192010071&w=2 Third Party Advisory External Source HP HPSBPI03360
http://marc.info/?l=bugtraq&m=143628269912142&w=2 Third Party Advisory External Source HP HPSBMU03234
http://marc.info/?l=bugtraq&m=144101915224472&w=2 Third Party Advisory External Source HP HPSBMU03416
http://marc.info/?l=bugtraq&m=144251162130364&w=2 Third Party Advisory External Source HP HPSBST03418
http://marc.info/?l=bugtraq&m=144294141001552&w=2 Third Party Advisory External Source HP HPSBGN03391
http://marc.info/?l=bugtraq&m=145983526810210&w=2 Third Party Advisory External Source HP HPSBGN03569
http://marc.info/?l=openssl-dev&m=141333049205629&w=2 Third Party Advisory External Source MLIST [openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE")
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html Third Party Advisory External Source CONFIRM http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
http://rhn.redhat.com/errata/RHSA-2014-1652.html Third Party Advisory External Source REDHAT RHSA-2014:1652
http://rhn.redhat.com/errata/RHSA-2014-1653.html Third Party Advisory External Source REDHAT RHSA-2014:1653
http://rhn.redhat.com/errata/RHSA-2014-1692.html Third Party Advisory External Source REDHAT RHSA-2014:1692
http://rhn.redhat.com/errata/RHSA-2014-1876.html Third Party Advisory External Source REDHAT RHSA-2014:1876
http://rhn.redhat.com/errata/RHSA-2014-1877.html Third Party Advisory External Source REDHAT RHSA-2014:1877
http://rhn.redhat.com/errata/RHSA-2014-1880.html Third Party Advisory External Source REDHAT RHSA-2014:1880
http://rhn.redhat.com/errata/RHSA-2014-1881.html Third Party Advisory External Source REDHAT RHSA-2014:1881
http://rhn.redhat.com/errata/RHSA-2014-1882.html Third Party Advisory External Source REDHAT RHSA-2014:1882
http://rhn.redhat.com/errata/RHSA-2014-1920.html Third Party Advisory External Source REDHAT RHSA-2014:1920
http://rhn.redhat.com/errata/RHSA-2014-1948.html Third Party Advisory External Source REDHAT RHSA-2014:1948
http://rhn.redhat.com/errata/RHSA-2015-0068.html Third Party Advisory External Source REDHAT RHSA-2015:0068
http://rhn.redhat.com/errata/RHSA-2015-0079.html Third Party Advisory External Source REDHAT RHSA-2015:0079
http://rhn.redhat.com/errata/RHSA-2015-0080.html Third Party Advisory External Source REDHAT RHSA-2015:0080
http://rhn.redhat.com/errata/RHSA-2015-0085.html Third Party Advisory External Source REDHAT RHSA-2015:0085
http://rhn.redhat.com/errata/RHSA-2015-0086.html Third Party Advisory External Source REDHAT RHSA-2015:0086
http://rhn.redhat.com/errata/RHSA-2015-0264.html Third Party Advisory External Source REDHAT RHSA-2015:0264
http://rhn.redhat.com/errata/RHSA-2015-0698.html Third Party Advisory External Source REDHAT RHSA-2015:0698
http://rhn.redhat.com/errata/RHSA-2015-1545.html Third Party Advisory External Source REDHAT RHSA-2015:1545
http://rhn.redhat.com/errata/RHSA-2015-1546.html Third Party Advisory External Source REDHAT RHSA-2015:1546
http://support.apple.com/HT204244 Third Party Advisory External Source CONFIRM http://support.apple.com/HT204244
http://support.citrix.com/article/CTX200238 Third Party Advisory External Source CONFIRM http://support.citrix.com/article/CTX200238
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle Third Party Advisory External Source CISCO 20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://www.debian.org/security/2014/dsa-3053 Third Party Advisory External Source DEBIAN DSA-3053
http://www.debian.org/security/2015/dsa-3144 Third Party Advisory External Source DEBIAN DSA-3144
http://www.debian.org/security/2015/dsa-3147 Third Party Advisory External Source DEBIAN DSA-3147
http://www.debian.org/security/2015/dsa-3253 Third Party Advisory External Source DEBIAN DSA-3253
http://www.debian.org/security/2016/dsa-3489 Third Party Advisory External Source DEBIAN DSA-3489
http://www.kb.cert.org/vuls/id/577193 Third Party Advisory; US Government Resource External Source CERT-VN VU#577193
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203 Third Party Advisory External Source MANDRIVA MDVSA-2014:203
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062 Third Party Advisory External Source MANDRIVA MDVSA-2015:062
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html Patch; Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html Patch; Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html Patch; Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Third Party Advisory External Source CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/archive/1/533746 Third Party Advisory; VDB Entry External Source APPLE APPLE-SA-2014-10-20-2
http://www.securityfocus.com/archive/1/533747 Third Party Advisory; VDB Entry External Source APPLE APPLE-SA-2014-10-20-1
http://www.securityfocus.com/archive/1/archive/1/533724/100/0/threaded Third Party Advisory; VDB Entry External Source APPLE APPLE-SA-2014-10-16-4
http://www.securityfocus.com/bid/70574 Third Party Advisory; VDB Entry External Source BID 70574
http://www.securitytracker.com/id/1031029 Third Party Advisory; VDB Entry External Source SECTRACK 1031029
http://www.securitytracker.com/id/1031039 Third Party Advisory; VDB Entry External Source SECTRACK 1031039
http://www.securitytracker.com/id/1031085 Third Party Advisory; VDB Entry External Source SECTRACK 1031085
http://www.securitytracker.com/id/1031086 Third Party Advisory; VDB Entry External Source SECTRACK 1031086
http://www.securitytracker.com/id/1031087 Third Party Advisory; VDB Entry External Source SECTRACK 1031087
http://www.securitytracker.com/id/1031088 Third Party Advisory; VDB Entry External Source SECTRACK 1031088
http://www.securitytracker.com/id/1031089 Third Party Advisory; VDB Entry External Source SECTRACK 1031089
http://www.securitytracker.com/id/1031090 Third Party Advisory; VDB Entry External Source SECTRACK 1031090
http://www.securitytracker.com/id/1031091 Third Party Advisory; VDB Entry External Source SECTRACK 1031091
http://www.securitytracker.com/id/1031092 Third Party Advisory; VDB Entry External Source SECTRACK 1031092
http://www.securitytracker.com/id/1031093 Third Party Advisory; VDB Entry External Source SECTRACK 1031093
http://www.securitytracker.com/id/1031094 Third Party Advisory; VDB Entry External Source SECTRACK 1031094
http://www.securitytracker.com/id/1031095 Third Party Advisory; VDB Entry External Source SECTRACK 1031095
http://www.securitytracker.com/id/1031096 Third Party Advisory; VDB Entry External Source SECTRACK 1031096
http://www.securitytracker.com/id/1031105 Third Party Advisory; VDB Entry External Source SECTRACK 1031105
http://www.securitytracker.com/id/1031106 Third Party Advisory; VDB Entry External Source SECTRACK 1031106
http://www.securitytracker.com/id/1031107 Third Party Advisory; VDB Entry External Source SECTRACK 1031107
http://www.securitytracker.com/id/1031120 Third Party Advisory; VDB Entry External Source SECTRACK 1031120
http://www.securitytracker.com/id/1031123 Third Party Advisory; VDB Entry External Source SECTRACK 1031123
http://www.securitytracker.com/id/1031124 Third Party Advisory; VDB Entry External Source SECTRACK 1031124
http://www.securitytracker.com/id/1031130 Third Party Advisory; VDB Entry External Source SECTRACK 1031130
http://www.securitytracker.com/id/1031131 Third Party Advisory; VDB Entry External Source SECTRACK 1031131
http://www.securitytracker.com/id/1031132 Third Party Advisory; VDB Entry External Source SECTRACK 1031132
http://www.ubuntu.com/usn/USN-2486-1 Vendor Advisory External Source UBUNTU USN-2486-1
http://www.ubuntu.com/usn/USN-2487-1 Vendor Advisory External Source UBUNTU USN-2487-1
http://www.us-cert.gov/ncas/alerts/TA14-290A Third Party Advisory; US Government Resource External Source CERT TA14-290A
http://www.vmware.com/security/advisories/VMSA-2015-0003.html Third Party Advisory External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2015-0003.html
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0 Third Party Advisory External Source CONFIRM http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431 Third Party Advisory External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439 Third Party Advisory External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
http://www-01.ibm.com/support/docview.wss?uid=swg21686997 Third Party Advisory External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
http://www-01.ibm.com/support/docview.wss?uid=swg21687172 Third Party Advisory External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21687172
http://www-01.ibm.com/support/docview.wss?uid=swg21687611 Third Party Advisory External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21687611
http://www-01.ibm.com/support/docview.wss?uid=swg21688283 Third Party Advisory External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21688283
http://www-01.ibm.com/support/docview.wss?uid=swg21692299 Third Party Advisory External Source CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21692299
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm Third Party Advisory External Source CONFIRM http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
https://access.redhat.com/articles/1232123 Third Party Advisory External Source CONFIRM https://access.redhat.com/articles/1232123
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ Third Party Advisory External Source CONFIRM https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6 Third Party Advisory External Source CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
https://bto.bluecoat.com/security-advisory/sa83 Third Party Advisory External Source CONFIRM https://bto.bluecoat.com/security-advisory/sa83
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983 Issue Tracking External Source CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
https://bugzilla.redhat.com/show_bug.cgi?id=1152789 Issue Tracking External Source CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1152789
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip Third Party Advisory External Source CONFIRM https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU Third Party Advisory External Source CONFIRM https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635 Third Party Advisory External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681 Third Party Advisory External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667 Third Party Advisory External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946 Third Party Advisory External Source CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kc.mcafee.com/corporate/index?page=content&id=SB10090 Third Party Advisory External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10090
https://kc.mcafee.com/corporate/index?page=content&id=SB10091 Third Party Advisory External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10091
https://kc.mcafee.com/corporate/index?page=content&id=SB10104 Third Party Advisory External Source CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10104
https://puppet.com/security/cve/poodle-sslv3-vulnerability Third Party Advisory External Source CONFIRM https://puppet.com/security/cve/poodle-sslv3-vulnerability
https://security.gentoo.org/glsa/201507-14 Third Party Advisory External Source GENTOO GLSA-201507-14
https://security.gentoo.org/glsa/201606-11 Third Party Advisory External Source GENTOO GLSA-201606-11
https://security.netapp.com/advisory/ntap-20141015-0001/ Third Party Advisory External Source CONFIRM https://security.netapp.com/advisory/ntap-20141015-0001/
https://support.apple.com/HT205217 Vendor Advisory External Source CONFIRM https://support.apple.com/HT205217
https://support.apple.com/kb/HT6527 Vendor Advisory External Source CONFIRM https://support.apple.com/kb/HT6527
https://support.apple.com/kb/HT6529 Vendor Advisory External Source CONFIRM https://support.apple.com/kb/HT6529
https://support.apple.com/kb/HT6531 Vendor Advisory External Source CONFIRM https://support.apple.com/kb/HT6531
https://support.apple.com/kb/HT6535 Vendor Advisory External Source CONFIRM https://support.apple.com/kb/HT6535
https://support.apple.com/kb/HT6536 Vendor Advisory External Source CONFIRM https://support.apple.com/kb/HT6536
https://support.apple.com/kb/HT6541 Vendor Advisory External Source CONFIRM https://support.apple.com/kb/HT6541
https://support.apple.com/kb/HT6542 Vendor Advisory External Source CONFIRM https://support.apple.com/kb/HT6542
https://support.citrix.com/article/CTX216642 Third Party Advisory External Source CONFIRM https://support.citrix.com/article/CTX216642
https://support.lenovo.com/product_security/poodle Third Party Advisory External Source CONFIRM https://support.lenovo.com/product_security/poodle
https://support.lenovo.com/us/en/product_security/poodle Third Party Advisory External Source CONFIRM https://support.lenovo.com/us/en/product_security/poodle
https://technet.microsoft.com/library/security/3009008.aspx Patch; Vendor Advisory External Source CONFIRM https://technet.microsoft.com/library/security/3009008.aspx
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html Third Party Advisory External Source CONFIRM https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html Third Party Advisory External Source MISC https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
https://www.elastic.co/blog/logstash-1-4-3-released Third Party Advisory External Source CONFIRM https://www.elastic.co/blog/logstash-1-4-3-released
https://www.imperialviolet.org/2014/10/14/poodle.html Third Party Advisory External Source MISC https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf Vendor Advisory External Source MISC https://www.openssl.org/~bodo/ssl-poodle.pdf
https://www.openssl.org/news/secadv_20141015.txt Vendor Advisory External Source CONFIRM https://www.openssl.org/news/secadv_20141015.txt
https://www.suse.com/support/kb/doc.php?id=7015773 Third Party Advisory External Source CONFIRM https://www.suse.com/support/kb/doc.php?id=7015773
https://www-01.ibm.com/support/docview.wss?uid=swg21688165 Third Party Advisory External Source CONFIRM https://www-01.ibm.com/support/docview.wss?uid=swg21688165

Technical Details

Vulnerability Type (View All)

Vulnerable software and versions Switch to CPE 2.2

Configuration 1
OR
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:76.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*    versions up to (including) 10.10.1
Configuration 4
OR
cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*
cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*
Configuration 5
OR
cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
Configuration 6
OR
cpe:2.3:o:novell:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
Configuration 7
OR
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Configuration 8
OR
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
Configuration 9
OR
cpe:2.3:o:ibm:vios:2.2.0.10:*:*:*:*:*:*:*
cpe:2.3:o:ibm:vios:2.2.0.11:*:*:*:*:*:*:*
cpe:2.3:o:ibm:vios:2.2.0.12:*:*:*:*:*:*:*
Configuration 10
Configuration 11
Configuration 12
Showing 100 of 148 CPEs, view all CPEs here.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History 58 change records found - show changes