Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3566

Опубликовано: 14 окт. 2014
Источник: redhat
CVSS2: 5
EPSS Критический

Описание

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

Отчет

This issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1. This issue affects the version of nss as shipped with Red Hat Enterprise Linux 5, 6 and 7. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/articles/1232123

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1jenkinsWill not fix
OpenStack ForemanpuppetWill not fix
Red Hat Enterprise Linux 5gnutlsUnder investigation
Red Hat Enterprise Linux 5nssAffected
Red Hat Enterprise Linux 5openssl097aAffected
Red Hat Enterprise Linux 6gnutlsUnder investigation
Red Hat Enterprise Linux 6nssAffected
Red Hat Enterprise Linux 7gnutlsUnder investigation
Red Hat Enterprise Linux 7openssl098eAffected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)puppetWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-636
Дефект:
CWE-757
https://bugzilla.redhat.com/show_bug.cgi?id=1152789SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

EPSS

Процентиль: 100%
0.94015
Критический

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3566

CVSS3: 3.4
ubuntu
около 11 лет назад

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

nvd логотип

CVE-2014-3566

CVSS3: 3.4
nvd
около 11 лет назад

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

debian логотип

CVE-2014-3566

CVSS3: 3.4
debian
около 11 лет назад

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...

suse-cvrf логотип

openSUSE-SU-2017:0980-1

suse-cvrf
больше 8 лет назад

Security update for slrn

suse-cvrf логотип

SUSE-RU-2015:1175-1

suse-cvrf
больше 10 лет назад

Recommended update for Package Management Stack

EPSS

Процентиль: 100%
0.94015
Критический

5 Medium

CVSS2