Описание
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1:19.1.6+dfsg-1ubuntu1 |
| devel | not-affected | 1:19.1.6+dfsg-1ubuntu1 |
| esm-infra-legacy/trusty | released | 1:16.b.3-dfsg-1ubuntu2.2 |
| esm-infra/xenial | not-affected | 1:18.3-dfsg-1ubuntu3 |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 1:16.b.3-dfsg-1ubuntu2.2 |
| trusty/esm | released | 1:16.b.3-dfsg-1ubuntu2.2 |
| upstream | released | 1:17.3-dfsg-4 |
Показывать по
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes w ...
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
4.3 Medium
CVSS2
5.9 Medium
CVSS3