Summary
This host is installed with OpenSSL
and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow a
man-in-the-middle attackers gain access to the plain text data stream.
Impact Level: Application
Solution
Vendor released a patch to address this
vulnerabiliy, For updates contact vendor or refer to https://www.openssl.org
NOTE: The only correct way to fix POODLE is to disable SSL v3.0
Insight
The flaw is due to the block cipher
padding not being deterministic and not covered by the Message Authentication Code
Affected
OpenSSL through 1.0.1i
Detection
Send a SSLv3 request and check the
response.
References
Severity
Classification
-
CVE CVE-2014-3566 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Apple iTunes Multiple Vulnerabilities - Apr10
- Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)
- Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
- Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)