Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
1

CVE-2014-3566

Disclosure Date: October 15, 2014
CVE-2014-3566 CVSS v3 Base Score: 3.4
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
3.4 Low
Impact Score:
1.4
Exploitability Score:
1.6
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
auxiliary/scanner/http/ssl_version
Reporter
Unknown

Vendors

  • apple,
  • debian,
  • fedoraproject,
  • ibm,
  • mageia,
  • netbsd,
  • novell,
  • openssl,
  • opensuse,
  • oracle,
  • redhat

Products

  • aix 5.3,
  • aix 6.1,
  • aix 7.1,
  • database 11.2.0.4,
  • database 12.1.0.2,
  • debian linux 7.0,
  • debian linux 8.0,
  • enterprise linux 5,
  • enterprise linux desktop 6.0,
  • enterprise linux desktop 7.0,
  • enterprise linux desktop supplementary 5.0,
  • enterprise linux desktop supplementary 6.0,
  • enterprise linux server 6.0,
  • enterprise linux server 7.0,
  • enterprise linux server supplementary 5.0,
  • enterprise linux server supplementary 6.0,
  • enterprise linux server supplementary 7.0,
  • enterprise linux workstation 6.0,
  • enterprise linux workstation 7.0,
  • enterprise linux workstation supplementary 6.0,
  • enterprise linux workstation supplementary 7.0,
  • fedora 19,
  • fedora 20,
  • fedora 21,
  • mac os x,
  • mageia 3.0,
  • mageia 4.0,
  • netbsd 5.1,
  • netbsd 5.1.1,
  • netbsd 5.1.2,
  • netbsd 5.1.3,
  • netbsd 5.1.4,
  • netbsd 5.2,
  • netbsd 5.2.1,
  • netbsd 5.2.2,
  • netbsd 6.0,
  • netbsd 6.0.1,
  • netbsd 6.0.2,
  • netbsd 6.0.3,
  • netbsd 6.0.4,
  • netbsd 6.0.5,
  • netbsd 6.0.6,
  • netbsd 6.1,
  • netbsd 6.1.1,
  • netbsd 6.1.2,
  • netbsd 6.1.3,
  • netbsd 6.1.4,
  • netbsd 6.1.5,
  • openssl 0.9.8,
  • openssl 0.9.8a,
  • openssl 0.9.8b,
  • openssl 0.9.8c,
  • openssl 0.9.8d,
  • openssl 0.9.8e,
  • openssl 0.9.8f,
  • openssl 0.9.8g,
  • openssl 0.9.8h,
  • openssl 0.9.8i,
  • openssl 0.9.8j,
  • openssl 0.9.8k,
  • openssl 0.9.8l,
  • openssl 0.9.8m,
  • openssl 0.9.8n,
  • openssl 0.9.8o,
  • openssl 0.9.8p,
  • openssl 0.9.8q,
  • openssl 0.9.8r,
  • openssl 0.9.8s,
  • openssl 0.9.8t,
  • openssl 0.9.8u,
  • openssl 0.9.8v,
  • openssl 0.9.8w,
  • openssl 0.9.8x,
  • openssl 0.9.8y,
  • openssl 0.9.8z,
  • openssl 0.9.8za,
  • openssl 0.9.8zb,
  • openssl 1.0.0,
  • openssl 1.0.0a,
  • openssl 1.0.0b,
  • openssl 1.0.0c,
  • openssl 1.0.0d,
  • openssl 1.0.0e,
  • openssl 1.0.0f,
  • openssl 1.0.0g,
  • openssl 1.0.0h,
  • openssl 1.0.0i,
  • openssl 1.0.0j,
  • openssl 1.0.0k,
  • openssl 1.0.0l,
  • openssl 1.0.0m,
  • openssl 1.0.0n,
  • openssl 1.0.1,
  • openssl 1.0.1a,
  • openssl 1.0.1b,
  • openssl 1.0.1c,
  • openssl 1.0.1d,
  • openssl 1.0.1e,
  • openssl 1.0.1f,
  • openssl 1.0.1g,
  • openssl 1.0.1h,
  • openssl 1.0.1i,
  • opensuse 12.3,
  • opensuse 13.1,
  • suse linux enterprise desktop 10.0,
  • suse linux enterprise desktop 11.0,
  • suse linux enterprise desktop 12.0,
  • suse linux enterprise desktop 9.0,
  • suse linux enterprise server 11.0,
  • suse linux enterprise server 12.0,
  • suse linux enterprise software development kit 11.0,
  • suse linux enterprise software development kit 12.0,
  • vios 2.2.0.10,
  • vios 2.2.0.11,
  • vios 2.2.0.12,
  • vios 2.2.0.13,
  • vios 2.2.1.0,
  • vios 2.2.1.1,
  • vios 2.2.1.3,
  • vios 2.2.1.4,
  • vios 2.2.1.5,
  • vios 2.2.1.6,
  • vios 2.2.1.7,
  • vios 2.2.1.8,
  • vios 2.2.1.9,
  • vios 2.2.2.0,
  • vios 2.2.2.1,
  • vios 2.2.2.2,
  • vios 2.2.2.3,
  • vios 2.2.2.4,
  • vios 2.2.2.5,
  • vios 2.2.3.0,
  • vios 2.2.3.1,
  • vios 2.2.3.2,
  • vios 2.2.3.3,
  • vios 2.2.3.4

References

Canonical
CVE-2014-3566 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566)
BID-70574 (http://www.securityfocus.com/bid/70574)
Advisory
HPSBOV03227 (http://marc.info?l=bugtraq&m=142103967620673&w=2)
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
SECTRACK-1031090 (http://www.securitytracker.com/id/1031090)
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable
http://rhn.redhat.com/errata/RHSA-2014-1880.html
HPSBHF03300 (http://marc.info?l=bugtraq&m=142804214608580&w=2)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635
VU#577193 (http://www.kb.cert.org/vuls/id/577193)
HPSBMU03184 (http://marc.info?l=bugtraq&m=141577087123040&w=2)
HPSBGN03209 (http://marc.info?l=bugtraq&m=141715130023061&w=2)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
https://support.apple.com/kb/HT6542
SECTRACK-1031106 (http://www.securitytracker.com/id/1031106)
HPSBGN03201 (http://marc.info?l=bugtraq&m=141697638231025&w=2)
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE") (http://marc.info?l=openssl-dev&m=141333049205629&w=2)
SSRT101898 (http://marc.info?l=bugtraq&m=142350298616097&w=2)
SSRT101896 (http://marc.info?l=bugtraq&m=142350743917559&w=2)
SECUNIA-60056 (http://secunia.com/advisories/60056)
http://rhn.redhat.com/errata/RHSA-2014-1877.html
HPSBUX03162 (http://marc.info?l=bugtraq&m=141477196830952&w=2)
SECUNIA-61130 (http://secunia.com/advisories/61130)
http://rhn.redhat.com/errata/RHSA-2015-1546.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
https://support.apple.com/kb/HT6529
https://www.openssl.org/news/secadv_20141015.txt
APPLE-SA-2014-10-16-3 (http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html)
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
http://rhn.redhat.com/errata/RHSA-2014-1920.html
SECTRACK-1031087 (http://www.securitytracker.com/id/1031087)
HPSBMU03234 (http://marc.info?l=bugtraq&m=143628269912142&w=2)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
https://bto.bluecoat.com/security-advisory/sa83
SSRT101849 (http://marc.info?l=bugtraq&m=141879378918327&w=2)
http://support.citrix.com/article/CTX200238
SECUNIA-61359 (http://secunia.com/advisories/61359)
https://support.apple.com/kb/HT6541
SECTRACK-1031093 (http://www.securitytracker.com/id/1031093)
SECTRACK-1031132 (http://www.securitytracker.com/id/1031132)
DSA-3144 (http://www.debian.org/security/2015/dsa-3144)
SSRT101790 (http://marc.info?l=bugtraq&m=142721887231400&w=2)
DSA-3253 (http://www.debian.org/security/2015/dsa-3253)
SSRT101846 (http://marc.info?l=bugtraq&m=142660345230545&w=2)
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
https://www.suse.com/support/kb/doc.php?id=7015773
APPLE-SA-2014-10-16-4 (http://www.securityfocus.com/archive/1/533724/100/0/threaded)
https://www.elastic.co/blog/logstash-1-4-3-released
SSRT101854 (http://marc.info?l=bugtraq&m=142296755107581&w=2)
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
HPSBST03195 (http://marc.info?l=bugtraq&m=142805027510172&w=2)
SECUNIA-61827 (http://secunia.com/advisories/61827)
HPSBMU03152 (http://marc.info?l=bugtraq&m=141450452204552&w=2)
http://rhn.redhat.com/errata/RHSA-2015-0079.html
http://www-01.ibm.com/support/docview.wss?uid=swg21688283
HPSBMU03304 (http://marc.info?l=bugtraq&m=142791032306609&w=2)
https://technet.microsoft.com/library/security/3009008.aspx
http://rhn.redhat.com/errata/RHSA-2015-1545.html
https://www-01.ibm.com/support/docview.wss?uid=swg21688165
HPSBMU03259 (http://marc.info?l=bugtraq&m=142624619906067&w=2)
SECTRACK-1031094 (http://www.securitytracker.com/id/1031094)
http://www.vmware.com/security/advisories/VMSA-2015-0003.html
SECUNIA-61316 (http://secunia.com/advisories/61316)
GLSA-201606-11 (https://security.gentoo.org/glsa/201606-11)
http://rhn.redhat.com/errata/RHSA-2014-1881.html
SECTRACK-1031096 (http://www.securitytracker.com/id/1031096)
SECUNIA-61810 (http://secunia.com/advisories/61810)
DSA-3053 (http://www.debian.org/security/2014/dsa-3053)
https://support.lenovo.com/us/en/product_security/poodle
SECTRACK-1031107 (http://www.securitytracker.com/id/1031107)
SECTRACK-1031095 (http://www.securitytracker.com/id/1031095)
HPSBMU03223 (http://marc.info?l=bugtraq&m=143290583027876&w=2)
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html
HPSBGN03305 (http://marc.info?l=bugtraq&m=142962817202793&w=2)
HPSBUX03194 (http://marc.info?l=bugtraq&m=143101048219218&w=2)
SSRT101868 (http://marc.info?l=bugtraq&m=142118135300698&w=2)
SECTRACK-1031091 (http://www.securitytracker.com/id/1031091)
HPSBMU03260 (http://marc.info?l=bugtraq&m=142495837901899&w=2)
SECTRACK-1031123 (http://www.securitytracker.com/id/1031123)
https://support.apple.com/HT205217
SECTRACK-1031092 (http://www.securitytracker.com/id/1031092)
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
SECUNIA-61926 (http://secunia.com/advisories/61926)
http://rhn.redhat.com/errata/RHSA-2014-1876.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
HPSBHF03156 (http://marc.info?l=bugtraq&m=141450973807288&w=2)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
SSRT101838 (http://marc.info?l=bugtraq&m=141814011518700&w=2)
HPSBGN03569 (http://marc.info?l=bugtraq&m=145983526810210&w=2)
APPLE-SA-2015-09-16-2 (http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html)
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
https://support.apple.com/kb/HT6531
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
http://rhn.redhat.com/errata/RHSA-2015-0264.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10091
https://support.apple.com/kb/HT6527
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
SSRT101897 (http://marc.info?l=bugtraq&m=142350196615714&w=2)
HPSBGN03203 (http://marc.info?l=bugtraq&m=141697676231104&w=2)
SECUNIA-60206 (http://secunia.com/advisories/60206)
https://bugzilla.redhat.com/show_bug.cgi?id=1152789
SECUNIA-60792 (http://secunia.com/advisories/60792)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
APPLE-SA-2014-10-16-1 (http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html)
DSA-3489 (http://www.debian.org/security/2016/dsa-3489)
https://security.netapp.com/advisory/ntap-20141015-0001
SECTRACK-1031105 (http://www.securitytracker.com/id/1031105)
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
FEDORA-2014-13069 (http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html)
SECTRACK-1031131 (http://www.securitytracker.com/id/1031131)
USN-2487-1 (http://www.ubuntu.com/usn/USN-2487-1)
SSRT101795 (http://marc.info?l=bugtraq&m=142740155824959&w=2)
HPSBGN03222 (http://marc.info?l=bugtraq&m=141813976718456&w=2)
SECTRACK-1031130 (http://www.securitytracker.com/id/1031130)
HPSBMU03301 (http://marc.info?l=bugtraq&m=142721830231196&w=2)
HPSBGN03164 (http://marc.info?l=bugtraq&m=141577350823734&w=2)
http://rhn.redhat.com/errata/RHSA-2014-1948.html
HPSBGN03192 (http://marc.info?l=bugtraq&m=141620103726640&w=2)
http://rhn.redhat.com/errata/RHSA-2014-1653.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
HPSBMU03416 (http://marc.info?l=bugtraq&m=144101915224472&w=2)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
http://support.apple.com/HT204244
http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
HPSBMU03283 (http://marc.info?l=bugtraq&m=142624679706236&w=2)
http://rhn.redhat.com/errata/RHSA-2015-0085.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://support.apple.com/kb/HT6536
FEDORA-2014-12951 (http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html)
HPSBGN03191 (http://marc.info?l=bugtraq&m=141576815022399&w=2)
https://groups.google.com/forum#!topic/docker-user/oYm0i3xShJU
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html
HPSBGN03332 (http://marc.info?l=bugtraq&m=143290371927178&w=2)
http://rhn.redhat.com/errata/RHSA-2014-1652.html
https://support.apple.com/kb/HT6535
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
HPSBST03265 (http://marc.info?l=bugtraq&m=142546741516006&w=2)
http://rhn.redhat.com/errata/RHSA-2015-0086.html
HPSBMU03241 (http://marc.info?l=bugtraq&m=143039249603103&w=2)
SECTRACK-1031124 (http://www.securitytracker.com/id/1031124)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0080.html
http://rhn.redhat.com/errata/RHSA-2014-1882.html
http://rhn.redhat.com/errata/RHSA-2015-0068.html
HPSBGN03251 (http://marc.info?l=bugtraq&m=142354438527235&w=2)
USN-2486-1 (http://www.ubuntu.com/usn/USN-2486-1)
HPSBGN03391 (http://marc.info?l=bugtraq&m=144294141001552&w=2)
SECUNIA-59627 (http://secunia.com/advisories/59627)
HPSBMU03214 (http://marc.info?l=bugtraq&m=141694355519663&w=2)
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
HPSBMU03263 (http://marc.info?l=bugtraq&m=143290437727362&w=2)
https://support.lenovo.com/product_security/poodle
20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle)
HPSBGN03205 (http://marc.info?l=bugtraq&m=141775427104070&w=2)
http://rhn.redhat.com/errata/RHSA-2015-0698.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
http://downloads.asterisk.org/pub/security/AST-2014-011.html
SECUNIA-60859 (http://secunia.com/advisories/60859)
APPLE-SA-2014-10-20-2 (http://www.securityfocus.com/archive/1/533746)
GLSA-201507-14 (https://security.gentoo.org/glsa/201507-14)
SSRT101921 (http://marc.info?l=bugtraq&m=142624719706349&w=2)
SSRT101951 (http://marc.info?l=bugtraq&m=142496355704097&w=2)
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
SECUNIA-61345 (http://secunia.com/advisories/61345)
SECUNIA-61019 (http://secunia.com/advisories/61019)
SECTRACK-1031120 (http://www.securitytracker.com/id/1031120)
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
SECUNIA-61825 (http://secunia.com/advisories/61825)
http://advisories.mageia.org/MGASA-2014-0416.html
SECTRACK-1031029 (http://www.securitytracker.com/id/1031029)
HPSBUX03281 (http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581)
HPSBMU03267 (http://marc.info?l=bugtraq&m=142624590206005&w=2)
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
HPSBMU03261 (http://marc.info?l=bugtraq&m=143290522027658&w=2)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10104
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
SECUNIA-61782 (http://secunia.com/advisories/61782)
https://access.redhat.com/articles/1232123
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
FEDORA-2015-9110 (http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html)
SECTRACK-1031085 (http://www.securitytracker.com/id/1031085)
HPSBST03418 (http://marc.info?l=bugtraq&m=144251162130364&w=2)
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
APPLE-SA-2014-10-20-1 (http://www.securityfocus.com/archive/1/533747)
http://www-01.ibm.com/support/docview.wss?uid=swg21687611
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203
SSRT101968 (http://marc.info?l=bugtraq&m=142607790919348&w=2)
https://support.citrix.com/article/CTX216642
https://puppet.com/security/cve/poodle-sslv3-vulnerability
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
APPLE-SA-2015-01-27-4 (http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html)
SECUNIA-61303 (http://secunia.com/advisories/61303)
http://www-01.ibm.com/support/docview.wss?uid=swg21692299
SECTRACK-1031039 (http://www.securitytracker.com/id/1031039)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
http://www-01.ibm.com/support/docview.wss?uid=swg21687172
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
SSRT101922 (http://marc.info?l=bugtraq&m=142624619906067)
SECTRACK-1031089 (http://www.securitytracker.com/id/1031089)
HPSBMU03183 (http://marc.info?l=bugtraq&m=141628688425177&w=2)
TA14-290A (http://www.us-cert.gov/ncas/alerts/TA14-290A)
FEDORA-2014-13012 (http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html)
SECUNIA-61819 (http://secunia.com/advisories/61819)
HPSBGN03255 (http://marc.info?l=bugtraq&m=142357976805598&w=2)
SECTRACK-1031088 (http://www.securitytracker.com/id/1031088)
DSA-3147 (http://www.debian.org/security/2015/dsa-3147)
SECUNIA-61995 (http://secunia.com/advisories/61995)
HPSBGN03202 (http://marc.info?l=bugtraq&m=141703183219781&w=2)
http://www-01.ibm.com/support/docview.wss?uid=swg21686997
https://kc.mcafee.com/corporate/index?page=content&id=SB10090
SECTRACK-1031086 (http://www.securitytracker.com/id/1031086)
HPSBPI03360 (http://marc.info?l=bugtraq&m=143558192010071&w=2)
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://rhn.redhat.com/errata/RHSA-2014-1692.html
FEDORA-2015-9090 (http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
HPSBPI03107 (http://marc.info?l=bugtraq&m=143558137709884&w=2)
[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E)
[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E)
[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html (https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E)
HPSBOV03227 (http://marc.info/?l=bugtraq&m=142103967620673&w=2)
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
HPSBHF03300 (http://marc.info/?l=bugtraq&m=142804214608580&w=2)
HPSBMU03184 (http://marc.info/?l=bugtraq&m=141577087123040&w=2)
HPSBGN03209 (http://marc.info/?l=bugtraq&m=141715130023061&w=2)
HPSBGN03201 (http://marc.info/?l=bugtraq&m=141697638231025&w=2)
[openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE") (http://marc.info/?l=openssl-dev&m=141333049205629&w=2)
SSRT101898 (http://marc.info/?l=bugtraq&m=142350298616097&w=2)
SSRT101896 (http://marc.info/?l=bugtraq&m=142350743917559&w=2)
HPSBUX03162 (http://marc.info/?l=bugtraq&m=141477196830952&w=2)
HPSBMU03234 (http://marc.info/?l=bugtraq&m=143628269912142&w=2)
SSRT101849 (http://marc.info/?l=bugtraq&m=141879378918327&w=2)
SSRT101790 (http://marc.info/?l=bugtraq&m=142721887231400&w=2)
SSRT101846 (http://marc.info/?l=bugtraq&m=142660345230545&w=2)
SSRT101854 (http://marc.info/?l=bugtraq&m=142296755107581&w=2)
HPSBST03195 (http://marc.info/?l=bugtraq&m=142805027510172&w=2)
HPSBMU03152 (http://marc.info/?l=bugtraq&m=141450452204552&w=2)
HPSBMU03304 (http://marc.info/?l=bugtraq&m=142791032306609&w=2)
HPSBMU03259 (http://marc.info/?l=bugtraq&m=142624619906067&w=2)
HPSBMU03223 (http://marc.info/?l=bugtraq&m=143290583027876&w=2)
HPSBGN03305 (http://marc.info/?l=bugtraq&m=142962817202793&w=2)
HPSBUX03194 (http://marc.info/?l=bugtraq&m=143101048219218&w=2)
SSRT101868 (http://marc.info/?l=bugtraq&m=142118135300698&w=2)
HPSBMU03260 (http://marc.info/?l=bugtraq&m=142495837901899&w=2)
HPSBHF03156 (http://marc.info/?l=bugtraq&m=141450973807288&w=2)
SSRT101838 (http://marc.info/?l=bugtraq&m=141814011518700&w=2)
HPSBGN03569 (http://marc.info/?l=bugtraq&m=145983526810210&w=2)
SSRT101897 (http://marc.info/?l=bugtraq&m=142350196615714&w=2)
HPSBGN03203 (http://marc.info/?l=bugtraq&m=141697676231104&w=2)
https://security.netapp.com/advisory/ntap-20141015-0001/
SSRT101795 (http://marc.info/?l=bugtraq&m=142740155824959&w=2)
HPSBGN03222 (http://marc.info/?l=bugtraq&m=141813976718456&w=2)
HPSBMU03301 (http://marc.info/?l=bugtraq&m=142721830231196&w=2)
HPSBGN03164 (http://marc.info/?l=bugtraq&m=141577350823734&w=2)
HPSBGN03192 (http://marc.info/?l=bugtraq&m=141620103726640&w=2)
HPSBMU03416 (http://marc.info/?l=bugtraq&m=144101915224472&w=2)
HPSBMU03283 (http://marc.info/?l=bugtraq&m=142624679706236&w=2)
HPSBGN03191 (http://marc.info/?l=bugtraq&m=141576815022399&w=2)
https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU
HPSBGN03332 (http://marc.info/?l=bugtraq&m=143290371927178&w=2)
HPSBST03265 (http://marc.info/?l=bugtraq&m=142546741516006&w=2)
HPSBMU03241 (http://marc.info/?l=bugtraq&m=143039249603103&w=2)
HPSBGN03251 (http://marc.info/?l=bugtraq&m=142354438527235&w=2)
HPSBGN03391 (http://marc.info/?l=bugtraq&m=144294141001552&w=2)
HPSBMU03214 (http://marc.info/?l=bugtraq&m=141694355519663&w=2)
HPSBMU03263 (http://marc.info/?l=bugtraq&m=143290437727362&w=2)
HPSBGN03205 (http://marc.info/?l=bugtraq&m=141775427104070&w=2)
SSRT101921 (http://marc.info/?l=bugtraq&m=142624719706349&w=2)
SSRT101951 (http://marc.info/?l=bugtraq&m=142496355704097&w=2)
HPSBMU03267 (http://marc.info/?l=bugtraq&m=142624590206005&w=2)
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
HPSBMU03261 (http://marc.info/?l=bugtraq&m=143290522027658&w=2)
HPSBST03418 (http://marc.info/?l=bugtraq&m=144251162130364&w=2)
SSRT101968 (http://marc.info/?l=bugtraq&m=142607790919348&w=2)
SSRT101922 (http://marc.info/?l=bugtraq&m=142624619906067)
HPSBMU03183 (http://marc.info/?l=bugtraq&m=141628688425177&w=2)
HPSBGN03255 (http://marc.info/?l=bugtraq&m=142357976805598&w=2)
HPSBGN03202 (http://marc.info/?l=bugtraq&m=141703183219781&w=2)
HPSBPI03360 (http://marc.info/?l=bugtraq&m=143558192010071&w=2)
HPSBPI03107 (http://marc.info/?l=bugtraq&m=143558137709884&w=2)
[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html (https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E)
[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html (https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E)
[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html (https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E)
Miscellaneous
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://www.imperialviolet.org/2014/10/14/poodle.html
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://github.com/mpgn/poodle-PoC
http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://access.redhat.com/errata/RHBA-2014:1857
https://access.redhat.com/errata/RHSA-2014:1876
https://access.redhat.com/errata/RHSA-2014:1877
https://access.redhat.com/errata/RHSA-2014:1880
https://access.redhat.com/errata/RHSA-2014:1881
https://access.redhat.com/errata/RHSA-2014:1882
https://access.redhat.com/errata/RHSA-2014:1920
https://access.redhat.com/errata/RHSA-2015:0010
https://access.redhat.com/errata/RHSA-2015:0011
https://access.redhat.com/errata/RHSA-2015:0012
https://access.redhat.com/errata/RHSA-2015:0067
https://access.redhat.com/errata/RHSA-2015:0068
https://access.redhat.com/errata/RHSA-2015:0069
https://access.redhat.com/errata/RHSA-2015:0079
https://access.redhat.com/errata/RHSA-2015:0080
https://access.redhat.com/errata/RHSA-2015:0085
https://access.redhat.com/errata/RHSA-2015:0086
https://access.redhat.com/errata/RHSA-2015:0264
https://access.redhat.com/errata/RHSA-2015:1545
https://access.redhat.com/errata/RHSA-2015:1546
https://access.redhat.com/security/cve/CVE-2014-3566
https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis