CVE-2014-3566

First published: Wed Oct 15 2014(Updated: )

Bodo Möller, Thai Duong and Krzysztof Kotowicz of Google discovered a flaw in the design of SSL version 3.0 that would allow an attacker to calculate the plaintext of secure connections, allowing, for example, secure HTTP cookies to be stolen. References: <a href="http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html">http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html</a> <a href="https://www.openssl.org/~bodo/ssl-poodle.pdf">https://www.openssl.org/~bodo/ssl-poodle.pdf</a>

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Redhat Enterprise Linux	=5
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Desktop Supplementary	=5.0
Redhat Enterprise Linux Desktop Supplementary	=6.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Supplementary	=5.0
Redhat Enterprise Linux Server Supplementary	=6.0
Redhat Enterprise Linux Server Supplementary	=7.0
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Workstation	=7.0
Redhat Enterprise Linux Workstation Supplementary	=6.0
Redhat Enterprise Linux Workstation Supplementary	=7.0
IBM AIX	=5.3
IBM AIX	=6.1
IBM AIX	=7.1
Apple Mac OS X	<=10.10.1
Mageia Mageia	=3.0
Mageia Mageia	=4.0
Novell Suse Linux Enterprise Desktop	=9.0
Novell Suse Linux Enterprise Desktop	=10.0
Novell Suse Linux Enterprise Desktop	=11.0
Novell Suse Linux Enterprise Desktop	=12.0
Novell Suse Linux Enterprise Software Development Kit	=11.0-sp3
Novell Suse Linux Enterprise Software Development Kit	=12.0
Novell Suse Linux Enterprise Server	=11.0-sp3
Novell Suse Linux Enterprise Server Vmware	=11.0-sp3
Novell Suse Linux Enterprise Server	=12.0
openSUSE openSUSE	=12.3
openSUSE openSUSE	=13.1
Fedoraproject Fedora	=19
Fedoraproject Fedora	=20
Fedoraproject Fedora	=21
OpenSSL OpenSSL	=0.9.8
OpenSSL OpenSSL	=0.9.8a
OpenSSL OpenSSL	=0.9.8b
OpenSSL OpenSSL	=0.9.8c
OpenSSL OpenSSL	=0.9.8d
OpenSSL OpenSSL	=0.9.8e
OpenSSL OpenSSL	=0.9.8f
OpenSSL OpenSSL	=0.9.8g
OpenSSL OpenSSL	=0.9.8h
OpenSSL OpenSSL	=0.9.8i
OpenSSL OpenSSL	=0.9.8j
OpenSSL OpenSSL	=0.9.8k
OpenSSL OpenSSL	=0.9.8l
OpenSSL OpenSSL	=0.9.8m
OpenSSL OpenSSL	=0.9.8m-beta1
OpenSSL OpenSSL	=0.9.8n
OpenSSL OpenSSL	=0.9.8o
OpenSSL OpenSSL	=0.9.8p
OpenSSL OpenSSL	=0.9.8q
OpenSSL OpenSSL	=0.9.8r
OpenSSL OpenSSL	=0.9.8s
OpenSSL OpenSSL	=0.9.8t
OpenSSL OpenSSL	=0.9.8u
OpenSSL OpenSSL	=0.9.8v
OpenSSL OpenSSL	=0.9.8w
OpenSSL OpenSSL	=0.9.8x
OpenSSL OpenSSL	=0.9.8y
OpenSSL OpenSSL	=0.9.8z
OpenSSL OpenSSL	=0.9.8za
OpenSSL OpenSSL	=0.9.8zb
OpenSSL OpenSSL	=1.0.0
OpenSSL OpenSSL	=1.0.0-beta1
OpenSSL OpenSSL	=1.0.0-beta2
OpenSSL OpenSSL	=1.0.0-beta3
OpenSSL OpenSSL	=1.0.0-beta4
OpenSSL OpenSSL	=1.0.0-beta5
OpenSSL OpenSSL	=1.0.0a
OpenSSL OpenSSL	=1.0.0b
OpenSSL OpenSSL	=1.0.0c
OpenSSL OpenSSL	=1.0.0d
OpenSSL OpenSSL	=1.0.0e
OpenSSL OpenSSL	=1.0.0f
OpenSSL OpenSSL	=1.0.0g
OpenSSL OpenSSL	=1.0.0h
OpenSSL OpenSSL	=1.0.0i
OpenSSL OpenSSL	=1.0.0j
OpenSSL OpenSSL	=1.0.0k
OpenSSL OpenSSL	=1.0.0l
OpenSSL OpenSSL	=1.0.0m
OpenSSL OpenSSL	=1.0.0n
OpenSSL OpenSSL	=1.0.1
OpenSSL OpenSSL	=1.0.1-beta1
OpenSSL OpenSSL	=1.0.1-beta2
OpenSSL OpenSSL	=1.0.1-beta3
OpenSSL OpenSSL	=1.0.1a
OpenSSL OpenSSL	=1.0.1b
OpenSSL OpenSSL	=1.0.1c
OpenSSL OpenSSL	=1.0.1d
OpenSSL OpenSSL	=1.0.1e
OpenSSL OpenSSL	=1.0.1f
OpenSSL OpenSSL	=1.0.1g
OpenSSL OpenSSL	=1.0.1h
OpenSSL OpenSSL	=1.0.1i
IBM VIOS	=2.2.0.10
IBM VIOS	=2.2.0.11
IBM VIOS	=2.2.0.12
IBM VIOS	=2.2.0.13
IBM VIOS	=2.2.1.0
IBM VIOS	=2.2.1.1
IBM VIOS	=2.2.1.3
IBM VIOS	=2.2.1.4
IBM VIOS	=2.2.1.5
IBM VIOS	=2.2.1.6
IBM VIOS	=2.2.1.7
IBM VIOS	=2.2.1.8
IBM VIOS	=2.2.1.9
IBM VIOS	=2.2.2.0
IBM VIOS	=2.2.2.1
IBM VIOS	=2.2.2.2
IBM VIOS	=2.2.2.3
IBM VIOS	=2.2.2.4
IBM VIOS	=2.2.2.5
IBM VIOS	=2.2.3.0
IBM VIOS	=2.2.3.1
IBM VIOS	=2.2.3.2
IBM VIOS	=2.2.3.3
IBM VIOS	=2.2.3.4
NetBSD NetBSD	=5.1
NetBSD NetBSD	=5.1.1
NetBSD NetBSD	=5.1.2
NetBSD NetBSD	=5.1.3
NetBSD NetBSD	=5.1.4
NetBSD NetBSD	=5.2
NetBSD NetBSD	=5.2.1
NetBSD NetBSD	=5.2.2
NetBSD NetBSD	=6.0
NetBSD NetBSD	=6.0-beta
NetBSD NetBSD	=6.0.1
NetBSD NetBSD	=6.0.2
NetBSD NetBSD	=6.0.3
NetBSD NetBSD	=6.0.4
NetBSD NetBSD	=6.0.5
NetBSD NetBSD	=6.0.6
NetBSD NetBSD	=6.1
NetBSD NetBSD	=6.1.1
NetBSD NetBSD	=6.1.2
NetBSD NetBSD	=6.1.3
NetBSD NetBSD	=6.1.4
NetBSD NetBSD	=6.1.5
Debian Debian Linux	=7.0
Debian Debian Linux	=8.0
Oracle Database	=11.2.0.4
Oracle Database	=12.1.0.2

Never miss a vulnerability like this again

Reference Links

agent/author
agent/type
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/references
agent/weakness
agent/severity
agent/description
agent/event
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
agent/softwarecombine
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-3566
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/5
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux desktop supplementary
version/redhat enterprise linux desktop supplementary/5.0
version/redhat enterprise linux desktop supplementary/6.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server supplementary
version/redhat enterprise linux server supplementary/5.0
version/redhat enterprise linux server supplementary/6.0
version/redhat enterprise linux server supplementary/7.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
canonical/redhat enterprise linux workstation supplementary
version/redhat enterprise linux workstation supplementary/6.0
version/redhat enterprise linux workstation supplementary/7.0
vendor/ibm
canonical/ibm aix
version/ibm aix/5.3
version/ibm aix/6.1
version/ibm aix/7.1
vendor/apple
canonical/apple mac os x
version/apple mac os x/10.10.1
vendor/mageia
canonical/mageia mageia
version/mageia mageia/3.0
version/mageia mageia/4.0
vendor/novell
canonical/novell suse linux enterprise desktop
version/novell suse linux enterprise desktop/9.0
version/novell suse linux enterprise desktop/10.0
version/novell suse linux enterprise desktop/11.0
version/novell suse linux enterprise desktop/12.0
canonical/novell suse linux enterprise software development kit
version/novell suse linux enterprise software development kit/11.0-sp3
version/novell suse linux enterprise software development kit/12.0
canonical/novell suse linux enterprise server
version/novell suse linux enterprise server/11.0-sp3
canonical/novell suse linux enterprise server vmware
version/novell suse linux enterprise server vmware/11.0-sp3
version/novell suse linux enterprise server/12.0
vendor/opensuse
canonical/opensuse opensuse
version/opensuse opensuse/12.3
version/opensuse opensuse/13.1
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/19
version/fedoraproject fedora/20
version/fedoraproject fedora/21
vendor/openssl
canonical/openssl openssl
version/openssl openssl/0.9.8
version/openssl openssl/0.9.8a
version/openssl openssl/0.9.8b
version/openssl openssl/0.9.8c
version/openssl openssl/0.9.8d
version/openssl openssl/0.9.8e
version/openssl openssl/0.9.8f
version/openssl openssl/0.9.8g
version/openssl openssl/0.9.8h
version/openssl openssl/0.9.8i
version/openssl openssl/0.9.8j
version/openssl openssl/0.9.8k
version/openssl openssl/0.9.8l
version/openssl openssl/0.9.8m
version/openssl openssl/0.9.8m-beta1
version/openssl openssl/0.9.8n
version/openssl openssl/0.9.8o
version/openssl openssl/0.9.8p
version/openssl openssl/0.9.8q
version/openssl openssl/0.9.8r
version/openssl openssl/0.9.8s
version/openssl openssl/0.9.8t
version/openssl openssl/0.9.8u
version/openssl openssl/0.9.8v
version/openssl openssl/0.9.8w
version/openssl openssl/0.9.8x
version/openssl openssl/0.9.8y
version/openssl openssl/0.9.8z
version/openssl openssl/0.9.8za
version/openssl openssl/0.9.8zb
version/openssl openssl/1.0.0
version/openssl openssl/1.0.0-beta1
version/openssl openssl/1.0.0-beta2
version/openssl openssl/1.0.0-beta3
version/openssl openssl/1.0.0-beta4
version/openssl openssl/1.0.0-beta5
version/openssl openssl/1.0.0a
version/openssl openssl/1.0.0b
version/openssl openssl/1.0.0c
version/openssl openssl/1.0.0d
version/openssl openssl/1.0.0e
version/openssl openssl/1.0.0f
version/openssl openssl/1.0.0g
version/openssl openssl/1.0.0h
version/openssl openssl/1.0.0i
version/openssl openssl/1.0.0j
version/openssl openssl/1.0.0k
version/openssl openssl/1.0.0l
version/openssl openssl/1.0.0m
version/openssl openssl/1.0.0n
version/openssl openssl/1.0.1
version/openssl openssl/1.0.1-beta1
version/openssl openssl/1.0.1-beta2
version/openssl openssl/1.0.1-beta3
version/openssl openssl/1.0.1a
version/openssl openssl/1.0.1b
version/openssl openssl/1.0.1c
version/openssl openssl/1.0.1d
version/openssl openssl/1.0.1e
version/openssl openssl/1.0.1f
version/openssl openssl/1.0.1g
version/openssl openssl/1.0.1h
version/openssl openssl/1.0.1i
canonical/ibm vios
version/ibm vios/2.2.0.10
version/ibm vios/2.2.0.11
version/ibm vios/2.2.0.12
version/ibm vios/2.2.0.13
version/ibm vios/2.2.1.0
version/ibm vios/2.2.1.1
version/ibm vios/2.2.1.3
version/ibm vios/2.2.1.4
version/ibm vios/2.2.1.5
version/ibm vios/2.2.1.6
version/ibm vios/2.2.1.7
version/ibm vios/2.2.1.8
version/ibm vios/2.2.1.9
version/ibm vios/2.2.2.0
version/ibm vios/2.2.2.1
version/ibm vios/2.2.2.2
version/ibm vios/2.2.2.3
version/ibm vios/2.2.2.4
version/ibm vios/2.2.2.5
version/ibm vios/2.2.3.0
version/ibm vios/2.2.3.1
version/ibm vios/2.2.3.2
version/ibm vios/2.2.3.3
version/ibm vios/2.2.3.4
vendor/netbsd
canonical/netbsd netbsd
version/netbsd netbsd/5.1
version/netbsd netbsd/5.1.1
version/netbsd netbsd/5.1.2
version/netbsd netbsd/5.1.3
version/netbsd netbsd/5.1.4
version/netbsd netbsd/5.2
version/netbsd netbsd/5.2.1
version/netbsd netbsd/5.2.2
version/netbsd netbsd/6.0
version/netbsd netbsd/6.0-beta
version/netbsd netbsd/6.0.1
version/netbsd netbsd/6.0.2
version/netbsd netbsd/6.0.3
version/netbsd netbsd/6.0.4
version/netbsd netbsd/6.0.5
version/netbsd netbsd/6.0.6
version/netbsd netbsd/6.1
version/netbsd netbsd/6.1.1
version/netbsd netbsd/6.1.2
version/netbsd netbsd/6.1.3
version/netbsd netbsd/6.1.4
version/netbsd netbsd/6.1.5
vendor/debian
canonical/debian debian linux
version/debian debian linux/7.0
version/debian debian linux/8.0
vendor/oracle
canonical/oracle database
version/oracle database/11.2.0.4
version/oracle database/12.1.0.2

CVE-2014-3566

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact