CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Published : 2014-10-15 00:55 Updated : 2019-10-09 23:10

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Redhat Enterprise Linux Server Supplementary 6.0 cpe:/o:redhat:enterprise_linux_server_supplementary:6.0
Novell Suse Linux Enterprise Server 12.0 cpe:/o:novell:suse_linux_enterprise_server:12.0
Netbsd Netbsd 6.1.2 cpe:/o:netbsd:netbsd:6.1.2
Openssl Openssl 0.9.8s cpe:/a:openssl:openssl:0.9.8s
Redhat Enterprise Linux Workstation Supplementary 6.0 cpe:/o:redhat:enterprise_linux_workstation_supplementary:6.0
Fedoraproject Fedora 21 cpe:/o:fedoraproject:fedora:21
Fedoraproject Fedora 20 cpe:/o:fedoraproject:fedora:20
Novell Suse Linux Enterprise Desktop 9.0 cpe:/o:novell:suse_linux_enterprise_desktop:9.0
Novell Suse Linux Enterprise Server 11.0 cpe:/o:novell:suse_linux_enterprise_server:11.0:sp3:~~~vmware~~
Fedoraproject Fedora 19 cpe:/o:fedoraproject:fedora:19
Netbsd Netbsd 6.1.1 cpe:/o:netbsd:netbsd:6.1.1
Netbsd Netbsd 6.1.4 cpe:/o:netbsd:netbsd:6.1.4
Netbsd Netbsd 6.1.3 cpe:/o:netbsd:netbsd:6.1.3
Novell Suse Linux Enterprise Software Development Kit 11.0 cpe:/o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3
Redhat Enterprise Linux Desktop 7.0 cpe:/o:redhat:enterprise_linux_desktop:7.0
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta5
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta2
Openssl Openssl 0.9.8b cpe:/a:openssl:openssl:0.9.8b
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta4
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta1
Openssl Openssl 0.9.8a cpe:/a:openssl:openssl:0.9.8a
Openssl Openssl 0.9.8d cpe:/a:openssl:openssl:0.9.8d
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1:beta3
Mageia Mageia 3.0 cpe:/o:mageia:mageia:3.0
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta1
Openssl Openssl 1.0.1 cpe:/a:openssl:openssl:1.0.1
Redhat Enterprise Linux Server Supplementary 5.0 cpe:/o:redhat:enterprise_linux_server_supplementary:5.0
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta3
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0:beta2
Openssl Openssl 1.0.0 cpe:/a:openssl:openssl:1.0.0
Netbsd Netbsd 5.1 cpe:/o:netbsd:netbsd:5.1
Openssl Openssl 0.9.8 cpe:/a:openssl:openssl:0.9.8
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Ibm Aix 6.1 cpe:/o:ibm:aix:6.1
Netbsd Netbsd 5.2 cpe:/o:netbsd:netbsd:5.2
Novell Suse Linux Enterprise Server 11.0 cpe:/o:novell:suse_linux_enterprise_server:11.0:sp3
Redhat Enterprise Linux Workstation Supplementary 7.0 cpe:/o:redhat:enterprise_linux_workstation_supplementary:7.0
Ibm Vios 2.2.1.1 cpe:/o:ibm:vios:2.2.1.1
Ibm Vios 2.2.1.3 cpe:/o:ibm:vios:2.2.1.3
Ibm Vios 2.2.1.4 cpe:/o:ibm:vios:2.2.1.4
Openssl Openssl 0.9.8c cpe:/a:openssl:openssl:0.9.8c
Openssl Openssl 1.0.0f cpe:/a:openssl:openssl:1.0.0f
Openssl Openssl 1.0.0e cpe:/a:openssl:openssl:1.0.0e
Openssl Openssl 1.0.0h cpe:/a:openssl:openssl:1.0.0h
Openssl Openssl 1.0.0g cpe:/a:openssl:openssl:1.0.0g
Openssl Openssl 1.0.0j cpe:/a:openssl:openssl:1.0.0j
Openssl Openssl 1.0.0i cpe:/a:openssl:openssl:1.0.0i
Openssl Openssl 1.0.0l cpe:/a:openssl:openssl:1.0.0l
Openssl Openssl 0.9.8w cpe:/a:openssl:openssl:0.9.8w
Openssl Openssl 1.0.0k cpe:/a:openssl:openssl:1.0.0k
Openssl Openssl 0.9.8z cpe:/a:openssl:openssl:0.9.8z
Openssl Openssl 1.0.0n cpe:/a:openssl:openssl:1.0.0n
Openssl Openssl 0.9.8y cpe:/a:openssl:openssl:0.9.8y
Openssl Openssl 1.0.0m cpe:/a:openssl:openssl:1.0.0m
Openssl Openssl 0.9.8v cpe:/a:openssl:openssl:0.9.8v
Openssl Openssl 0.9.8u cpe:/a:openssl:openssl:0.9.8u
Openssl Openssl 0.9.8x cpe:/a:openssl:openssl:0.9.8x
Ibm Aix 7.1 cpe:/o:ibm:aix:7.1
Openssl Openssl 0.9.8o cpe:/a:openssl:openssl:0.9.8o
Ibm Vios 2.2.1.9 cpe:/o:ibm:vios:2.2.1.9
Redhat Enterprise Linux Desktop Supplementary 6.0 cpe:/o:redhat:enterprise_linux_desktop_supplementary:6.0
Openssl Openssl 0.9.8r cpe:/a:openssl:openssl:0.9.8r
Openssl Openssl 0.9.8q cpe:/a:openssl:openssl:0.9.8q
Openssl Openssl 0.9.8t cpe:/a:openssl:openssl:0.9.8t
Openssl Openssl 0.9.8k cpe:/a:openssl:openssl:0.9.8k
Openssl Openssl 0.9.8n cpe:/a:openssl:openssl:0.9.8n
Openssl Openssl 0.9.8m cpe:/a:openssl:openssl:0.9.8m
Openssl Openssl 0.9.8p cpe:/a:openssl:openssl:0.9.8p
Openssl Openssl 0.9.8g cpe:/a:openssl:openssl:0.9.8g
Openssl Openssl 0.9.8j cpe:/a:openssl:openssl:0.9.8j
Openssl Openssl 0.9.8i cpe:/a:openssl:openssl:0.9.8i
Openssl Openssl 0.9.8l cpe:/a:openssl:openssl:0.9.8l
Ibm Vios 2.2.1.5 cpe:/o:ibm:vios:2.2.1.5
Openssl Openssl 0.9.8f cpe:/a:openssl:openssl:0.9.8f
Openssl Openssl 1.0.0b cpe:/a:openssl:openssl:1.0.0b
Ibm Vios 2.2.1.6 cpe:/o:ibm:vios:2.2.1.6
Openssl Openssl 0.9.8e cpe:/a:openssl:openssl:0.9.8e
Openssl Openssl 1.0.0a cpe:/a:openssl:openssl:1.0.0a
Ibm Vios 2.2.1.7 cpe:/o:ibm:vios:2.2.1.7
Redhat Enterprise Linux Desktop 6.0 cpe:/o:redhat:enterprise_linux_desktop:6.0
Openssl Openssl 0.9.8h cpe:/a:openssl:openssl:0.9.8h
Openssl Openssl 1.0.0d cpe:/a:openssl:openssl:1.0.0d
Ibm Vios 2.2.1.8 cpe:/o:ibm:vios:2.2.1.8
Openssl Openssl 1.0.0c cpe:/a:openssl:openssl:1.0.0c
Openssl Openssl 1.0.1g cpe:/a:openssl:openssl:1.0.1g
Openssl Openssl 1.0.1f cpe:/a:openssl:openssl:1.0.1f
Novell Suse Linux Enterprise Desktop 10.0 cpe:/o:novell:suse_linux_enterprise_desktop:10.0
Openssl Openssl 1.0.1i cpe:/a:openssl:openssl:1.0.1i
Openssl Openssl 1.0.1h cpe:/a:openssl:openssl:1.0.1h
Mageia Mageia 4.0 cpe:/o:mageia:mageia:4.0
Netbsd Netbsd 6.0 cpe:/o:netbsd:netbsd:6.0
Netbsd Netbsd 5.1.3 cpe:/o:netbsd:netbsd:5.1.3
Ibm Vios 2.2.0.13 cpe:/o:ibm:vios:2.2.0.13
Netbsd Netbsd 5.1.1 cpe:/o:netbsd:netbsd:5.1.1
Ibm Vios 2.2.0.11 cpe:/o:ibm:vios:2.2.0.11
Ibm Vios 2.2.0.12 cpe:/o:ibm:vios:2.2.0.12
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Netbsd Netbsd 6.1 cpe:/o:netbsd:netbsd:6.1
Ibm Vios 2.2.0.10 cpe:/o:ibm:vios:2.2.0.10
Netbsd Netbsd 6.0.6 cpe:/o:netbsd:netbsd:6.0.6
Apple Mac Os X 10.10.1 cpe:/o:apple:mac_os_x:10.10.1
Ibm Vios 2.2.2.0 cpe:/o:ibm:vios:2.2.2.0
Ibm Vios 2.2.2.1 cpe:/o:ibm:vios:2.2.2.1
Ibm Vios 2.2.2.2 cpe:/o:ibm:vios:2.2.2.2
Openssl Openssl 1.0.1a cpe:/a:openssl:openssl:1.0.1a
Ibm Vios 2.2.2.3 cpe:/o:ibm:vios:2.2.2.3
Openssl Openssl 1.0.1c cpe:/a:openssl:openssl:1.0.1c
Openssl Openssl 1.0.1b cpe:/a:openssl:openssl:1.0.1b
Openssl Openssl 1.0.1e cpe:/a:openssl:openssl:1.0.1e
Openssl Openssl 1.0.1d cpe:/a:openssl:openssl:1.0.1d
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
Ibm Vios 2.2.1.0 cpe:/o:ibm:vios:2.2.1.0
Openssl Openssl 0.9.8zb cpe:/a:openssl:openssl:0.9.8zb
Redhat Enterprise Linux Workstation 6.0 cpe:/o:redhat:enterprise_linux_workstation:6.0
Openssl Openssl 0.9.8za cpe:/a:openssl:openssl:0.9.8za
Openssl Openssl 0.9.8m cpe:/a:openssl:openssl:0.9.8m:beta1
Redhat Enterprise Linux Desktop Supplementary 5.0 cpe:/o:redhat:enterprise_linux_desktop_supplementary:5.0
Netbsd Netbsd 5.1.4 cpe:/o:netbsd:netbsd:5.1.4
Netbsd Netbsd 5.1.2 cpe:/o:netbsd:netbsd:5.1.2
Ibm Vios 2.2.2.4 cpe:/o:ibm:vios:2.2.2.4
Ibm Vios 2.2.2.5 cpe:/o:ibm:vios:2.2.2.5
Novell Suse Linux Enterprise Desktop 11.0 cpe:/o:novell:suse_linux_enterprise_desktop:11.0
Redhat Enterprise Linux Server Supplementary 7.0 cpe:/o:redhat:enterprise_linux_server_supplementary:7.0
Netbsd Netbsd 6.0.1 cpe:/o:netbsd:netbsd:6.0.1
Netbsd Netbsd 5.2.2 cpe:/o:netbsd:netbsd:5.2.2
Netbsd Netbsd 6.0.3 cpe:/o:netbsd:netbsd:6.0.3
Redhat Enterprise Linux 5 cpe:/o:redhat:enterprise_linux:5
Netbsd Netbsd 6.1.5 cpe:/o:netbsd:netbsd:6.1.5
Ibm Vios 2.2.3.0 cpe:/o:ibm:vios:2.2.3.0
Novell Suse Linux Enterprise Software Development Kit 12.0 cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0
Ibm Vios 2.2.3.1 cpe:/o:ibm:vios:2.2.3.1
Ibm Vios 2.2.3.2 cpe:/o:ibm:vios:2.2.3.2
Netbsd Netbsd 6.0 cpe:/o:netbsd:netbsd:6.0:beta
Debian Debian Linux 7.0 cpe:/o:debian:debian_linux:7.0
Redhat Enterprise Linux Workstation 7.0 cpe:/o:redhat:enterprise_linux_workstation:7.0
Ibm Aix 5.3 cpe:/o:ibm:aix:5.3
Redhat Enterprise Linux Desktop Supplementary 76.0 cpe:/o:redhat:enterprise_linux_desktop_supplementary:76.0
Netbsd Netbsd 6.0.2 cpe:/o:netbsd:netbsd:6.0.2
Netbsd Netbsd 6.0.5 cpe:/o:netbsd:netbsd:6.0.5
Netbsd Netbsd 5.2.1 cpe:/o:netbsd:netbsd:5.2.1
Netbsd Netbsd 6.0.4 cpe:/o:netbsd:netbsd:6.0.4
Ibm Vios 2.2.3.3 cpe:/o:ibm:vios:2.2.3.3
Novell Suse Linux Enterprise Desktop 12.0 cpe:/o:novell:suse_linux_enterprise_desktop:12.0
Ibm Vios 2.2.3.4 cpe:/o:ibm:vios:2.2.3.4
Oracle Database 11.2.0.4 cpe:/a:oracle:database:11.2.0.4
Oracle Database 12.1.0.2 cpe:/a:oracle:database:12.1.0.2
Opensuse Opensuse 12.3 cpe:/o:opensuse:opensuse:12.3
Opensuse Opensuse 13.1 cpe:/o:opensuse:opensuse:13.1
  1. Debian (1) Search CVE
    1. Debian Linux (2) Search CVE
      1. 8.0
      2. 7.0
  2. Openssl (1) Search CVE
    1. Openssl (54) Search CVE
      1. 0.9.8s
      2. 1.0.0
      3. 1.0.1
      4. 0.9.8b
      5. 0.9.8a
      6. 0.9.8d
      7. 0.9.8
      8. 0.9.8c
      9. 1.0.0f
      10. 1.0.0e
      11. 1.0.0h
      12. 1.0.0g
      13. 1.0.0j
      14. 1.0.0i
      15. 1.0.0l
      16. 0.9.8w
      17. 1.0.0k
      18. 0.9.8z
      19. 1.0.0n
      20. 0.9.8y
      21. 1.0.0m
      22. 0.9.8v
      23. 0.9.8u
      24. 0.9.8x
      25. 0.9.8o
      26. 0.9.8r
      27. 0.9.8q
      28. 0.9.8t
      29. 0.9.8k
      30. 0.9.8n
      31. 0.9.8m
      32. 0.9.8p
      33. 0.9.8g
      34. 0.9.8j
      35. 0.9.8i
      36. 0.9.8l
      37. 0.9.8f
      38. 1.0.0b
      39. 0.9.8e
      40. 1.0.0a
      41. 0.9.8h
      42. 1.0.0d
      43. 1.0.0c
      44. 1.0.1g
      45. 1.0.1f
      46. 1.0.1i
      47. 1.0.1h
      48. 1.0.1a
      49. 1.0.1c
      50. 1.0.1b
      51. 1.0.1e
      52. 1.0.1d
      53. 0.9.8zb
      54. 0.9.8za
  3. Oracle (1) Search CVE
    1. Database (2) Search CVE
      1. 11.2.0.4
      2. 12.1.0.2
  4. Fedoraproject (1) Search CVE
    1. Fedora (3) Search CVE
      1. 21
      2. 20
      3. 19
  5. Mageia (1) Search CVE
    1. Mageia (2) Search CVE
      1. 3.0
      2. 4.0
  6. Apple (1) Search CVE
    1. Mac Os X (1) Search CVE
      1. 10.10.1
  7. Opensuse (1) Search CVE
    1. Opensuse (2) Search CVE
      1. 12.3
      2. 13.1
  8. Netbsd (1) Search CVE
    1. Netbsd (21) Search CVE
      1. 6.1.2
      2. 6.1.1
      3. 6.1.4
      4. 6.1.3
      5. 5.1
      6. 5.2
      7. 6.0
      8. 5.1.3
      9. 5.1.1
      10. 6.1
      11. 6.0.6
      12. 5.1.4
      13. 5.1.2
      14. 6.0.1
      15. 5.2.2
      16. 6.0.3
      17. 6.1.5
      18. 6.0.2
      19. 6.0.5
      20. 5.2.1
      21. 6.0.4
  9. Redhat (7) Search CVE
    1. Enterprise Linux (1) Search CVE
      1. 5
    2. Enterprise Linux Server Supplementary (3) Search CVE
      1. 6.0
      2. 5.0
      3. 7.0
    3. Enterprise Linux Desktop (2) Search CVE
      1. 7.0
      2. 6.0
    4. Enterprise Linux Workstation Supplementary (2) Search CVE
      1. 6.0
      2. 7.0
    5. Enterprise Linux Server (2) Search CVE
      1. 6.0
      2. 7.0
    6. Enterprise Linux Workstation (2) Search CVE
      1. 6.0
      2. 7.0
    7. Enterprise Linux Desktop Supplementary (3) Search CVE
      1. 6.0
      2. 5.0
      3. 76.0
  10. Ibm (2) Search CVE
    1. Aix (3) Search CVE
      1. 6.1
      2. 7.1
      3. 5.3
    2. Vios (24) Search CVE
      1. 2.2.1.1
      2. 2.2.1.3
      3. 2.2.1.4
      4. 2.2.1.9
      5. 2.2.1.5
      6. 2.2.1.6
      7. 2.2.1.7
      8. 2.2.1.8
      9. 2.2.0.13
      10. 2.2.0.11
      11. 2.2.0.12
      12. 2.2.0.10
      13. 2.2.2.0
      14. 2.2.2.1
      15. 2.2.2.2
      16. 2.2.2.3
      17. 2.2.1.0
      18. 2.2.2.4
      19. 2.2.2.5
      20. 2.2.3.0
      21. 2.2.3.1
      22. 2.2.3.2
      23. 2.2.3.3
      24. 2.2.3.4
  11. Novell (3) Search CVE
    1. Suse Linux Enterprise Software Development Kit (2) Search CVE
      1. 11.0
      2. 12.0
    2. Suse Linux Enterprise Desktop (4) Search CVE
      1. 9.0
      2. 10.0
      3. 11.0
      4. 12.0
    3. Suse Linux Enterprise Server (2) Search CVE
      1. 12.0
      2. 11.0

CWE

ID Name Description Links
CWE-310 Cryptographic Issues Weaknesses in this category are related to the use of cryptography. CVE

References

Source Link
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
CONFIRM https://security.netapp.com/advisory/ntap-20141015-0001/
HP http://marc.info/?l=bugtraq&m=142624619906067&w=2
HP http://marc.info/?l=bugtraq&m=141697638231025&w=2
HP http://marc.info/?l=bugtraq&m=143628269912142&w=2
CONFIRM https://support.apple.com/kb/HT6541
CONFIRM http://support.apple.com/HT204244
MISC https://www.imperialviolet.org/2014/10/14/poodle.html
CONFIRM http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10104
CONFIRM https://support.citrix.com/article/CTX216642
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21688283
MISC http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
CONFIRM http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
HP http://marc.info/?l=bugtraq&m=142624619906067
HP http://marc.info/?l=bugtraq&m=143290522027658&w=2
CONFIRM https://access.redhat.com/articles/1232123
SECTRACK http://www.securitytracker.com/id/1031096
HP http://marc.info/?l=bugtraq&m=143558192010071&w=2
MLIST http://marc.info/?l=openssl-dev&m=141333049205629&w=2
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html
REDHAT http://rhn.redhat.com/errata/RHSA-2015-1545.html
HP http://marc.info/?l=bugtraq&m=142607790919348&w=2
SECTRACK http://www.securitytracker.com/id/1031092
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0068.html
HP http://marc.info/?l=bugtraq&m=144251162130364&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0085.html
SECTRACK http://www.securitytracker.com/id/1031089
CONFIRM http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
CONFIRM https://www.suse.com/support/kb/doc.php?id=7015773
HP http://marc.info/?l=bugtraq&m=143039249603103&w=2
HP http://marc.info/?l=bugtraq&m=142496355704097&w=2
HP http://marc.info/?l=bugtraq&m=142495837901899&w=2
HP http://marc.info/?l=bugtraq&m=142350743917559&w=2
CONFIRM https://puppet.com/security/cve/poodle-sslv3-vulnerability
SECTRACK http://www.securitytracker.com/id/1031085
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2014:203
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
MISC http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html
DEBIAN http://www.debian.org/security/2014/dsa-3053
HP http://marc.info/?l=bugtraq&m=141450973807288&w=2
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
CONFIRM http://www.vmware.com/security/advisories/VMSA-2015-0003.html
SECTRACK http://www.securitytracker.com/id/1031029
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
MISC https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
CONFIRM https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
MISC https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
MISC https://github.com/mpgn/poodle-PoC
CONFIRM https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU
APPLE http://www.securityfocus.com/archive/1/533724/100/0/threaded
APPLE http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
NETBSD ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
APPLE http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
CONFIRM http://advisories.mageia.org/MGASA-2014-0416.html
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
HP http://marc.info/?l=bugtraq&m=141577087123040&w=2
MISC http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
HP http://marc.info/?l=bugtraq&m=141576815022399&w=2
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html
HP http://marc.info/?l=bugtraq&m=141775427104070&w=2
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html
CONFIRM http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
HP http://marc.info/?l=bugtraq&m=141697676231104&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html
HP http://marc.info/?l=bugtraq&m=141813976718456&w=2
HP http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html
HP http://marc.info/?l=bugtraq&m=141694355519663&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html
HP http://marc.info/?l=bugtraq&m=141450452204552&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
HP http://marc.info/?l=bugtraq&m=141703183219781&w=2
CONFIRM http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
HP http://marc.info/?l=bugtraq&m=141577350823734&w=2
HP http://marc.info/?l=bugtraq&m=141715130023061&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html
APPLE http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
CONFIRM http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html
CONFIRM http://downloads.asterisk.org/pub/security/AST-2014-011.html
HP http://marc.info/?l=bugtraq&m=141620103726640&w=2
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html
HP http://marc.info/?l=bugtraq&m=141628688425177&w=2
APPLE http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
HP http://marc.info/?l=bugtraq&m=141477196830952&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0264.html
HP http://marc.info/?l=bugtraq&m=143101048219218&w=2
HP http://marc.info/?l=bugtraq&m=141879378918327&w=2
HP http://marc.info/?l=bugtraq&m=142354438527235&w=2
HP http://marc.info/?l=bugtraq&m=142296755107581&w=2
HP http://marc.info/?l=bugtraq&m=142546741516006&w=2
HP http://marc.info/?l=bugtraq&m=142357976805598&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0086.html
HP http://marc.info/?l=bugtraq&m=142350196615714&w=2
HP http://marc.info/?l=bugtraq&m=141814011518700&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1877.html
HP http://marc.info/?l=bugtraq&m=142721887231400&w=2
HP http://marc.info/?l=bugtraq&m=143290437727362&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1653.html
HP http://marc.info/?l=bugtraq&m=144294141001552&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1880.html
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0698.html
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1920.html
HP http://marc.info/?l=bugtraq&m=145983526810210&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1882.html
HP http://marc.info/?l=bugtraq&m=142804214608580&w=2
HP http://marc.info/?l=bugtraq&m=143558137709884&w=2
HP http://marc.info/?l=bugtraq&m=142624719706349&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0079.html
HP http://marc.info/?l=bugtraq&m=142624590206005&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0080.html
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1652.html
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1692.html
HP http://marc.info/?l=bugtraq&m=142791032306609&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1881.html
HP http://marc.info/?l=bugtraq&m=142103967620673&w=2
HP http://marc.info/?l=bugtraq&m=142805027510172&w=2
HP http://marc.info/?l=bugtraq&m=143290583027876&w=2
HP http://marc.info/?l=bugtraq&m=142350298616097&w=2
HP http://marc.info/?l=bugtraq&m=142962817202793&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1876.html
HP http://marc.info/?l=bugtraq&m=142740155824959&w=2
HP http://marc.info/?l=bugtraq&m=144101915224472&w=2
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1948.html
HP http://marc.info/?l=bugtraq&m=143290371927178&w=2
HP http://marc.info/?l=bugtraq&m=142721830231196&w=2
HP http://marc.info/?l=bugtraq&m=142624679706236&w=2
HP http://marc.info/?l=bugtraq&m=142118135300698&w=2
HP http://marc.info/?l=bugtraq&m=142660345230545&w=2
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21687611
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21687172
APPLE http://www.securityfocus.com/archive/1/533747
SECTRACK http://www.securitytracker.com/id/1031090
SECTRACK http://www.securitytracker.com/id/1031091
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
DEBIAN http://www.debian.org/security/2015/dsa-3253
CERT-VN http://www.kb.cert.org/vuls/id/577193
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
SECTRACK http://www.securitytracker.com/id/1031095
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21686997
DEBIAN http://www.debian.org/security/2016/dsa-3489
SECTRACK http://www.securitytracker.com/id/1031039
SECTRACK http://www.securitytracker.com/id/1031094
CONFIRM http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
CONFIRM http://support.citrix.com/article/CTX200238
REDHAT http://rhn.redhat.com/errata/RHSA-2015-1546.html
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
SECTRACK http://www.securitytracker.com/id/1031086
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
APPLE http://www.securityfocus.com/archive/1/533746
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
DEBIAN http://www.debian.org/security/2015/dsa-3144
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
CONFIRM http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
SECTRACK http://www.securitytracker.com/id/1031088
SECTRACK http://www.securitytracker.com/id/1031093
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21692299
BID http://www.securityfocus.com/bid/70574
DEBIAN http://www.debian.org/security/2015/dsa-3147
CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
SECTRACK http://www.securitytracker.com/id/1031087
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1152789
UBUNTU http://www.ubuntu.com/usn/USN-2486-1
CONFIRM https://bto.bluecoat.com/security-advisory/sa83
SECTRACK http://www.securitytracker.com/id/1031132
UBUNTU http://www.ubuntu.com/usn/USN-2487-1
CONFIRM https://support.apple.com/kb/HT6527
CONFIRM https://support.apple.com/kb/HT6529
SECTRACK http://www.securitytracker.com/id/1031124
CONFIRM https://technet.microsoft.com/library/security/3009008.aspx
GENTOO https://security.gentoo.org/glsa/201507-14
CONFIRM https://support.apple.com/kb/HT6536
SECTRACK http://www.securitytracker.com/id/1031130
CONFIRM https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
GENTOO https://security.gentoo.org/glsa/201606-11
SECTRACK http://www.securitytracker.com/id/1031120
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635
CONFIRM https://support.apple.com/HT205217
CONFIRM http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10091
SECTRACK http://www.securitytracker.com/id/1031106
CONFIRM https://support.apple.com/kb/HT6542
SECTRACK http://www.securitytracker.com/id/1031107
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10090
CERT http://www.us-cert.gov/ncas/alerts/TA14-290A
CONFIRM https://www-01.ibm.com/support/docview.wss?uid=swg21688165
SECTRACK http://www.securitytracker.com/id/1031131
CONFIRM https://support.lenovo.com/product_security/poodle
CONFIRM https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
CONFIRM https://support.apple.com/kb/HT6531
CONFIRM https://support.lenovo.com/us/en/product_security/poodle
SECTRACK http://www.securitytracker.com/id/1031123
CONFIRM https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
CONFIRM https://support.apple.com/kb/HT6535
SECTRACK http://www.securitytracker.com/id/1031105
CONFIRM https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
MISC https://www.openssl.org/~bodo/ssl-poodle.pdf
CONFIRM https://www.openssl.org/news/secadv_20141015.txt
CONFIRM https://www.elastic.co/blog/logstash-1-4-3-released

History of changes

Date Event
2019-09-27 18:29
2018-10-30 16:27
2018-10-09 19:44
2018-08-13 21:47
2018-04-09 01:29
2018-03-28 01:29
2018-02-21 15:35
2017-12-09 02:29
2017-11-15 02:29
2017-11-10 02:29
2017-08-09 05:25
2014-10-15 00:55

New CVE