CVE-2014-3566
LOWCVSS 3.4/10EPSS 100.00%
Last modified
CVE-2014-3566 is a low-severity vulnerability rated 3.4/10 on the CVSS scale. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.. EPSS estimates a 100.00% chance of exploitation in the next 30 days.
Description
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
100.0th percentile
Probability of exploitation in the next 30 days. Learn more
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Redhat | Enterprise Linux | 5 | — |
| Redhat | Enterprise Linux Desktop | 6.0 | — |
| Redhat | Enterprise Linux Desktop | 7.0 | — |
| Redhat | Enterprise Linux Desktop Supplementary | 5.0 | — |
| Redhat | Enterprise Linux Desktop Supplementary | 6.0 | — |
| Redhat | Enterprise Linux Server | 6.0 | — |
| Redhat | Enterprise Linux Server | 7.0 | — |
| Redhat | Enterprise Linux Server Supplementary | 5.0 | — |
| Redhat | Enterprise Linux Server Supplementary | 6.0 | — |
| Redhat | Enterprise Linux Server Supplementary | 7.0 | — |
| Redhat | Enterprise Linux Workstation | 6.0 | — |
| Redhat | Enterprise Linux Workstation | 7.0 | — |
| Redhat | Enterprise Linux Workstation Supplementary | 6.0 | — |
| Redhat | Enterprise Linux Workstation Supplementary | 7.0 | — |
| Ibm | Aix | 5.3 | — |
| Ibm | Aix | 6.1 | — |
| Ibm | Aix | 7.1 | — |
| Apple | Mac Os X | <= 10.10.1 | — |
| Mageia | Mageia | 3.0 | — |
| Mageia | Mageia | 4.0 | — |
| Novell | Suse Linux Enterprise Desktop | 9.0 | — |
| Novell | Suse Linux Enterprise Desktop | 10.0 | — |
| Novell | Suse Linux Enterprise Desktop | 11.0 | — |
| Novell | Suse Linux Enterprise Desktop | 12.0 | — |
| Novell | Suse Linux Enterprise Software Development Kit | 11.0 | Sp3 |
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 | — |
| Novell | Suse Linux Enterprise Server | 11.0 | Sp3 |
| Novell | Suse Linux Enterprise Server | 12.0 | — |
| Opensuse | Opensuse | 12.3 | — |
| Opensuse | Opensuse | 13.1 | — |
| Fedoraproject | Fedora | 19 | — |
| Fedoraproject | Fedora | 20 | — |
| Fedoraproject | Fedora | 21 | — |
| Openssl | Openssl | 0.9.8 | — |
| Openssl | Openssl | 0.9.8a | — |
| Openssl | Openssl | 0.9.8b | — |
| Openssl | Openssl | 0.9.8c | — |
| Openssl | Openssl | 0.9.8d | — |
| Openssl | Openssl | 0.9.8e | — |
| Openssl | Openssl | 0.9.8f | — |
| Openssl | Openssl | 0.9.8g | — |
| Openssl | Openssl | 0.9.8h | — |
| Openssl | Openssl | 0.9.8i | — |
| Openssl | Openssl | 0.9.8j | — |
| Openssl | Openssl | 0.9.8k | — |
| Openssl | Openssl | 0.9.8l | — |
| Openssl | Openssl | 0.9.8m | — |
| Openssl | Openssl | 0.9.8n | — |
| Openssl | Openssl | 0.9.8o | — |
| Openssl | Openssl | 0.9.8p | — |
Showing 50 of 136 affected configurations. See NVD for the full list.
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.ascThird Party Advisory
- http://advisories.mageia.org/MGASA-2014-0416.htmlThird Party Advisory
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.ascThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.htmlThird Party Advisory
- http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.htmlThird Party Advisory
- http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/Third Party Advisory
- http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdfThird Party Advisory
- http://downloads.asterisk.org/pub/security/AST-2014-011.htmlThird Party Advisory
- http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581Third Party Advisory
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034Third Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlMailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.htmlThird Party Advisory
- http://marc.info/?l=bugtraq&m=141450452204552&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141450973807288&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141477196830952&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141576815022399&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577087123040&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577350823734&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141620103726640&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141628688425177&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141694355519663&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141697638231025&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141697676231104&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141703183219781&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141715130023061&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141775427104070&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141813976718456&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141814011518700&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141879378918327&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142103967620673&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142118135300698&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142296755107581&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142350196615714&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142350298616097&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142350743917559&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142354438527235&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142357976805598&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142495837901899&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142496355704097&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142546741516006&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142607790919348&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624590206005&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624619906067Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624619906067&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624679706236&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624719706349&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142660345230545&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142721830231196&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142721887231400&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142740155824959&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142791032306609&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142804214608580&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142805027510172&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142962817202793&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143039249603103&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143101048219218&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143290371927178&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143290437727362&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143290522027658&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143290583027876&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143558137709884&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143558192010071&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143628269912142&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=144101915224472&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=144251162130364&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=144294141001552&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=145983526810210&w=2Third Party Advisory
- http://marc.info/?l=openssl-dev&m=141333049205629&w=2Third Party Advisory
- http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1652.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1653.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1692.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1876.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1877.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1880.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1881.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1882.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1920.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1948.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0068.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0079.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0080.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0085.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0086.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0264.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0698.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1545.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1546.htmlThird Party Advisory
- http://secunia.com/advisories/59627Third Party Advisory
- http://secunia.com/advisories/60056Third Party Advisory
- http://secunia.com/advisories/60206Third Party Advisory
- http://secunia.com/advisories/60792Third Party Advisory
- http://secunia.com/advisories/60859Third Party Advisory
- http://secunia.com/advisories/61019Third Party Advisory
- http://secunia.com/advisories/61130Third Party Advisory
- http://secunia.com/advisories/61303Third Party Advisory
- http://secunia.com/advisories/61316Third Party Advisory
- http://secunia.com/advisories/61345Third Party Advisory
- http://secunia.com/advisories/61359Third Party Advisory
- http://secunia.com/advisories/61782Third Party Advisory
- http://secunia.com/advisories/61810Third Party Advisory
- http://secunia.com/advisories/61819Third Party Advisory
- http://secunia.com/advisories/61825Third Party Advisory
- http://secunia.com/advisories/61827Third Party Advisory
- http://secunia.com/advisories/61926Third Party Advisory
- http://secunia.com/advisories/61995Third Party Advisory
- http://support.apple.com/HT204244Third Party Advisory
- http://support.citrix.com/article/CTX200238Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21687172Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21687611Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21688283Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21692299Third Party Advisory
- http://www.debian.org/security/2014/dsa-3053Third Party Advisory
- http://www.debian.org/security/2015/dsa-3144Third Party Advisory
- http://www.debian.org/security/2015/dsa-3147Third Party Advisory
- http://www.debian.org/security/2015/dsa-3253Third Party Advisory
- http://www.debian.org/security/2016/dsa-3489Third Party Advisory
- http://www.kb.cert.org/vuls/id/577193Third Party Advisory, US Government Resource
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:203Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:062Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/533724/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/533746Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/533747Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/70574Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031029Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031039Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031085Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031086Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031087Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031088Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031089Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031090Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031091Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031092Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031093Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031094Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031095Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031096Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031105Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031106Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031107Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031120Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031123Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031124Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031130Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031131Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031132Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2486-1Vendor Advisory
- http://www.ubuntu.com/usn/USN-2487-1Vendor Advisory
- http://www.us-cert.gov/ncas/alerts/TA14-290AThird Party Advisory, US Government Resource
- http://www.vmware.com/security/advisories/VMSA-2015-0003.htmlThird Party Advisory
- https://access.redhat.com/articles/1232123Third Party Advisory
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa83Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1076983Issue Tracking
- https://bugzilla.redhat.com/show_bug.cgi?id=1152789Issue Tracking
- https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ipThird Party Advisory
- https://github.com/mpgn/poodle-PoCThird Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02Third Party Advisory, US Government Resource
- https://kc.mcafee.com/corporate/index?page=content&id=SB10090Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10104Third Party Advisory
- https://puppet.com/security/cve/poodle-sslv3-vulnerabilityThird Party Advisory
- https://security.gentoo.org/glsa/201507-14Third Party Advisory
- https://security.gentoo.org/glsa/201606-11Third Party Advisory
- https://security.netapp.com/advisory/ntap-20141015-0001/Third Party Advisory
- https://support.apple.com/HT205217Vendor Advisory
- https://support.apple.com/kb/HT6527Vendor Advisory
- https://support.apple.com/kb/HT6529Vendor Advisory
- https://support.apple.com/kb/HT6531Vendor Advisory
- https://support.apple.com/kb/HT6535Vendor Advisory
- https://support.apple.com/kb/HT6536Vendor Advisory
- https://support.apple.com/kb/HT6541Vendor Advisory
- https://support.apple.com/kb/HT6542Vendor Advisory
- https://support.citrix.com/article/CTX216642Third Party Advisory
- https://support.lenovo.com/product_security/poodleThird Party Advisory
- https://support.lenovo.com/us/en/product_security/poodleThird Party Advisory
- https://technet.microsoft.com/library/security/3009008.aspxPatch, Vendor Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21688165Third Party Advisory
- https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.htmlThird Party Advisory
- https://www.elastic.co/blog/logstash-1-4-3-releasedThird Party Advisory
- https://www.imperialviolet.org/2014/10/14/poodle.htmlThird Party Advisory
- https://www.openssl.org/news/secadv_20141015.txtVendor Advisory
- https://www.openssl.org/~bodo/ssl-poodle.pdfVendor Advisory
- https://www.suse.com/support/kb/doc.php?id=7015773Third Party Advisory
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.ascThird Party Advisory
- http://advisories.mageia.org/MGASA-2014-0416.htmlThird Party Advisory
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.ascThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.htmlThird Party Advisory
- http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.htmlThird Party Advisory
- http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/Third Party Advisory
- http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdfThird Party Advisory
- http://downloads.asterisk.org/pub/security/AST-2014-011.htmlThird Party Advisory
- http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581Third Party Advisory
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034Third Party Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.htmlMailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.htmlThird Party Advisory
- http://marc.info/?l=bugtraq&m=141450452204552&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141450973807288&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141477196830952&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141576815022399&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577087123040&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141577350823734&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141620103726640&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141628688425177&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141694355519663&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141697638231025&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141697676231104&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141703183219781&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141715130023061&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141775427104070&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141813976718456&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141814011518700&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=141879378918327&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142103967620673&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142118135300698&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142296755107581&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142350196615714&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142350298616097&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142350743917559&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142354438527235&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142357976805598&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142495837901899&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142496355704097&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142546741516006&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142607790919348&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624590206005&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624619906067Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624619906067&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624679706236&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142624719706349&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142660345230545&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142721830231196&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142721887231400&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142740155824959&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142791032306609&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142804214608580&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142805027510172&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=142962817202793&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143039249603103&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143101048219218&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143290371927178&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143290437727362&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143290522027658&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143290583027876&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143558137709884&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143558192010071&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=143628269912142&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=144101915224472&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=144251162130364&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=144294141001552&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=145983526810210&w=2Third Party Advisory
- http://marc.info/?l=openssl-dev&m=141333049205629&w=2Third Party Advisory
- http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1652.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1653.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1692.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1876.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1877.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1880.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1881.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1882.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1920.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2014-1948.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0068.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0079.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0080.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0085.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0086.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0264.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0698.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1545.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1546.htmlThird Party Advisory
- http://secunia.com/advisories/59627Third Party Advisory
- http://secunia.com/advisories/60056Third Party Advisory
- http://secunia.com/advisories/60206Third Party Advisory
- http://secunia.com/advisories/60792Third Party Advisory
- http://secunia.com/advisories/60859Third Party Advisory
- http://secunia.com/advisories/61019Third Party Advisory
- http://secunia.com/advisories/61130Third Party Advisory
- http://secunia.com/advisories/61303Third Party Advisory
- http://secunia.com/advisories/61316Third Party Advisory
- http://secunia.com/advisories/61345Third Party Advisory
- http://secunia.com/advisories/61359Third Party Advisory
- http://secunia.com/advisories/61782Third Party Advisory
- http://secunia.com/advisories/61810Third Party Advisory
- http://secunia.com/advisories/61819Third Party Advisory
- http://secunia.com/advisories/61825Third Party Advisory
- http://secunia.com/advisories/61827Third Party Advisory
- http://secunia.com/advisories/61926Third Party Advisory
- http://secunia.com/advisories/61995Third Party Advisory
- http://support.apple.com/HT204244Third Party Advisory
- http://support.citrix.com/article/CTX200238Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21687172Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21687611Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21688283Third Party Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg21692299Third Party Advisory
- http://www.debian.org/security/2014/dsa-3053Third Party Advisory
- http://www.debian.org/security/2015/dsa-3144Third Party Advisory
- http://www.debian.org/security/2015/dsa-3147Third Party Advisory
- http://www.debian.org/security/2015/dsa-3253Third Party Advisory
- http://www.debian.org/security/2016/dsa-3489Third Party Advisory
- http://www.kb.cert.org/vuls/id/577193Third Party Advisory, US Government Resource
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:203Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:062Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlPatch, Third Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/533724/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/533746Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/533747Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/70574Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031029Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031039Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031085Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031086Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031087Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031088Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031089Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031090Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031091Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031092Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031093Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031094Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031095Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031096Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031105Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031106Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031107Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031120Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031123Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031124Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031130Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031131Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031132Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2486-1Vendor Advisory
- http://www.ubuntu.com/usn/USN-2487-1Vendor Advisory
- http://www.us-cert.gov/ncas/alerts/TA14-290AThird Party Advisory, US Government Resource
- http://www.vmware.com/security/advisories/VMSA-2015-0003.htmlThird Party Advisory
- https://access.redhat.com/articles/1232123Third Party Advisory
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa83Third Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1076983Issue Tracking
- https://bugzilla.redhat.com/show_bug.cgi?id=1152789Issue Tracking
- https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ipThird Party Advisory
- https://github.com/mpgn/poodle-PoCThird Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02Third Party Advisory, US Government Resource
- https://kc.mcafee.com/corporate/index?page=content&id=SB10090Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10104Third Party Advisory
- https://puppet.com/security/cve/poodle-sslv3-vulnerabilityThird Party Advisory
- https://security.gentoo.org/glsa/201507-14Third Party Advisory
- https://security.gentoo.org/glsa/201606-11Third Party Advisory
- https://security.netapp.com/advisory/ntap-20141015-0001/Third Party Advisory
- https://support.apple.com/HT205217Vendor Advisory
- https://support.apple.com/kb/HT6527Vendor Advisory
- https://support.apple.com/kb/HT6529Vendor Advisory
- https://support.apple.com/kb/HT6531Vendor Advisory
- https://support.apple.com/kb/HT6535Vendor Advisory
- https://support.apple.com/kb/HT6536Vendor Advisory
- https://support.apple.com/kb/HT6541Vendor Advisory
- https://support.apple.com/kb/HT6542Vendor Advisory
- https://support.citrix.com/article/CTX216642Third Party Advisory
- https://support.lenovo.com/product_security/poodleThird Party Advisory
- https://support.lenovo.com/us/en/product_security/poodleThird Party Advisory
- https://technet.microsoft.com/library/security/3009008.aspxPatch, Vendor Advisory
- https://www-01.ibm.com/support/docview.wss?uid=swg21688165Third Party Advisory
- https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.htmlThird Party Advisory
- https://www.elastic.co/blog/logstash-1-4-3-releasedThird Party Advisory
- https://www.imperialviolet.org/2014/10/14/poodle.htmlThird Party Advisory
- https://www.openssl.org/news/secadv_20141015.txtVendor Advisory
- https://www.openssl.org/~bodo/ssl-poodle.pdfVendor Advisory
- https://www.suse.com/support/kb/doc.php?id=7015773Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-3566?
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
How severe is CVE-2014-3566?
CVE-2014-3566 has a CVSS score of 3.4/10 (LOW severity). The EPSS model estimates a 100.00% probability of exploitation in the next 30 days.
How do I fix CVE-2014-3566?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-3566?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST