V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
CVE-2014-3566
DEB
LowConfirmedExploit available

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for ma…

CVSS
3.4
Low
EPSS
1.00
p100
Published
2014-01-01
Updated
2014-01-01
Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Tags · CWE
Pre-auth
CWE-310
Affected products
AroraBouncycastleCandlepinChromium-browserChromium-browserChromium-browserConkerorCyasslDwbEpiphany-browserErlangErlangErlangForemanGaleonGnutls26Gnutls26Gnutls26Gnutls28Haskell-tls
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Timeline
2014-01-01
Published
2014-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: C
Changed (C)
Confidentiality Impact
C: L
Low (L)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
1.000 · p100
Known exploited (KEV)
No
Known exploits — Сканер-ВС
CVE-2014-3566
github-poc · https://github.com/uthrasri/openssl_g2.5_CVE-2014-3566
Enterprise
Affected software
ProductVendorStatus
aroraTracked
bouncycastleTracked
candlepinTracked
chromium-browserTracked
chromium-browserTracked
chromium-browserTracked
conkerorTracked
cyasslTracked
dwbTracked
epiphany-browserTracked
erlangTracked
erlangTracked
erlangTracked
foremanTracked
galeonTracked
gnutls26Tracked
gnutls26Tracked
gnutls26Tracked
gnutls28Tracked
haskell-tlsTracked
Source databases
DEB
CVE
RED
UBU
Related vulnerabilities
BDU:2015-00642