Russian Vulnerability Scanner Database

Back to List

CVE-2014-3566

Scores

EPSS

0.940high94.0%
0%20%40%60%80%100%

Percentile: 94.0%

CVSS

3.4low3.x
0246810

CVSS Score: 3.4/10

All CVSS Scores

CVSS 3.x
3.4

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CVSS 2.0
5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-310

Related Vulnerabilities

BDU:2015-00642

Exploits

Exploit ID: CVE-2014-3566

Source: github-poc

URL: https://github.com/uthrasri/openssl_g2.5_CVE-2014-3566

Recommendations

Source: nvd

All claws-mail users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=mail-client/claws-mail-3.13.2”

URL: https://security.gentoo.org/glsa/201606-11

Source: nvd

All Oracle JRE 8 users should upgrade to the latest stable version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-java/oracle-jre-bin-1.8.0.31

All Oracle JDK 8 users should upgrade to the latest stable version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-java/oracle-jdk-bin-1.8.0.31

All Oracle JRE 7 users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-java/oracle-jre-bin-1.7.0.76

All Oracle JDK 7 users should upgrade to the latest stable version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=dev-java/oracle-jdk-bin-1.7.0.76

URL: https://security.gentoo.org/glsa/201507-14

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2015-1546.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2015-1545.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2015-0086.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2015-0085.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2015-0080.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2015-0079.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2015-0068.html

Source: nvd

Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1948.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1882.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1881.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1880.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1877.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1876.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1692.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1653.html

Source: nvd

Before applying this update, make sure all previously released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2014-1652.html

Vulnerable Software (172)

Type: Configuration

Product: arora

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: bouncycastle

Operating System: debian

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: candlepin

Operating System: rhel

Trait: 
{  "fixed": "0.9.23.1-1.el7"}

Source: redhat

Type: Configuration

Product: chromium-browser

Operating System: debian

Trait: 
{  "fixed": "39.0.2171.71-1"}

Source: debian

Type: Configuration

Product: chromium-browser

Operating System: debian wheezy 7

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: chromium-browser

Operating System: debian squeeze 6

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: conkeror

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: cyassl

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: dwb

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: epiphany-browser

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: erlang

Operating System: debian

Trait: 
{  "fixed": "1:17.3-dfsg-3"}

Source: debian

Type: Configuration

Product: erlang

Operating System: debian squeeze 6

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: erlang

Operating System: debian wheezy 7

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: foreman

Operating System: rhel

Trait: 
{  "fixed": "1.6.0.49-1.el7sat"}

Source: redhat

Type: Configuration

Product: galeon

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: gnutls26

Operating System: debian

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: gnutls26

Operating System: debian squeeze 6

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: gnutls26

Operating System: debian wheezy 7

Trait: 
{  "unfixed": true}

Source: debian

Type: Configuration

Product: gnutls28

Operating System: debian

Trait: 
{  "fixed": "3.3.8-5"}

Source: debian

Type: Configuration

Product: haskell-tls

Operating System: debian

Trait: 
{  "fixed": "1.2.9-2"}

Source: debian