CVE-2014-3566 POODLE - An SSL 3.0 Vulnerability

Found by Googlers, Padding Oracle On Downgraded Legacy Encryption (POODLE) Attack on SSLv3. Related CVE

  • CVE-2014-3513, SRTP Memory Leak
  • CVE-2014-3567, Session Ticket Memory Leak
  • CVE-2014-3568, Build option no-ssl3 is incomplete

Further Reading

About Networking Vendors

  • Only few vendors talk about this issue.
Vendor Vulnerable Announcement Announce Date
A10 Yes A10 vADC Blog 2014-10-15
Arbor Networks Investigating… Internal Field(login required) 2014-10-15
Arista Networks Not responded Security Advisory -
Aruba Networks Yes Aruba Alert 2014-10-14
Avaya Not responded Avaya Security Advisories -
BlueCoat Yes BlueCoat Security Advisories 2014-10-15
Brocade Not responded Brocade -
Cellopoint Not responded Cellopoint News -
CheckPoint No CheckPoint 2014-10-14
Cisco Investigating… Cisco 2014-10-15
Dlink Being Confirmed…
Enterasys (Part of Extreme) Not responded Extreme eSupport -
Extreme Networks Not responded Extreme eSupport -
F5 Investigating… F5 Security Advisory 2014-10-14
FireEye Yes FireEye 2014-10-15
Fortinet Yes FortiGuard 2014-10-15
iMPERVA Yes iMPERVA Security Advisory 2014-10-15
Juniper Yes Juniper KB 2014-10-15
McAfee Yes McAfee 2014-10-15
NetAxle Not responded Response from vendor
Palo Alto Not responded Palo Alto -
Radware Not responded Emergency Response -
Ruckus Wireless Not responded Ruckus Security
Silver Peak Not responded Internal Document -
Sophers Not responded Sophers -
Sourcefire (Part of Cisco) Check Cisco -
Splunk Yes Splunk Answers -
TippingPoint Yes PDF at TMC 2014-10-24
VMware Yes/No? VMware KB 2014-10-15
Websense Yes Websense 2014-10-16

Best Practices

  • To be continued…
cve/cve-2014-3566.txt · 上一次變更: 2014/10/30 02:06 由 jal
上一頁 | 下一頁 | 回首頁 | RSS Feed | Facebook