[[cve:cve-2014-3566]]
足跡: cve-2014-3566
顯示原始碼
管理選單最近更新網站地圖

目錄表

CVE-2014-3566 POODLE - An SSL 3.0 Vulnerability

Found by Googlers, Padding Oracle On Downgraded Legacy Encryption (POODLE) Attack on SSLv3. Related CVE

  • CVE-2014-3513, SRTP Memory Leak
  • CVE-2014-3567, Session Ticket Memory Leak
  • CVE-2014-3568, Build option no-ssl3 is incomplete

Further Reading

About Networking Vendors

  • Only few vendors talk about this issue.
Vendor Vulnerable Announcement Announce Date
A10 Yes A10 vADC Blog 2014-10-15
Arbor Networks Investigating… Internal Field(login required) 2014-10-15
Arista Networks Not responded Security Advisory -
Aruba Networks Yes Aruba Alert 2014-10-14
Avaya Not responded Avaya Security Advisories -
BlueCoat Yes BlueCoat Security Advisories 2014-10-15
Brocade Not responded Brocade -
Cellopoint Not responded Cellopoint News -
CheckPoint No CheckPoint 2014-10-14
Cisco Investigating… Cisco 2014-10-15
Dlink Being Confirmed…
Enterasys (Part of Extreme) Not responded Extreme eSupport -
Extreme Networks Not responded Extreme eSupport -
F5 Investigating… F5 Security Advisory 2014-10-14
FireEye Yes FireEye 2014-10-15
Fortinet Yes FortiGuard 2014-10-15
iMPERVA Yes iMPERVA Security Advisory 2014-10-15
Juniper Yes Juniper KB 2014-10-15
McAfee Yes McAfee 2014-10-15
NetAxle Not responded Response from vendor
Palo Alto Not responded Palo Alto -
Radware Not responded Emergency Response -
Ruckus Wireless Not responded Ruckus Security
Silver Peak Not responded Internal Document -
Sophers Not responded Sophers -
Sourcefire (Part of Cisco) Check Cisco -
Splunk Yes Splunk Answers -
TippingPoint Yes PDF at TMC 2014-10-24
VMware Yes/No? VMware KB 2014-10-15
Websense Yes Websense 2014-10-16

Best Practices

  • To be continued…
cve/cve-2014-3566.txt · 上一次變更: 2014/10/30 02:06 由 jal
顯示原始碼舊版
多媒體管理器回到頁頂
上一頁 | 下一頁 | 回首頁 | RSS Feed | Facebook
Copyright © 2000 - 2024 jal.tw All Rights Reserved.