CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle…

low3.4CVSS 3.0

AVNACHPRNUIRSCCLINAN

EXPLOIT

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Affected

337 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	mac_os_x	<= 10.10.1	—
apple	os_x_server_v4.1	—	—
apple	os_x_yosemite_v10.10.2_and_security_update_2015-001	—	—
apple	xcode	—	—
apsis	pound	>= 0 < 2.6-6	2.6-6
apsis	pound	>= 0 < 2.6-6	2.6-6
apsis	pound	>= 0 < 2.6-6	2.6-6
citrix	netscaler_adc_gateway	—	—
cloudera	cloudera_manager	—	—
cloudera	cloudera_manager	—	—
cloudera	cloudera_manager	—	—
cloudera	cloudera_manager	—	—
cloudera	cloudera_manager	—	—
cloudera	cloudera_manager	—	—
cloudera	navigator	—	—
cloudera	navigator	—	—
cloudera	navigator	—	—
cloudera	navigator	—	—
cloudera	navigator	—	—
cloudera	navigator	—	—
debian	bouncycastle	< erlang 1:17.3-dfsg-3 (bookworm)	erlang 1:17.3-dfsg-3 (bookworm)
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	epiphany-browser	< erlang 1:17.3-dfsg-3 (bookworm)	erlang 1:17.3-dfsg-3 (bookworm)
debian	erlang	< erlang 1:17.3-dfsg-3 (bookworm)	erlang 1:17.3-dfsg-3 (bookworm)

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N

nvdv3.13.4LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

osv3.4LOW