Environment
Situation
SSLv3 Fallback Protection “POODLE” vulnerability (CVE-2014-3566)
Severity: Medium
Version: OpenSSL 1.0.1, 1.0.0, 0.9.8
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher text using a padding oracle side-channel attack.
OpenSSL Description: "Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE."
All products using OpenSSL version 1.0.1, 1.0.0, 0.9.8 are impacted.