Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2014-3566

Published: Oct 15, 2014 | Modified: Nov 27, 2024
CVSS 3.x
3.4
LOW
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
5 IMPORTANT
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2014-3566
CWEhttps://cwe.mitre.org/data/definitions/310.html

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue.

Affected Software

Name Vendor Start Version End Version
Enterprise_linux Redhat 5 (including) 5 (including)
Enterprise_linux_desktop Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_desktop Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_desktop_supplementary Redhat 5.0 (including) 5.0 (including)
Enterprise_linux_desktop_supplementary Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_server Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_server Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_server_supplementary Redhat 5.0 (including) 5.0 (including)
Enterprise_linux_server_supplementary Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_server_supplementary Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_workstation Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_workstation Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_workstation_supplementary Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_workstation_supplementary Redhat 7.0 (including) 7.0 (including)
Oracle Java for Red Hat Enterprise Linux 5 RedHat java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el5_11 *
Oracle Java for Red Hat Enterprise Linux 5 RedHat java-1.6.0-sun-1:1.6.0.91-1jpp.1.el5_11 *
Oracle Java for Red Hat Enterprise Linux 6 RedHat java-1.7.0-oracle-1:1.7.0.75-1jpp.1.el6 *
Oracle Java for Red Hat Enterprise Linux 6 RedHat java-1.8.0-oracle-1:1.8.0.31-1jpp.1.el6 *
Oracle Java for Red Hat Enterprise Linux 6 RedHat java-1.6.0-sun-1:1.6.0.91-1jpp.1.el6 *
Oracle Java for Red Hat Enterprise Linux 7 RedHat java-1.7.0-oracle-1:1.7.0.75-1jpp.2.el7 *
Oracle Java for Red Hat Enterprise Linux 7 RedHat java-1.6.0-sun-1:1.6.0.91-1jpp.1.el7 *
Red Hat Enterprise Linux 5 RedHat java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el5_11 *
Red Hat Enterprise Linux 5 RedHat java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el5_11 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el5 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el5 *
Red Hat Enterprise Linux 5 Supplementary RedHat java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el5 *
Red Hat Enterprise Linux 6 RedHat java-1.7.0-openjdk-1:1.7.0.75-2.5.4.0.el6_6 *
Red Hat Enterprise Linux 6 RedHat java-1.8.0-openjdk-1:1.8.0.31-1.b13.el6_6 *
Red Hat Enterprise Linux 6 RedHat java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el6_6 *
Red Hat Enterprise Linux 7 RedHat java-1.7.0-openjdk-1:1.7.0.75-2.5.4.2.el7_0 *
Red Hat Enterprise Linux 7 RedHat java-1.6.0-openjdk-1:1.6.0.34-1.13.6.1.el7_0 *
Red Hat JBoss Enterprise Application Platform 5.2 RedHat *
Red Hat JBoss Enterprise Application Platform 6.3 RedHat openssl *
Red Hat JBoss Web Platform 5.2 RedHat *
Red Hat JBoss Web Server 2.1 RedHat openssl *
Red Hat OpenShift Enterprise 2.0 RedHat openshift-origin-node-proxy-0:1.16.4.2-1.el6op *
Red Hat OpenShift Enterprise 2.1 RedHat openshift-origin-node-proxy-0:1.22.3.4-1.el6op *
Red Hat Satellite 5.6 RedHat java-1.6.0-ibm-1:1.6.0.16.3-1jpp.1.el6 *
Red Hat Satellite 6.0 RedHat candlepin-0:0.9.23.1-1.el7 *
Red Hat Satellite 6.0 RedHat foreman-0:1.6.0.49-1.el6sat *
Red Hat Satellite 6.0 RedHat katello-agent-0:1.5.3-6.el6sat *
Red Hat Satellite 6.0 RedHat pulp-0:2.4.3-1.el6sat *
Red Hat Satellite 6.0 RedHat pulp-nodes-0:2.4.3-0.1.beta.el6sat *
Red Hat Satellite 6.0 RedHat pulp-puppet-0:2.4.3-1.el6sat *
Red Hat Satellite 6.0 RedHat pulp-rpm-0:2.4.3-1.el7sat *
Red Hat Satellite 6.0 RedHat ruby193-rubygem-katello-0:1.5.0-93.el7sat *
Red Hat Satellite 6.0 RedHat rubygem-apipie-bindings-0:0.0.8-2.el6sat *
Red Hat Satellite 6.0 RedHat rubygem-hammer_cli_import-0:0.10.4-1.3.el7sat *
Supplementary for Red Hat Enterprise Linux 6 RedHat java-1.6.0-ibm-1:1.6.0.16.2-1jpp.1.el6_6 *
Supplementary for Red Hat Enterprise Linux 6 RedHat java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el6_6 *
Supplementary for Red Hat Enterprise Linux 6 RedHat java-1.5.0-ibm-1:1.5.0.16.8-1jpp.1.el6_6 *
Supplementary for Red Hat Enterprise Linux 6 RedHat java-1.7.0-ibm-1:1.7.0.8.0-1jpp.1.el6_6 *
Supplementary for Red Hat Enterprise Linux 7 RedHat java-1.7.1-ibm-1:1.7.1.2.0-1jpp.3.el7_0 *
Nss Ubuntu upstream *
Openjdk-6 Ubuntu lucid *
Openjdk-6 Ubuntu precise *
Openjdk-6 Ubuntu trusty *
Openjdk-6 Ubuntu upstream *
Openjdk-6 Ubuntu utopic *
Openjdk-7 Ubuntu precise *
Openjdk-7 Ubuntu trusty *
Openjdk-7 Ubuntu upstream *
Openjdk-7 Ubuntu utopic *
Openssl Ubuntu artful *
Openssl Ubuntu bionic *
Openssl Ubuntu cosmic *
Openssl Ubuntu devel *
Openssl Ubuntu disco *
Openssl Ubuntu fips-preview/jammy *
Openssl Ubuntu fips-updates/jammy *
Openssl Ubuntu focal *
Openssl Ubuntu jammy *
Openssl Ubuntu kinetic *
Openssl Ubuntu lucid *
Openssl Ubuntu lunar *
Openssl Ubuntu mantic *
Openssl Ubuntu noble *
Openssl Ubuntu oracular *
Openssl Ubuntu precise *
Openssl Ubuntu trusty *
Openssl Ubuntu utopic *
Openssl Ubuntu vivid *
Openssl Ubuntu vivid/stable-phone-overlay *
Openssl Ubuntu vivid/ubuntu-core *
Openssl Ubuntu wily *
Openssl Ubuntu xenial *
Openssl Ubuntu yakkety *
Openssl Ubuntu zesty *
Openssl098 Ubuntu precise *
Openssl098 Ubuntu trusty *
Openssl098 Ubuntu utopic *
Openssl098 Ubuntu vivid *
Pound Ubuntu esm-infra-legacy/trusty *
Pound Ubuntu precise *
Pound Ubuntu trusty *
Pound Ubuntu trusty/esm *
Pound Ubuntu utopic *
Pound Ubuntu vivid *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use