SSL - The POODLE Attack and the End of SSL 3.0 (CVE-2014-3566) + OpenSSL Security Advisory (CVE-2014-3513)

This information is only available in English. If you need support concerning the following vulnerabilities, please contact iWeb Technical Support: http://iweb.com/contact

The POODLE attack is a vulnerability affecting SSLv3 protocol. Please read the following resources to protect your investments and understand if you are vulnerable:

1- SRTP Memory Leak (CVE-2014-3513) Severity: High
Multiple vulnerabilities have been published by the OpenSSL project. More details about the SRTP Memory Leak (CVE-2014-3513) are available at the following links:

https://www.openssl.org/news/secadv_20141015.txt
https://access.redhat.com/security/cve/CVE-2014-3513

2- 
POODLE (Padding Oracle On Downgraded Legacy Encryption):
The POODLE attack is a vulnerability affecting SSLv3 protocol. Please read the following resources to protect your investments and understand if you are vulnerable:

As a web site operator, you should disable SSL v3 on your servers as soon as possible. This needs to be done even if you support the most recent TLS version because an active MITM attacker can force browsers to downgrade their connections all the way down to SSL 3, which can then be exploited. In normal circumstances, SSL 3 shouldn't be needed by the vast majority of sites.

It's recommended to disable SSLv3 at both sides; the server and the client.

IMPORTANT: Disabling SSLv3 can create compatibility issues for legacy systems (Example: This may cause usability issues for the visitors of your website using old versions of Internet Explorer 6). Evaluate the impact on user experience before applying the recommanded changes.

 SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25

https://wiki.mozilla.org/Security/Server_Side_TLS

http://askubuntu.com/questions/537687/poodle-disabling-sslv3-in-apache

Online tool to test the Poodle vulnerability, and other SSL vulnerabilies:

If vulnerable:

1.txt

If NOT vulnerable:

2.txt

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk