The vulnerability was used in the attack called Poodle against Docker.
Vulnerability details
Advisory: SB2014101601 - Multiple vulnerabilities in OpenSSL
Vulnerable component: OpenSSL
CVE-ID: CVE-2014-3566
CVSSv3 score: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C
CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Description:
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of insecure SSLv3 protocol in OpenSSL. A remote attacker can force the current connection between user and server to be downgraded to SSLv3 protocol and then use padding-oracle attack on Cypher-block chaining (CBC) mode to decrypt encrypted communication.
Successful exploitation of the vulnerability may allow an attacker to read encrypted communications in clear text.
Note: The vulnerability is known as POODLE.
External links:
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-magnified-losses-a...
https://www.appsecconsulting.com/blog/zero-day-attacks-in-2014
https://technet.microsoft.com/en-us/library/security/3009008.aspx
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
https://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html
http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
https://www.tripwire.com/state-of-security/vulnerability-management/ssl-v3-poodle-vulnerability-reve...
https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://www.entrust.com/get-support/ssl-certificate-support/poodle-security-vulnerability/
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/poodle-sslv3-vulnerability-t...