Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 1
Multiple vulnerabilities in OpenSSL
CVE-2014-3566
Information disclosure
The vulnerability allows a remote attacker to perform MitM attack.The vulnerability exists due to usage of insecure SSLv3 protocol in OpenSSL. A remote attacker can force the current connection between user and server to be downgraded to SSLv3 protocol and then use padding-oracle attack on Cypher-block chaining (CBC) mode to decrypt encrypted communication.
Successful exploitation of the vulnerability may allow an attacker to read encrypted communications in clear text.
Note: The vulnerability is known as POODLE.
The vulnerability was used in the attack called Poodle against Docker.
Software: OpenSSL
Links:
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-magnified-losses-a...
https://www.appsecconsulting.com/blog/zero-day-attacks-in-2014
https://technet.microsoft.com/en-us/library/security/3009008.aspx
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
https://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html
http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
https://www.tripwire.com/state-of-security/vulnerability-management/ssl-v3-poodle-vulnerability-reve...
https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://www.entrust.com/get-support/ssl-certificate-support/poodle-security-vulnerability/
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/poodle-sslv3-vulnerability-t...