CVE-2014-3566

3.4

LOW

OpenSSL SSL Connection Downgrade to SSL 3.0 Padding Oracle

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

INFO

Published Date :

Oct. 15, 2014, 12:55 a.m.

Last Modified :

Sept. 12, 2023, 2:55 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

1.4

Exploitability Score :

1.6 Public PoC/Exploit Available at Github

CVE-2014-3566 has a 80 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2014-3566 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Redhat	enterprise_linux
2	Redhat	enterprise_linux_desktop
3	Redhat	enterprise_linux_server
4	Redhat	enterprise_linux_workstation
5	Redhat	enterprise_linux_server_supplementary
6	Redhat	enterprise_linux_desktop_supplementary
7	Redhat	enterprise_linux_workstation_supplementary
1	Novell	suse_linux_enterprise_desktop
2	Novell	suse_linux_enterprise_server
3	Novell	suse_linux_enterprise_software_development_kit
1	Ibm	aix
2	Ibm	vios
1	Fedoraproject	fedora
1	Debian	debian_linux
1	Oracle	database
1	Openssl	openssl
1	Apple	mac_os_x
1	Opensuse	opensuse
1	Netbsd	netbsd
1	Mageia	mageia

: Total Affected Vendor : 11 | Products : 20

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2014-3566.

URL	Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc	Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0416.html	Third Party Advisory
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc	Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html	Third Party Advisory
http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566	Third Party Advisory
http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html	Third Party Advisory
http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/	Third Party Advisory
http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx	Third Party Advisory
http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf	Third Party Advisory
http://downloads.asterisk.org/pub/security/AST-2014-011.html	Third Party Advisory
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html	Third Party Advisory
http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581	Third Party Advisory
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034	Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705	Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html	Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html	Third Party Advisory
http://marc.info/?l=bugtraq&m=141450452204552&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141450973807288&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141477196830952&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141576815022399&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141577087123040&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141577350823734&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141620103726640&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141628688425177&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141694355519663&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141697638231025&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141697676231104&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141703183219781&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141715130023061&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141775427104070&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141813976718456&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141814011518700&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=141879378918327&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142103967620673&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142118135300698&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142296755107581&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142350196615714&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142350298616097&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142350743917559&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142354438527235&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142357976805598&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142495837901899&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142496355704097&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142546741516006&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142607790919348&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142624590206005&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142624619906067	Third Party Advisory
http://marc.info/?l=bugtraq&m=142624619906067&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142624679706236&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142624719706349&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142660345230545&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142721830231196&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142721887231400&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142740155824959&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142791032306609&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142804214608580&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142805027510172&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=142962817202793&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143039249603103&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143101048219218&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143290371927178&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143290437727362&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143290522027658&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143290583027876&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143558137709884&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143558192010071&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=143628269912142&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=144101915224472&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=144251162130364&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=144294141001552&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=145983526810210&w=2	Third Party Advisory
http://marc.info/?l=openssl-dev&m=141333049205629&w=2	Third Party Advisory
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1652.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1653.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1692.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1876.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1877.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1880.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1881.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1882.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1920.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1948.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0068.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0079.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0080.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0085.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0086.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0264.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0698.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1545.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1546.html	Third Party Advisory
http://secunia.com/advisories/59627	Third Party Advisory
http://secunia.com/advisories/60056	Third Party Advisory
http://secunia.com/advisories/60206	Third Party Advisory
http://secunia.com/advisories/60792	Third Party Advisory
http://secunia.com/advisories/60859	Third Party Advisory
http://secunia.com/advisories/61019	Third Party Advisory
http://secunia.com/advisories/61130	Third Party Advisory
http://secunia.com/advisories/61303	Third Party Advisory
http://secunia.com/advisories/61316	Third Party Advisory
http://secunia.com/advisories/61345	Third Party Advisory
http://secunia.com/advisories/61359	Third Party Advisory
http://secunia.com/advisories/61782	Third Party Advisory
http://secunia.com/advisories/61810	Third Party Advisory
http://secunia.com/advisories/61819	Third Party Advisory
http://secunia.com/advisories/61825	Third Party Advisory
http://secunia.com/advisories/61827	Third Party Advisory
http://secunia.com/advisories/61926	Third Party Advisory
http://secunia.com/advisories/61995	Third Party Advisory
http://support.apple.com/HT204244	Third Party Advisory
http://support.citrix.com/article/CTX200238	Third Party Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21686997	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21687172	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21687611	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21688283	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21692299	Third Party Advisory
http://www.debian.org/security/2014/dsa-3053	Third Party Advisory
http://www.debian.org/security/2015/dsa-3144	Third Party Advisory
http://www.debian.org/security/2015/dsa-3147	Third Party Advisory
http://www.debian.org/security/2015/dsa-3253	Third Party Advisory
http://www.debian.org/security/2016/dsa-3489	Third Party Advisory
http://www.kb.cert.org/vuls/id/577193	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2014:203	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html	Third Party Advisory
http://www.securityfocus.com/archive/1/533724/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/533746	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/533747	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/70574	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031029	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031039	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031085	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031086	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031087	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031088	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031089	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031090	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031091	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031092	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031093	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031094	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031095	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031096	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031105	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031106	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031107	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031120	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031123	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031124	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031130	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031131	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031132	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2486-1	Vendor Advisory
http://www.ubuntu.com/usn/USN-2487-1	Vendor Advisory
http://www.us-cert.gov/ncas/alerts/TA14-290A	Third Party Advisory US Government Resource
http://www.vmware.com/security/advisories/VMSA-2015-0003.html	Third Party Advisory
http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0	Third Party Advisory
http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm	Third Party Advisory
https://access.redhat.com/articles/1232123	Third Party Advisory
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/	Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6	Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa83	Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1076983	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1152789	Issue Tracking
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip	Third Party Advisory
https://github.com/mpgn/poodle-PoC	Third Party Advisory
https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667	Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946	Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02	Third Party Advisory US Government Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10090	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10091	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10104	Third Party Advisory
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://puppet.com/security/cve/poodle-sslv3-vulnerability	Third Party Advisory
https://security.gentoo.org/glsa/201507-14	Third Party Advisory
https://security.gentoo.org/glsa/201606-11	Third Party Advisory
https://security.netapp.com/advisory/ntap-20141015-0001/	Third Party Advisory
https://support.apple.com/HT205217	Vendor Advisory
https://support.apple.com/kb/HT6527	Vendor Advisory
https://support.apple.com/kb/HT6529	Vendor Advisory
https://support.apple.com/kb/HT6531	Vendor Advisory
https://support.apple.com/kb/HT6535	Vendor Advisory
https://support.apple.com/kb/HT6536	Vendor Advisory
https://support.apple.com/kb/HT6541	Vendor Advisory
https://support.apple.com/kb/HT6542	Vendor Advisory
https://support.citrix.com/article/CTX216642	Third Party Advisory
https://support.lenovo.com/product_security/poodle	Third Party Advisory
https://support.lenovo.com/us/en/product_security/poodle	Third Party Advisory
https://technet.microsoft.com/library/security/3009008.aspx	Patch Vendor Advisory
https://www-01.ibm.com/support/docview.wss?uid=swg21688165	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7
https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html	Third Party Advisory
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html	Third Party Advisory
https://www.elastic.co/blog/logstash-1-4-3-released	Third Party Advisory
https://www.imperialviolet.org/2014/10/14/poodle.html	Third Party Advisory
https://www.openssl.org/news/secadv_20141015.txt	Vendor Advisory
https://www.openssl.org/~bodo/ssl-poodle.pdf	Vendor Advisory
https://www.suse.com/support/kb/doc.php?id=7015773	Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

kdairatchi/crackscanner

Nmap on crack using py

Python

Updated: 2 days, 15 hours ago

1 stars 0 fork 0 watcher

Born at : Sept. 16, 2024, 4:42 a.m. This repo has been linked 7 different CVEs too.

Faizan-Khanx/CEH-Preparation

A Study Guide For CEH Examination , Must See This Repo If You Are New In CyberSecurity And Want To Start Your Carrier In This Field. #HappyHacking

HTML

Updated: 2 weeks, 2 days ago

0 stars 0 fork 0 watcher

Born at : Sept. 2, 2024, 2:58 p.m. This repo has been linked 4 different CVEs too.

password123456/setup-apache-http-server-with-shorts-security-best-practice

Apache HTTP Server SHORTS security best practice

apache apache-configuration apache-http-server apache-httpd apache-server apache2 apache24 apache-hardening apache2-security

Updated: 3 weeks, 1 day ago

0 stars 0 fork 0 watcher

Born at : Aug. 27, 2024, 4:07 a.m. This repo has been linked 2 different CVEs too.

EvgeniyaBalanyuk/attacks

None

Updated: 1 month, 1 week ago

0 stars 0 fork 0 watcher

Born at : Aug. 5, 2024, 7:01 a.m. This repo has been linked 5 different CVEs too.

n13l/measurements

None

Perl Shell

Updated: 3 months, 3 weeks ago

0 stars 0 fork 0 watcher

Born at : Feb. 9, 2024, 6:51 p.m. This repo has been linked 2 different CVEs too.

uthrasri/openssl_g2.5_CVE-2014-3566

None

C++ C Batchfile Perl DIGITAL Command Language Shell Makefile Assembly XS M4

Updated: 10 months, 1 week ago

0 stars 0 fork 0 watcher

Born at : Nov. 7, 2023, 10:57 a.m. This repo has been linked 1 different CVEs too.

Wanderwille/13.01

None

Updated: 11 months ago

0 stars 0 fork 0 watcher

Born at : Oct. 13, 2023, 12:02 p.m. This repo has been linked 4 different CVEs too.

NikolayAntipov/DB_13-01

None

Updated: 11 months, 1 week ago

0 stars 0 fork 0 watcher

Born at : Oct. 8, 2023, 1:35 p.m. This repo has been linked 5 different CVEs too.

MrE-Fog/a2sv

None

Dockerfile Python Shell

Updated: 1 year, 4 months ago

0 stars 0 fork 0 watcher

Born at : April 30, 2023, 1:57 p.m. This repo has been linked 8 different CVEs too.

Kapotov/3.9.1

Домашнее задание к занятию «Элементы безопасности информационных систем»

Updated: 1 year, 3 months ago

0 stars 0 fork 0 watcher

Born at : April 5, 2023, 10:39 a.m. This repo has been linked 17 different CVEs too.

CVEDB/awesome-cve-repo

None

Shell

Updated: 1 week, 3 days ago

3 stars 2 fork 2 watcher

Born at : March 23, 2023, 4:32 a.m. This repo has been linked 435 different CVEs too.

CVEDB/top

None

Shell

Updated: 1 week, 4 days ago

1 stars 0 fork 0 watcher

Born at : March 19, 2023, 1:53 a.m. This repo has been linked 265 different CVEs too.

stanmay77/security

None

Updated: 1 year, 6 months ago

0 stars 0 fork 0 watcher

Born at : March 13, 2023, 9:44 a.m. This repo has been linked 17 different CVEs too.

chnzzh/OpenSSL-CVE-lib

None

Updated: 1 week, 4 days ago

5 stars 0 fork 0 watcher

Born at : Feb. 23, 2023, 5:42 a.m. This repo has been linked 455 different CVEs too.

DButter/whitehat_public

None

Updated: 1 year, 7 months ago

0 stars 0 fork 0 watcher

Born at : Feb. 13, 2023, 5:42 p.m. This repo has been linked 173 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2014-3566 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2014-3566 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

CPE Deprecation Remap by [email protected]

Sep. 12, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:::::::	OR cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:::::::

CPE Deprecation Remap by [email protected]

Sep. 12, 2023

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:11.0:sp3::::::*	OR cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3::::::*

Action	Type	Old Value	New Value
Changed	Description	A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Removed	CVSS V2 Metadata	Victim must voluntarily interact with attack mechanism
Removed	CVSS V2	Red Hat, Inc. (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Removed	Reference	https://access.redhat.com/errata/RHBA-2014:1857 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2014:1876 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2014:1877 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2014:1880 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2014:1881 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2014:1882 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2014:1920 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0010 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0011 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0012 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0067 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0068 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0069 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0079 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0080 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0085 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0086 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:0264 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:1545 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2015:1546 [No Types Assigned]
Removed	Reference	https://access.redhat.com/security/cve/CVE-2014-3566 [No Types Assigned]

Action	Type	Old Value	New Value
Changed	Reference Type	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E Third Party Advisory
Changed	Reference Type	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E No Types Assigned	https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E Third Party Advisory
Changed	CPE Configuration	OR cpe:2.3:o:redhat:enterprise_linux:5::::::: cpe:2.3:o:redhat:enterprise_linux_desktop:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_desktop:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0::::::: cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:76.0::::::: cpe:2.3:o:redhat:enterprise_linux_server:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_server:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0::::::: cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_workstation:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_workstation:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:::::::	OR cpe:2.3:o:redhat:enterprise_linux:5::::::: cpe:2.3:o:redhat:enterprise_linux_desktop:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_desktop:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0::::::: cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_server:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_server:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0::::::: cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_workstation:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_workstation:7.0::::::: cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0::::::: cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:::::::

Action	Type	Old Value	New Value
Removed	CVSS V3	NIST AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Added	CVSS V3.1		NIST AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Changed	Reference Type	http://www.securityfocus.com/archive/1/533724/100/0/threaded No Types Assigned	http://www.securityfocus.com/archive/1/533724/100/0/threaded Third Party Advisory, VDB Entry
Changed	Reference Type	https://github.com/mpgn/poodle-PoC No Types Assigned	https://github.com/mpgn/poodle-PoC Third Party Advisory
Changed	Reference Type	https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU No Types Assigned	https://groups.google.com/forum/#!topic/docker-user/oYm0i3xShJU Third Party Advisory
Changed	Reference Type	https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 No Types Assigned	https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Third Party Advisory, US Government Resource

Action	Type	Old Value	New Value
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/533724/100/0/threaded [Third Party Advisory, VDB Entry]
Added	Reference		http://www.securityfocus.com/archive/1/533724/100/0/threaded [No Types Assigned]

Action	Type	Old Value	New Value
Removed	Reference	http://seclists.org/fulldisclosure/2015/Apr/5
Removed	Reference	http://www.securityfocus.com/archive/1/archive/1/535181/100/0/threaded
Removed	Reference	http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
Added	Reference		http://www.vmware.com/security/advisories/VMSA-2015-0003.html

Action	Type	Old Value	New Value
Changed	CPE Configuration	Configuration 1 OR cpe:2.3:a:openssl:openssl:1.0.0i::::::: (and previous) cpe:2.3:a:openssl:openssl:1.0.0h::::::: cpe:2.3:a:openssl:openssl:1.0.0g::::::: cpe:2.3:a:openssl:openssl:1.0.0f::::::: cpe:2.3:a:openssl:openssl:1.0.0e::::::: cpe:2.3:a:openssl:openssl:1.0.0d::::::: cpe:2.3:a:openssl:openssl:1.0.0c::::::: cpe:2.3:a:openssl:openssl:1.0.0b::::::: cpe:2.3:a:openssl:openssl:1.0.0a::::::: cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::* cpe:2.3:a:openssl:openssl:1.0.0:::::::	Configuration 1 OR cpe:2.3:a:oracle:solaris_cluster:4.2::::::: Configuration 2 OR cpe:2.3:a:openssl:openssl:1.0.0i::::::: (and previous) cpe:2.3:a:openssl:openssl:1.0.0h::::::: cpe:2.3:a:openssl:openssl:1.0.0g::::::: cpe:2.3:a:openssl:openssl:1.0.0f::::::: cpe:2.3:a:openssl:openssl:1.0.0e::::::: cpe:2.3:a:openssl:openssl:1.0.0d::::::: cpe:2.3:a:openssl:openssl:1.0.0c::::::: cpe:2.3:a:openssl:openssl:1.0.0b::::::: cpe:2.3:a:openssl:openssl:1.0.0a::::::: cpe:2.3:a:openssl:openssl:1.0.0:beta5::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta4::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta3::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta2::::::* cpe:2.3:a:openssl:openssl:1.0.0:beta1::::::* cpe:2.3:a:openssl:openssl:1.0.0:::::::
Added	CVSS V3		AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2014-3566

OpenSSL SSL Connection Downgrade to SSL 3.0 Padding Oracle

Description

INFO

Oct. 15, 2014, 12:55 a.m.

Sept. 12, 2023, 2:55 p.m.

Yes !

1.4

1.6

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]