GTM-TJ8GRDF
Skip to main content
  1. Home >
  2. Products>
  3. Poodle SSL 3.0 vulnerabilities

Poodle SSL 3.0 vulnerabilities

SERVICE FACTS

Synopsis

The SSL (Secure Sockets Layer) protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to a single operating system of servers or clients.

The CVE number assigned to this issue is CVE-2014-3566Open a new window.

Source: National Institute of Standards and Technology; http://nvd.nist.gov/home.cfmOpen a new window

Threat

Poodle vulnerabilities are being rated “4.3 out of 10” (basis).

An attacker must make several hundred HTTPS requests before the attack could be successful. If he successfully, he could decrypt portions of the encrypted traffic.

Workaround / Solution

Fujitsu recommend customers to migrate clients and servers to other security protocols, such as Transport Layer Security (TLS) 1.0, TLS1.1 or TLS1.2.

Fujitsu is announcing that SSL 3.0 will be disabled in the default configuration of affected SW products over the coming months. Please see also the information of other SW provider.

Affected products:

All products which using a secure channel by encrypting communications based on SSL 3.0.
Fujitsu is analyzing its products and will update this list below accordingly.

Affected and unaffected productsOpen a new window (280 KB)

For Products, doesn’t hold in this list, please contact your service partner.

Other Links:

Microsoft: https://technet.microsoft.com/en-us/library/security/3009008Open a new window
Redhat: https://access.redhat.com/articles/1232123Open a new window
Suse: https://www.suse.com/support/kb/doc.php?id=7015773Open a new window
Novell: http://support.novell.com/security/cve/CVE-2014-3566.htmlOpen a new window
Oracle: http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.htmlOpen a new window