Vulnerability in Apple Mac_os_x
CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" iss…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.935 (99.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.4 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N.
Affected products
- Apple Mac_os_x
- Ibm Aix — versions 5.3, 6.1, 7.1
- Ibm Vios — versions 2.2.0.10, 2.2.0.11, 2.2.0.12
- Mageia — versions 3.0, 4.0
- Netbsd — versions 5.1, 5.1.1, 5.1.2
- Novell Suse_linux_enterprise_desktop — versions 9.0, 10.0, 11.0
- Novell Suse_linux_enterprise_server — versions 11.0, 12.0
- Novell Suse_linux_enterprise_software_development_kit — versions 11.0, 12.0
- Openssl — versions 0.9.8, 0.9.8a, 0.9.8b
- Oracle Database — versions 11.2.0.4, 12.1.0.2
Weakness classification (CWE)
Public proof-of-concept exploits
- mpgn/poodle-PoC
- mikesplain/CVE-2014-3566-poodle-cookbook
- jmonge12/Home-Network-Vulnerability-Assessment
- josecl200/VC-PoodlePOC
- GoRuGoo/poodle-attack-sandbox
- uthrasri/openssl_g2.5_CVE-2014-3566
- cloudpassage/mangy-beast
- rapid7/metasploit-framework
- AidanBurkeCyb/Network-Vulnerability-Assessment-with-Nmap
- AleksandrMihajlov/SDB-13-01
References
- secalert@redhat.com (x_refsource_HP, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_HP, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- secalert@redhat.com (US Government Resource, x_refsource_CERT-VN, Third Party Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_HP, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_HP, vendor-advisory, Third Party Advisory)
Frequently asked questions
- What is CVE-2014-3566?
- CVE-2014-3566 is a low-severity vulnerability in Apple Mac_os_x, classified under Cryptographic Issues. CVSS score: 3.4/10. Published 2014-10-15.
- How severe is CVE-2014-3566?
- Low severity. CVSS v3 base score is 3.4 out of 10.
- Is CVE-2014-3566 known to be exploited?
- 141 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.