Home

CVE-2014-3566

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue.

Risk Information

Base Score
3.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS Score
Exploitation Probability
94.071

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2014-3568,CVE-2014-3567,CVE-2014-3566 are fixed in OpenSSL (x64) 0.9.8zcWindows
Vulnerabilities CVE-2014-3568,CVE-2014-3567,CVE-2014-3566 are fixed in OpenSSL (x64) 1.0.0oWindows
Vulnerabilities CVE-2014-3568,CVE-2014-3567,CVE-2014-3513,CVE-2014-3566 are fixed in OpenSSL (x64) 1.0.1jWindows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.2Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.1Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Vulnerabilities CVE-2014-3566,CVE-2016-0321 are affected in IBM Personal Communications 6.0.11Windows
Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 7.1Windows
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 UpdateMac
Multiple vulnerabilities are fixed in OS X Yosemite 10.10.5 Combo UpdateMac
pound security update(DSA-3253-1) pound_2.6-2+deb7u1_i386.debLinux
pound security update(DSA-3253-1) pound_2.6-6+deb8u1_amd64.debLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) cyrus-imapd-debuginfo-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) cyrus-imapd-debugsource-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) perl-Cyrus-IMAP-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) perl-Cyrus-IMAP-debuginfo-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) perl-Cyrus-SIEVE-managesieve-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1457-1(SUSE Linux Enterprise Server 12 ) perl-Cyrus-SIEVE-managesieve-debuginfo-2.3.18-37.1.x86_64.rpmLinux
SUSE-SU-2016:1459-1(SUSE Linux Enterprise Server 11-SP4 ) cyrus-imapd-2.3.11-60.65.67.1.x86_64.rpmLinux
SUSE-SU-2016:1459-1(SUSE Linux Enterprise Server 11-SP4 ) perl-Cyrus-IMAP-2.3.11-60.65.67.1.x86_64.rpmLinux
SUSE-SU-2016:1459-1(SUSE Linux Enterprise Server 11-SP4 ) perl-Cyrus-SIEVE-managesieve-2.3.11-60.65.67.1.x86_64.rpmLinux
SUSE-SU-2016:2329-1(SUSE Linux Enterprise Server 11-SP4 ) apache2-mod_nss-1.0.14-0.4.25.1.x86_64.rpmLinux
CVE-2014-3566NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-600354OS X Yosemite 10.10.5 Update
PATCH-600458OS X Yosemite 10.10.5 Combo Update

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234