Boletines de Vulnerabilidades

SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer Security (TLS) protocols. By exploiting this vulnerability, an attacker could decrypt a subset of the encrypted communication.This advisory is available at the following

More info:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=SSL%20Padding%20Oracle%20On%20Downgraded%20Legacy%20Encryption%20(POODLE)%2

Identificadores estándar
Propiedad Valor
CVE CVE-2014-3566.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-10-16

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT