A severe vulnerability was disclosed in the SSL 3.0 protocol that significantly jeopardizes the protocol's ability to secure communications. All versions of SSL have been deprecated and its use should be avoided wherever possible. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the attack that exploits this vulnerability and allows a hacker to potentially steal information by altering communications between the SSL client and the server (MitM). Learn more about CVE-2014-3566].
The Nexpose 5.10.15 update provides coverage for the SSL 3.0 vulnerability that can be exploited by the POODLE attack.
Note: This coverage requires a product update as well as a content update.
Once the Nexpose 5.10.15 update has been applied, vulnerability scans will include checks for CVE-2014-3566 (unless you have customized them in a way that specifically excludes them). If you have regular scans set up to cover your network, they will now check for this vulnerability.
In some cases, due to the high profile nature of this vulnerability, you may want or need to run rapid scans that check for CVE-2014-3566 exclusively. There are advantages and disadvantages to this “fast focused” approach, namely; scanning for only CVE-2014-3566 will allow your organization to quickly assess its risk exposure, the disadvantage is that if you modify your existing sites to scan only for this one vulnerability, you'll likely skew the historical data on these sites. If you want to proceed with the focused approach, you can create a scan template that will focus your scan on CVE-2014-3566, to the exclusion of anything else. If your license allows you may want to create a onetime use set of sites (remember this vulnerability will be picked up by most scan templates).
To create the custom POODLE scan template, after the 5.10.15 update, take the following steps:
Create a custom scan template.
- In the Web interface, click Administration. On the Admin page, click the manage link for Templates, or just type the keyboard shortcuts TM. This opens the Scan Templates panel.
- Find the Full audit without Web Spider template and select the Copy icon.
- Ensure the Vulnerabilities option is selected. Clear the >Policies option and ensure the Web Spidering option is cleared to focus the template on the checks specific to this vulnerability.
- Edit the scan template name and description so you will be able to recognize later that the template is customized for CVE-2014-3566.
Select only the relevant vulnerability checks.
- Go to the Vulnerability Checks page. First, you will disable all checks, check categories, and check types so that you can focus on scanning exclusively for CVE-2014-3566.
- Expand the By Category section and click Remove categories.
- Select the check box for the top row (Vulnerability Category), which will auto-select the check boxes for all categories. Then click Save. Note that 0 categories are now enabled.
- Expand the By Check Type section and click Remove check types.
- Select the check box for the top row (Vulnerability Check Type), which will auto-select the check boxes for all types. Then click Save. Note that 0 check types are now enabled.
- Expand the By Individual Check section and click Add checks.
- Enter or paste CVE-2014-3566 in the Search Criteria box and click Search. Select the check box for the top row (Vulnerability Check), which will auto-select the check boxes for all types. Then click Save.
- Save the scan template.
Create or edit a site to include:
- the new custom scan template