OS X update for OpenSSL (CVE-2014-3566)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | October 14, 2014 | March 29, 2016 | July 26, 2018 |
Available Exploits 
Description
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- APPLE-APPLE-SA-2014-10-16-1
- APPLE-APPLE-SA-2014-10-16-3
- APPLE-APPLE-SA-2014-10-16-4
- APPLE-APPLE-SA-2014-10-20-1
- APPLE-APPLE-SA-2014-10-20-2
- APPLE-APPLE-SA-2015-01-27-4
- APPLE-APPLE-SA-2015-09-16-2
- BID-70574
- CERT-TA14-290A
- CERT-VN-577193
- CVE-2014-3566
- DEBIAN-DSA-3053
- DEBIAN-DSA-3144
- DEBIAN-DSA-3147
- DEBIAN-DSA-3253
- DEBIAN-DSA-3489
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0058513
- DISA_VMSKEY-V0058515
- DISA_VMSKEY-V0058517
- DISA_VMSKEY-V0061081
- IAVM-2015-A-0154
- IAVM-2015-B-0012
- IAVM-2015-B-0013
- IAVM-2015-B-0014
- NETBSD-NetBSD-SA2014-015
- REDHAT-RHSA-2014:1652
- REDHAT-RHSA-2014:1653
- REDHAT-RHSA-2014:1692
- REDHAT-RHSA-2014:1876
- REDHAT-RHSA-2014:1877
- REDHAT-RHSA-2014:1880
- REDHAT-RHSA-2014:1881
- REDHAT-RHSA-2014:1882
- REDHAT-RHSA-2014:1920
- REDHAT-RHSA-2014:1948
- REDHAT-RHSA-2015:0068
- REDHAT-RHSA-2015:0079
- REDHAT-RHSA-2015:0080
- REDHAT-RHSA-2015:0085
- REDHAT-RHSA-2015:0086
- REDHAT-RHSA-2015:0264
- REDHAT-RHSA-2015:0698
- REDHAT-RHSA-2015:1545
- REDHAT-RHSA-2015:1546
- URL: https://support.apple.com/kb/HT204244
Solution
apple-osx-security-update-2015-001Related Vulnerabilities
- Palo Alto Networks PAN-SA-2014-0005 (CVE-2014-3566): SSL 3.0 MITM Attack
- SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- OS X security update 2015-001 for AFP Server (CVE-2014-3566)
- Oracle Solaris 11: CVE-2014-3566: Vulnerability in Multiple Components
- Juniper Junos OS: 2014-10 Out of Cycle Security Bulletin: Multiple products affected by SSL "POODLE" vulnerability (JSA10656) (CVE-2014-3566)
- IBM WebSphere Application Server: CVE-2014-3566: IBM Potential Security Vulnerabilities fixed in IBM WebSphere Application Server
- RHSA-2015:0067: java-1.7.0-openjdk security update
- Amazon Linux AMI: Security patch for nss (ALAS-2014-429) (CVE-2014-3566)
- HP-UX: CVE-2014-3566: Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
- ELSA-2014-1653 Moderate: Oracle Linux openssl security update
- Cisco IOS: CVE-2014-3566: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- Amazon Linux AMI: Security patch for java-1.6.0-openjdk (ALAS-2015-480) (multiple CVEs)
- ELSA-2015-0067 Critical: Oracle Linux java-1.7.0-openjdk security update
- IBM HTTP Server: CVE-2014-3566: IBM HTTP Server should disable weak SSL protocols and ciphers by default
- USN-2486-1: OpenJDK 6 vulnerabilities
- OpenSSL SSL 3.0 Fallback protection (CVE-2014-3566)
- RHSA-2014:1882: java-1.7.0-ibm security update
- RHSA-2015:0080: java-1.8.0-oracle security update
- ELSA-2015-0069 Important: Oracle Linux java-1.8.0-openjdk security update
- DSA-3147-1 openjdk-6 -- security update
- HP Systems Insight Manager - HPSBMU03261 (CVE-2014-3566): OpenSSL on Linux and Windows, Remote Disclosure of Information
- Debian: CVE-2014-3566: lighttpd -- security update
- RHSA-2014:1881: java-1.5.0-ibm security update
- F5 Networks: K15702 (CVE-2014-3566): SSLv3 vulnerability CVE-2014-3566
- Sun Patch: Indexing and Search Service 1u5-29.15600: core patch
- TLS/SSL Server Supports SSLv3
- RHSA-2015:0086: java-1.6.0-sun security update
- Amazon Linux AMI: Security patch for java-1.8.0-openjdk (ALAS-2015-472) (multiple CVEs)
- Sun Patch: SunOS 5.10: wanboot patch
- ELSA-2015-0085 Important: Oracle Linux java-1.6.0-openjdk security update
- RHSA-2015:0079: java-1.7.0-oracle security update
- Cent OS: CVE-2014-3566: CESA-2015:0085 (java-1.6.0-openjdk)
- FreeBSD: davmail -- fix potential CVE-2014-3566 vulnerability (POODLE) (CVE-2014-3566)
- RHSA-2015:1545: node.js security update
- DSA-3144-1 openjdk-7 -- security update
- RHSA-2015:0068: java-1.7.0-openjdk security update
- Sun Patch: SunOS 5.10_x86: openssl patch
- ELSA-2015-0068 Important: Oracle Linux java-1.7.0-openjdk security update
- HP System Management Homepage - HPSBMU03260 (CVE-2014-3566): OpenSSL on Linux and Windows, Remote Disclosure of Information
- Cisco NX-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (Multiple CVEs)
- RHSA-2015:0085: java-1.6.0-openjdk security update
- FreeBSD: (Multiple Advisories) (CVE-2014-3566): lynx -- multiple vulnerabilities
- ELSA-2014-1652 Important: Oracle Linux openssl security update
- Sun Patch: VM Server for SPARC 3.1: ldmd patch
- Cisco SAN-OS: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability (CVE-2014-3566)
- IBM AIX: java_feb2015_advisory, java_oct2014_advisory, nettcp_advisory, openssl_advisory11 (CVE-2014-3566): Vulnerability in IBM Java SDK affects AIX
- RHSA-2014:1877: java-1.6.0-ibm security update
- RHSA-2014:1880: java-1.7.1-ibm security update
- Gentoo Linux: CVE-2014-3566: Asterisk: Multiple Vulnerabilities
- Jenkins Advisory 2014-10-15: CVE-2014-3566: Poodle vulnerability
- Java CPU January 2015 Java SE, Java SE Embedded, JRockit JSSE vulnerability (CVE-2014-3566)
- Amazon Linux AMI: Security patch for java-1.7.0-openjdk (ALAS-2015-471) (multiple CVEs)
- DSA-3053-1 openssl -- security update
- DSA-3253-1 pound -- security update
- FreeBSD: asterisk -- Asterisk Susceptibility to POODLE Vulnerability (CVE-2014-3566)
- RHSA-2015:0264: Red Hat Satellite IBM Java Runtime security update
- OS X update for Secure Transport (CVE-2014-3566)
- HP iLO: CVE-2014-3566: Remote disclosure of information
- RHSA-2014:1876: java-1.7.0-ibm security update
- Amazon Linux AMI: Security patch for openssl (ALAS-2014-426) (CVE-2014-3566)
- Sun Patch: Indexing and Search Service 1u5-29.15600_x86: core patch
- RHSA-2015:0069: java-1.8.0-openjdk security update
- SUSE: CVE-2014-3566: SUSE Linux Security Advisory
- Sun Patch: SunOS 5.10: openssl patch
- Oracle Linux: CVE-2014-3566: ELSA-2016-3558 - openssl security update
- TLS/SSL Server is enabling the POODLE attack
- FreeBSD: OpenSSL -- multiple vulnerabilities (FreeBSD-SA-14:23.openssl) (Multiple CVEs)
- Oracle Database: Critical Patch Update - July 2017 (CVE-2014-3566)
- USN-2487-1: OpenJDK 7 vulnerabilities