POODLE: SSLv3 CBC padding oracle enabling HTTPS decryption. Disable SSLv3 across ALL servers and clients immediately. Legacy browsers (IE6) will break — acceptable tradeoff. Enforce TLS 1.2+ minimum as current browser standard.
The SSLv3 protocol, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →