[c-nsp] Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Oct 15 14:08:37 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
Advisory ID: cisco-sa-20141015-poodle
Revision 1.0
For Public Release 2014 October 15 17:30 UTC (GMT)
+---------------------------------------------------------------------
Summary
+======
On October 14, 2014, a vulnerability was publicly announced in the Secure Sockets Layer version 3 (SSLv3) protocol when using a block cipher in Cipher Block Chaining (CBC) mode. SSLv3 is a cryptographic protocol designed to provide communication security, which has been superseded by Transport Layer Security (TLS) protocols. By exploiting this vulnerability, an attacker could decrypt a subset of the encrypted communication.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVD625YpI1I6i1Mx3AQiVjg//ZLd1JhV/gDndxN6TuH/n/bponB+OJvMh
f+AaQuzXK1s3TiQGUhkZ2ug81EOhy63Rosm8zJfQ0eZwf4sDjoZhxpLm0AKdrTTf
dC47e3Hqde+u2g1mgU+Xcc7V+duv3X0wUjev1/7/GuKL3TwDmyTXwf/MXaKgfkTQ
T0Rd+PfNM6xQK4T4lS0AolEN8AcQDyYPAhkV3iCPyuaBBVP7GEPK75m5MFhAHqas
mgbZ4qQFLDfEF8fY4oMIgsUaEOzoMCsbaqX/SULaU/CDxixo07yx4CaqAcGdGrtd
zOoFNs5wy6amZ7pkyvvKbxkzM2O/i9KkBfMpYEPQZ2ThQa8tzXqOTyBtZXSZBZhY
RTUMMIwcfyrJARq3JxYPELHegTCvs6RE9qsRkVJQQ53arni32PjTckOGwUaHZRjx
y4ZhoMSN8+oGocaPbMBrPqDtqPbFNPcSCCcDNAzYN2lLj7jaodIn60W3jVTWR9Nv
ggM8gURWsRdqV2Br2eIEIJcJ4w8W1YFl3wogLH4u3ktqELEDBKbAkFR5F1T7tbp+
GEaVDxr8Z5jq+mxVSqn02uf3OSbQ0CYJLc/CXOu1NVmjqgNjnXsh29NfUv7R/YUp
6J8xgnQEH9g+/ZfaojwUvgRw2NHrydYiJLwmbjP0Y2WxtDFjAMO2I24+xPCW3Cb2
qRBOFESo42k=
=Gs3Q
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list