CVE-2014-3566

CVE Details

Release Date:

2014-10-14

Description

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.

See more information about CVE-2014-3566 from MITRE CVE dictionary and NIST NVD

CVSS v2.0 metrics

NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score:	5	Base Metrics:	AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector:	Network	Attack Complexity:	Low
Authentication:	None required	Confidentiality Impact:	Partial
Integrity Impact:	None	Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle VM version 2.2 (openssl)	OVMSA-2014-0039	2014-11-10
Oracle VM version 2.2 (openssl)	OVMSA-2014-0040	2014-11-05
Oracle VM version 2.2 (ovs-agent)	OVMSA-2014-0029	2014-11-05
Oracle VM version 2.2 (xen)	OVMSA-2014-0028	2014-11-05
Oracle Linux version 5 (java-1.6.0-openjdk)	ELSA-2015-0085	2015-01-26
Oracle Linux version 5 (java-1.7.0-openjdk)	ELSA-2015-0068	2015-01-21
Oracle Linux version 6 (java-1.6.0-openjdk)	ELSA-2015-0085	2015-01-26
Oracle Linux version 6 (java-1.7.0-openjdk)	ELSA-2015-0067	2015-01-21
Oracle Linux version 6 (java-1.8.0-openjdk)	ELSA-2015-0069	2015-01-21
Oracle Linux version 7 (java-1.6.0-openjdk)	ELSA-2015-0085	2015-01-26
Oracle Linux version 7 (java-1.7.0-openjdk)	ELSA-2015-0067	2015-01-21
Oracle VM version 3.2 (openssl)	OVMSA-2014-0039	2014-11-10
Oracle VM version 3.2 (openssl)	OVMSA-2014-0040	2014-11-05
Oracle VM version 3.2 (xen)	OVMSA-2014-0041	2014-11-10
Oracle VM version 3.3 (xen)	OVMSA-2014-0038	2014-11-06

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team