Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2014-3566

Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

POC

Reference

- http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566

- http://www-01.ibm.com/support/docview.wss?uid=swg21688283

- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

- http://www.vmware.com/security/advisories/VMSA-2015-0003.html

- https://github.com/mpgn/poodle-PoC

- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681

- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

- https://kc.mcafee.com/corporate/index?page=content&id=SB10090

- https://kc.mcafee.com/corporate/index?page=content&id=SB10091

- https://kc.mcafee.com/corporate/index?page=content&id=SB10104

- https://www.elastic.co/blog/logstash-1-4-3-released

Github

- https://github.com/1N3/MassBleed

- https://github.com/20142995/sectool

- https://github.com/4psa/dnsmanagerpatches

- https://github.com/4psa/voipnowpatches

- https://github.com/84KaliPleXon3/a2sv

- https://github.com/AKApul/03-sysadmin-09-security

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AidanBurkeCyb/Network-Vulnerability-Assessment-with-Nmap

- https://github.com/AleksandrMihajlov/SDB-13-01

- https://github.com/Artem-Salnikov/devops-netology

- https://github.com/Artem-Tvr/sysadmin-09-security

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/CamiloEscobar98/DjangoProject

- https://github.com/CertifiedCEH/DB

- https://github.com/Chiku014/vulnerability-scanner

- https://github.com/DButter/whitehat_public

- https://github.com/Dit-Developers/Metasploitable2

- https://github.com/Dom-Techblue/Relatorio_pentest

- https://github.com/EncryptedCharles404/cybersecurity-vulnerability-assessment

- https://github.com/EvgeniyaBalanyuk/attacks

- https://github.com/F4RM0X/script_a2sv

- https://github.com/Faizan-Khanx/CEH-Preparation

- https://github.com/FroggDev/BASH_froggPoodler

- https://github.com/Ghebriou/platform_pfe

- https://github.com/GhostTroops/TOP

- https://github.com/Git-Prashant0/Web-Application-Penetration-Test-Report

- https://github.com/GoRuGoo/poodle-attack-sandbox

- https://github.com/H4CK3RT3CH/a2sv

- https://github.com/JERRY123S/all-poc

- https://github.com/Justic-D/Dev_net_home_1

- https://github.com/Kapotov/3.9.1

- https://github.com/MrE-Fog/a2sv

- https://github.com/Mre11i0t/a2sv

- https://github.com/NikolayAntipov/DB_13-01

- https://github.com/Nissiuser/Vulnerability-Scan-Report

- https://github.com/Officerwasu/Elevate-Labs-Task-3

- https://github.com/PS-RANASINGHE/Crypto-Ex---7

- https://github.com/SECURED-FP7/secured-psa-reencrypt

- https://github.com/Samaritin/OSINT

- https://github.com/TechPorter20/bouncer

- https://github.com/TheRipperJhon/a2sv

- https://github.com/Untouchable17/HTTP-ExploitKit

- https://github.com/Vainoord/devops-netology

- https://github.com/Valdem88/dev-17_ib-yakovlev_vs

- https://github.com/Vamsi212/Internship-Task1

- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14

- https://github.com/VpSanta3/Rscan

- https://github.com/Wanderwille/13.01

- https://github.com/WiktorMysz/devops-netology

- https://github.com/YongJian-YJ/TLS-Poodle-Attack

- https://github.com/ZTheH/netmap

- https://github.com/aaronamran/Vulnerability-Scanning-Lab-with-OpenVAS-and-Metasploitable2

- https://github.com/alexandrburyakov/Rep2

- https://github.com/alexgro1982/devops-netology

- https://github.com/alexoslabs/HTTPSScan

- https://github.com/anthophilee/A2SV--SSL-VUL-Scan

- https://github.com/automatecloud/lacework-kaholo-autoremediation

- https://github.com/badigervijay/AI-Based-Threat-Intelligence-Platform

- https://github.com/bjayesh/ric13351

- https://github.com/bygregonline/devsec-fastapi-report

- https://github.com/bysart/devops-netology

- https://github.com/bzuracyber/Automated-Vulnerability-Remediation

- https://github.com/camel-clarkson/non-controlflow-hijacking-datasets

- https://github.com/chnzzh/OpenSSL-CVE-lib

- https://github.com/clic-kbait/A2SV--SSL-VUL-Scan

- https://github.com/clino-mania/A2SV--SSL-VUL-Scan

- https://github.com/cloudpassage/mangy-beast

- https://github.com/coldorb0/SSL-Scanner

- https://github.com/cryptflow/checks

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/dmitrii1312/03-sysadmin-09

- https://github.com/fireorb/SSL-Scanner

- https://github.com/fireorb/sslscanner

- https://github.com/geon071/netolofy_12

- https://github.com/ggrandes/bouncer

- https://github.com/giterlizzi/secdb-feeds

- https://github.com/giusepperuggiero96/Network-Security-2021

- https://github.com/hahwul/a2sv

- https://github.com/halencarjunior/HTTPSScan-PYTHON

- https://github.com/hero2zero/burp-ssl-scanner-plus-plus

- https://github.com/hibahmad30/NmapAnalysis

- https://github.com/hktalent/TOP

- https://github.com/hrbrmstr/internetdb

- https://github.com/huggablehacker/poodle-test

- https://github.com/ilya-starchikov/devops-netology

- https://github.com/jbmihoub/all-poc

- https://github.com/jiphex/debsec

- https://github.com/kdairatchi/crackscanner

- https://github.com/kernelfucker/sslv

- https://github.com/koorchik/dissert

- https://github.com/koorchik/llm-analysis-of-text-data

- https://github.com/ldw129/SC4010-POODLE-Attack-PoC

- https://github.com/levyborromeo/Vulnerability-Remediation

- https://github.com/lithekevin/Threat-TLS

- https://github.com/mahendra1904/lacework-kaholo-autoremediation

- https://github.com/malavathpradeepkumar/task_01

- https://github.com/marcocastro100/Intrusion_Detection_System-Python

- https://github.com/marklogic/marklogic-docker

- https://github.com/matjohns/squeeze-lighttpd-poodle

- https://github.com/mawinkler/c1-ws-ansible

- https://github.com/mikemackintosh/ruby-qualys

- https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook

- https://github.com/mpgn/poodle-PoC

- https://github.com/mssky9527/Rscan

- https://github.com/n0-traces/cve_monitor

- https://github.com/n13l/measurements

- https://github.com/neominds/ric13351

- https://github.com/nikolay480/devops-netology

- https://github.com/odolezal/D-Link-DIR-655

- https://github.com/pashicop/3.9_1

- https://github.com/password123456/setup-apache-http-server-with-shorts-security-best-practice

- https://github.com/password123456/setup-nginx-http-server-with-security-best-practice

- https://github.com/puppetlabs/puppetlabs-compliance_profile

- https://github.com/r0metheus/poodle-attack-poc

- https://github.com/r3p3r/1N3-MassBleed

- https://github.com/rameezts/poodle_check

- https://github.com/rdxkeerthi/Post-Quantum-TLS-Readiness-and-Downgrade-Attack-Simulator

- https://github.com/rvaralda/aws_poodle_fix

- https://github.com/saulandresv/TESTSOCRAT

- https://github.com/shanekeels/harden-ssl-tls-windows

- https://github.com/stanmay77/security

- https://github.com/stdevel/poodle_protector

- https://github.com/syedrayan5/Vulnerability-Assessment-Metasploitable2

- https://github.com/tahaAmineMiri/agent_testssl

- https://github.com/toysweet/opensslbug

- https://github.com/tzaffi/testssl-report

- https://github.com/uthrasri/openssl_g2.5_CVE-2014-3566

- https://github.com/vitaliivakhr/NETOLOGY

- https://github.com/vshaliii/Hacklab-Vulnix

- https://github.com/waseemasmaeel/A2sv_Tools

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/yellownine/netology-DevOps