Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Security Impact Summary

This vulnerability carries a LOW severity rating with a CVSS v3.1 score of 3.4, indicating it can be exploited remotely over the network but requires specific conditions to be met though user interaction is required and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, for affected systems. Impacting 20 products from redhat, from redhat, from redhat and 17 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2014, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2014-10-15T00:55:02.137

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 3.4 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-310
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System redhat enterprise_linux 5 Yes
Operating System redhat enterprise_linux_desktop 6.0 Yes
Operating System redhat enterprise_linux_desktop 7.0 Yes
Operating System redhat enterprise_linux_desktop_supplementary 5.0 Yes
Operating System redhat enterprise_linux_desktop_supplementary 6.0 Yes
Operating System redhat enterprise_linux_server 6.0 Yes
Operating System redhat enterprise_linux_server 7.0 Yes
Operating System redhat enterprise_linux_server_supplementary 5.0 Yes
Operating System redhat enterprise_linux_server_supplementary 6.0 Yes
Operating System redhat enterprise_linux_server_supplementary 7.0 Yes
Operating System redhat enterprise_linux_workstation 6.0 Yes
Operating System redhat enterprise_linux_workstation 7.0 Yes
Operating System redhat enterprise_linux_workstation_supplementary 6.0 Yes
Operating System redhat enterprise_linux_workstation_supplementary 7.0 Yes
Operating System ibm aix 5.3 Yes
Operating System ibm aix 6.1 Yes
Operating System ibm aix 7.1 Yes
Operating System apple mac_os_x ≤ 10.10.1 Yes
Operating System mageia mageia 3.0 Yes
Operating System mageia mageia 4.0 Yes
Operating System novell suse_linux_enterprise_desktop 9.0 Yes
Operating System novell suse_linux_enterprise_desktop 10.0 Yes
Operating System novell suse_linux_enterprise_desktop 11.0 Yes
Operating System novell suse_linux_enterprise_desktop 12.0 Yes
Application novell suse_linux_enterprise_software_development_kit 11.0 Yes
Application novell suse_linux_enterprise_software_development_kit 12.0 Yes
Operating System novell suse_linux_enterprise_server 11.0 Yes
Operating System novell suse_linux_enterprise_server 11.0 Yes
Operating System novell suse_linux_enterprise_server 12.0 Yes
Operating System opensuse opensuse 12.3 Yes
Operating System opensuse opensuse 13.1 Yes
Operating System fedoraproject fedora 19 Yes
Operating System fedoraproject fedora 20 Yes
Operating System fedoraproject fedora 21 Yes
Application openssl openssl 0.9.8 Yes
Application openssl openssl 0.9.8a Yes
Application openssl openssl 0.9.8b Yes
Application openssl openssl 0.9.8c Yes
Application openssl openssl 0.9.8d Yes
Application openssl openssl 0.9.8e Yes
Application openssl openssl 0.9.8f Yes
Application openssl openssl 0.9.8g Yes
Application openssl openssl 0.9.8h Yes
Application openssl openssl 0.9.8i Yes
Application openssl openssl 0.9.8j Yes
Application openssl openssl 0.9.8k Yes
Application openssl openssl 0.9.8l Yes
Application openssl openssl 0.9.8m Yes
Application openssl openssl 0.9.8m Yes
Application openssl openssl 0.9.8n Yes
Application openssl openssl 0.9.8o Yes
Application openssl openssl 0.9.8p Yes
Application openssl openssl 0.9.8q Yes
Application openssl openssl 0.9.8r Yes
Application openssl openssl 0.9.8s Yes
Application openssl openssl 0.9.8t Yes
Application openssl openssl 0.9.8u Yes
Application openssl openssl 0.9.8v Yes
Application openssl openssl 0.9.8w Yes
Application openssl openssl 0.9.8x Yes
Application openssl openssl 0.9.8y Yes
Application openssl openssl 0.9.8z Yes
Application openssl openssl 0.9.8za Yes
Application openssl openssl 0.9.8zb Yes
Application openssl openssl 1.0.0 Yes
Application openssl openssl 1.0.0 Yes
Application openssl openssl 1.0.0 Yes
Application openssl openssl 1.0.0 Yes
Application openssl openssl 1.0.0 Yes
Application openssl openssl 1.0.0 Yes
Application openssl openssl 1.0.0a Yes
Application openssl openssl 1.0.0b Yes
Application openssl openssl 1.0.0c Yes
Application openssl openssl 1.0.0d Yes
Application openssl openssl 1.0.0e Yes
Application openssl openssl 1.0.0f Yes
Application openssl openssl 1.0.0g Yes
Application openssl openssl 1.0.0h Yes
Application openssl openssl 1.0.0i Yes
Application openssl openssl 1.0.0j Yes
Application openssl openssl 1.0.0k Yes
Application openssl openssl 1.0.0l Yes
Application openssl openssl 1.0.0m Yes
Application openssl openssl 1.0.0n Yes
Application openssl openssl 1.0.1 Yes
Application openssl openssl 1.0.1 Yes
Application openssl openssl 1.0.1 Yes
Application openssl openssl 1.0.1 Yes
Application openssl openssl 1.0.1a Yes
Application openssl openssl 1.0.1b Yes
Application openssl openssl 1.0.1c Yes
Application openssl openssl 1.0.1d Yes
Application openssl openssl 1.0.1e Yes
Application openssl openssl 1.0.1f Yes
Application openssl openssl 1.0.1g Yes
Application openssl openssl 1.0.1h Yes
Application openssl openssl 1.0.1i Yes
Application ibm vios 2.2.0.10 Yes
Application ibm vios 2.2.0.11 Yes
Application ibm vios 2.2.0.12 Yes
Application ibm vios 2.2.0.13 Yes
Application ibm vios 2.2.1.0 Yes
Application ibm vios 2.2.1.1 Yes
Application ibm vios 2.2.1.3 Yes
Application ibm vios 2.2.1.4 Yes
Application ibm vios 2.2.1.5 Yes
Application ibm vios 2.2.1.6 Yes
Application ibm vios 2.2.1.7 Yes
Application ibm vios 2.2.1.8 Yes
Application ibm vios 2.2.1.9 Yes
Application ibm vios 2.2.2.0 Yes
Application ibm vios 2.2.2.1 Yes
Application ibm vios 2.2.2.2 Yes
Application ibm vios 2.2.2.3 Yes
Application ibm vios 2.2.2.4 Yes
Application ibm vios 2.2.2.5 Yes
Application ibm vios 2.2.3.0 Yes
Application ibm vios 2.2.3.1 Yes
Application ibm vios 2.2.3.2 Yes
Application ibm vios 2.2.3.3 Yes
Application ibm vios 2.2.3.4 Yes
Operating System netbsd netbsd 5.1 Yes
Operating System netbsd netbsd 5.1.1 Yes
Operating System netbsd netbsd 5.1.2 Yes
Operating System netbsd netbsd 5.1.3 Yes
Operating System netbsd netbsd 5.1.4 Yes
Operating System netbsd netbsd 5.2 Yes
Operating System netbsd netbsd 5.2.1 Yes
Operating System netbsd netbsd 5.2.2 Yes
Operating System netbsd netbsd 6.0 Yes
Operating System netbsd netbsd 6.0 Yes
Operating System netbsd netbsd 6.0.1 Yes
Operating System netbsd netbsd 6.0.2 Yes
Operating System netbsd netbsd 6.0.3 Yes
Operating System netbsd netbsd 6.0.4 Yes
Operating System netbsd netbsd 6.0.5 Yes
Operating System netbsd netbsd 6.0.6 Yes
Operating System netbsd netbsd 6.1 Yes
Operating System netbsd netbsd 6.1.1 Yes
Operating System netbsd netbsd 6.1.2 Yes
Operating System netbsd netbsd 6.1.3 Yes
Operating System netbsd netbsd 6.1.4 Yes
Operating System netbsd netbsd 6.1.5 Yes
Operating System debian debian_linux 7.0 Yes
Operating System debian debian_linux 8.0 Yes
Application oracle database 11.2.0.4 Yes
Application oracle database 12.1.0.2 Yes
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For redhat's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.