Vulnerability Details : CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Published 2014-10-15 00:55:02
Updated 2023-09-12 14:55:32
Source Red Hat, Inc.
View at NVD,
Public exploit exists!

Threat overview for CVE-2014-3566

Top countries where our scanners detected CVE-2014-3566
Top open port discovered on systems with this issue 53
IPs affected by CVE-2014-3566 17,145
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2014-3566!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-3566

Probability of exploitation activity in the next 30 days: 97.51%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2014-3566

  • HTTP SSL/TLS Version Detection (POODLE scanner)
    Disclosure Date: 2014-10-14
    First seen: 2020-04-26
    auxiliary/scanner/http/ssl_version Check if an HTTP server supports a given version of SSL/TLS. If a web server can successfully establish an SSLv3 session, it is likely to be vulnerable to the POODLE attack described on October 14, 2014, as a patch against the atta
  • SSL/TLS Version Detection
    Disclosure Date: 2014-10-14
    First seen: 2022-12-23
    Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/no

CVSS scores for CVE-2014-3566

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source

CWE ids for CVE-2014-3566

  • Assigned by: (Primary)

References for CVE-2014-3566

Products affected by CVE-2014-3566

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to terms of use!