Vulnerability Details : CVE-2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Published 2014-10-15 00:55:02
Updated 2023-09-12 14:55:32
Source Red Hat, Inc.
View at NVD,

Exploit prediction scoring system (EPSS) score for CVE-2014-3566

Probability of exploitation activity in the next 30 days: 97.51%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2014-3566

  • SSL/TLS Version Detection
    Disclosure Date : 2014-10-14
    Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST. Authors: - todb <[email protected]> - et <[email protected]> - Chris John Riley - Veit Hailperin <[email protected]> - h00die

CVSS scores for CVE-2014-3566

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
[email protected]
[email protected]

CWE ids for CVE-2014-3566

References for CVE-2014-3566

Products affected by CVE-2014-3566

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!