Monday, 20 October 2014

IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)

Saw these and thought of ... well, everyone: -


SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server.


SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server.

4 comments:

Hardik Pathak said...

Thank you for sharing these links. Any info about WebSeal configuration ?

Dave Hay said...

@Hardik

Thanks for your comments. Please check the IBM Product Security Incident Response Blog https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us

Hardik Pathak said...

Thank you Dave. I got it, below is the link for others.

http://www-01.ibm.com/support/docview.wss?uid=swg21687954&myns=swgother&mynp=OCSSPREK&mync=E

Dave Hay said...

@Hardik - splendid, thanks for letting me know