Monday, 20 October 2014

IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)

Saw these and thought of ... well, everyone: -


SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server.


SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server.

4 comments:

Unknown said...

Thank you for sharing these links. Any info about WebSeal configuration ?

Dave Hay said...

@Hardik

Thanks for your comments. Please check the IBM Product Security Incident Response Blog https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us

Unknown said...

Thank you Dave. I got it, below is the link for others.

http://www-01.ibm.com/support/docview.wss?uid=swg21687954&myns=swgother&mynp=OCSSPREK&mync=E

Dave Hay said...

@Hardik - splendid, thanks for letting me know

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...