Monday, 20 October 2014

IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)

Saw these and thought of ... well, everyone: -


SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server.


SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server.
at

4 comments:

  1. Unknown28 October 2014 at 14:39

    Thank you for sharing these links. Any info about WebSeal configuration ?

    ReplyDelete
  2. Dave Hay29 October 2014 at 06:20

    @Hardik

    Thanks for your comments. Please check the IBM Product Security Incident Response Blog https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us

    ReplyDelete
  3. Unknown29 October 2014 at 10:21

    Thank you Dave. I got it, below is the link for others.

    http://www-01.ibm.com/support/docview.wss?uid=swg21687954&myns=swgother&mynp=OCSSPREK&mync=E

    ReplyDelete
  4. Dave Hay29 October 2014 at 18:13

    @Hardik - splendid, thanks for letting me know

    ReplyDelete