A Portal to a Portal: IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)

Monday, 20 October 2014

IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)

Saw these and thought of ... well, everyone: -

Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)

SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server.

Security Bulletin: Vulnerability in SSLv3 affects IBM HTTP Server (CVE-2014-3566)

SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server.

4 comments:

Unknown said...: Thank you for sharing these links. Any info about WebSeal configuration ?; 28 October 2014 at 14:39
Dave Hay said...: @Hardik

Thanks for your comments. Please check the IBM Product Security Incident Response Blog https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us; 29 October 2014 at 06:20
Unknown said...: Thank you Dave. I got it, below is the link for others.

http://www-01.ibm.com/support/docview.wss?uid=swg21687954&myns=swgother&mynp=OCSSPREK&mync=E; 29 October 2014 at 10:21
Dave Hay said...: @Hardik - splendid, thanks for letting me know; 29 October 2014 at 18:13

A Portal to a Portal

Monday, 20 October 2014

IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)

4 comments:

Note to self - use kubectl to query images in a pod or deployment

Search This Blog