HP VAN SDN Controller SSLv3 POODLE cryptographic issues

A vulnerability classified as critical was found in HP VAN SDN Controller (the affected version is unknown). This vulnerability affects some unknown processing of the component SSLv3. Upgrading eliminates this vulnerability. It is possible to mitigate the problem by applying the configuration setting clientAuth="false" sslEnabledProtocols=" TLSv1.1,TLSv1.2". The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field10/13/2016 09:42 AM05/08/2019 08:37 PM09/23/2022 10:18 AM
cvss3_nvd_aNNN
titlewordPOODLEPOODLEPOODLE
date1476144000 (10/11/2016)1476144000 (10/11/2016)1476144000 (10/11/2016)
locationBugtraqBugtraqBugtraq
typeMailinglist PostMailinglist PostMailinglist Post
urlhttp://seclists.org/bugtraq/2016/Oct/29http://seclists.org/bugtraq/2016/Oct/29http://seclists.org/bugtraq/2016/Oct/29
identifierHPSBPV03516HPSBPV03516HPSBPV03516
disputed000
price_0day$5k-$25k$5k-$25k$5k-$25k
config_settingclientAuth="false" sslEnabledProtocols=" TLSv1.1,TLSv1.2"clientAuth="false" sslEnabledProtocols=" TLSv1.1,TLSv1.2"clientAuth="false" sslEnabledProtocols=" TLSv1.1,TLSv1.2"
cveCVE-2014-3566CVE-2014-3566CVE-2014-3566
securityfocus_titleOpenSSL CVE-2014-3566 Man In The Middle Information Disclosure VulnerabilityOpenSSL CVE-2014-3566 Man In The Middle Information Disclosure VulnerabilityOpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
nessus_riskMediumMediumMedium
nessus_typelocallocallocal
nessus_date1417651200 (12/04/2014)1417651200 (12/04/2014)1417651200 (12/04/2014)
qualys_id861298612986129
qualys_titleIBM WebSphere Application Server Multiple Vulnerabilities (swg21697368)-DeprecatedIBM WebSphere Application Server Multiple Vulnerabilities (swg21697368)-DeprecatedIBM WebSphere Application Server Multiple Vulnerabilities (swg21697368)-Deprecated
seealso67791 68695 68795 68757 68781 68780 68906 68905 70696 73295 74941 75096 75097 75098 75099 77870 82677 87123 90110 90111 92813 103829 10378267791 68695 68795 68757 68781 68780 68906 68905 70696 73295 74941 75096 75097 75098 75099 77870 82677 87123 90110 90111 92813 103829 10378267791 68695 68795 68757 68781 68780 68906 68905 70696 73295 74941 75096 75097 75098 75099 77870 82677 87123 90110 90111 92813 103829 103782
cvss2_vuldb_eHHH
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eHHH
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_nvd_basescore6.86.86.8
vendorHPHPHP
nameVAN SDN ControllerVAN SDN ControllerVAN SDN Controller
componentSSLv3SSLv3SSLv3
risk222
historic000
cvss2_vuldb_basescore5.85.85.8
cvss2_vuldb_tempscore5.05.05.0
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acMMM
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiNNN
cvss2_nvd_aiNNN
cvss3_meta_basescore6.86.86.8
cvss3_meta_tempscore6.56.56.6
cvss3_vuldb_basescore6.86.86.8
cvss3_vuldb_tempscore6.56.56.5
cvss3_nvd_avNNN
cvss3_nvd_acHHH
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sCCC
cvss3_nvd_cHHH
cvss3_nvd_iNNN
person_nameKrzysztof KotowiczKrzysztof Kotowicz
company_nameGoogle Security TeamGoogle Security Team
confirm_urlhttp://advisories.mageia.org/MGASA-2014-0416.htmlhttp://advisories.mageia.org/MGASA-2014-0416.html
nameUpgradeUpgrade
date1417478400 (12/02/2014)1417478400 (12/02/2014)
cve_nvd_published14132448001413244800
cve_nvd_summaryThe SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
oval_idoval:org.mitre.oval:def:27057oval:org.mitre.oval:def:27057
secunia5962759627
securityfocus7057470574
securityfocus_date1413244800 (10/14/2014)1413244800 (10/14/2014)
securityfocus_classDesign ErrorDesign Error
nessus_id7971379713
nessus_nameScientific Linux Security Update : nss, nss-util, and nss-softokn on SL5.x, SL6.x, SL7.x i386/x86_64 (POODLE)Scientific Linux Security Update : nss, nss-util, and nss-softokn on SL5.x, SL6.x, SL7.x i386/x86_64 (POODLE)
nessus_filenamesl_20141202_nss__nss_util__and_nss_softokn_on_SL5_x.naslsl_20141202_nss__nss_util__and_nss_softokn_on_SL5_x.nasl
nessus_familyScientific Linux Local Security ChecksScientific Linux Local Security Checks
openvas_id103283103283
openvas_filenameELSA-2015-0067.naslELSA-2015-0067.nasl
openvas_titleOracle Linux Local Check: ELSA-2015-0067Oracle Linux Local Check: ELSA-2015-0067
openvas_familyOracle Linux Local Security ChecksOracle Linux Local Security Checks
msf_idssl_version.rbssl_version.rb
msf_filenamemetasploit-framework/modules/auxiliary/scanner/http/ssl_version.rbmetasploit-framework/modules/auxiliary/scanner/http/ssl_version.rb
msf_titleHTTP SSL/TLS Version Detection (POODLE scanner)HTTP SSL/TLS Version Detection (POODLE scanner)
suricata_id20194162019416
suricata_sigET POLICY SSLv3 outbound connection from client vulnerable to POODLE attackET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack
suricata_classpolicy-violationpolicy-violation
cwe0310 (cryptographic issues)310 (cryptographic issues)
cvss3_vuldb_avNN
cvss3_vuldb_acHH
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sCC
cvss3_vuldb_cHH
cvss3_vuldb_iNN
cvss3_vuldb_aNN
sectracker1031029
cve_assigned1400018400 (05/14/2014)
cvss2_nvd_basescore4.3

Want to stay up to date on a daily basis?

Enable the mail alert feature now!