ALAS-2015-472

Affected Products

Exploit Intelligence

• Auditoría de seguridad y análisis de vulnerabilidades (CVE-2014-3566 y CVE-2010-2333) en la infraestructura de red local y router residencial. (github-poc)
• A2SV = Auto Scanning to SSL Vulnerability HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc Support Vulnerability [CVE-2007-1858] Anonymous Cipher [CVE-2012-4929] CRIME(SPDY) [CVE-2014-0160] CCS Injection [CVE-2014-0224] HeartBleed [CVE-2014-3566] SSLv3 POODLE [CVE-2015-0204] FREAK Attack [CVE-2015-4000] LOGJAM Attack [CVE-2016-0800] SSLv2 DROWN Installation : $ apt update && apt upgrade $ apt install git $ apt install python2 $ apt install python $ git clone https://github.com/hahwul/ a2... (github-poc-repo)
• Vibe coded POC of exploitation of the POODLE CVE-2014-3566 (github-poc)
• Test code for poodle attack (CVE-2014-3566) (github-poc)
• uthrasri/openssl_g2.5_CVE-2014-3566 (github-poc)
• :poodle: Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 :poodle: (github-poc)
• CloudPassage Halo policy for detecting vulnerability to CVE-2014-3566 (AKA POODLE) (github-poc)
• mikesplain/CVE-2014-3566-poodle-cookbook (github-poc)
• Performs a testssl.sh test on SSL/TLS port and displays tool output. (nmap-nse)
• Checks whether SSLv3 CBC ciphers are allowed (POODLE) Run with -sV to use Nmap's service scan to detect SSL/TLS on non-standard ports. Otherwise, ssl-poodle will only run on ports that are commonly used for SSL. POODLE is CVE-2014-3566. All implementations of SSLv3 that accept CBC ciphersuites are vulnerable. For speed of detection, this script will stop after the first CBC ciphersuite is discovered. If you want to enumerate all CBC ciphersuites, you can use Nmap's own ssl-enum-ciphers to do ... (nmap-nse)

…and 1 more exploits

Timeline

• Oct 21, 2014 PoC Published
• Jan 22, 2015 CVE Published
• Apr 11, 2025 PoC Published

References

• ALAS-2015-472: java-1.8.0-openjdk (important) advisory