VDB
DEBIAN-CVE-2014-3566
DEBIAN-CVE-2014-3566
PUBLISHED
CVSS 3.4000000953674316 LOW
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Risk Scores
CVSS v3.1
3.4000000953674316
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | lighttpd | 0, 0, 0 |
| Debian:11 | netsurf | 0, 0, 0 |
| Debian:12 | erlang | 0, 0, 0 |
| Debian:14 | nss | 0, 0, 0 |
| Debian:13 | netsurf | 0, 0, 0 |
| Debian:14 | pound | 0, 0, 0 |
| Debian:14 | netsurf | 0, 0, 0 |
| Debian:12 | netsurf | 0, 0, 0 |
| Debian:12 | epiphany-browser | 48.5-2, 44.5-1, 44.5-2 |
| Debian:11 | openssl | 0, 0, 0 |
| Debian:13 | haskell-tls | 0, 0, 0 |
| Debian:12 | lighttpd | 0, 0, 0 |
| Debian:11 | wolfssl | 0, 0, 0 |
| Debian:13 | pound | 0, 0, 0 |
| Debian:14 | epiphany-browser | 48.5-2, 48.5-3, 49.1-1 |
| Debian:13 | wolfssl | 0, 0, 0 |
| Debian:12 | gnutls28 | 0, 0, 0 |
| Debian:12 | openssl | 0, 0, 0 |
| Debian:13 | erlang | 0, 0, 0 |
| Debian:13 | gnutls28 | 0, 0, 0 |
…and 24 more
Timeline
- Oct 15, 2014 CVE Published
- Oct 21, 2014 PoC Published
- Apr 11, 2025 PoC Published
- Apr 28, 2026 CVE Updated