VDB
H1-318594
H1-318594
PUBLISHED
SSLv3 Poodle Attack on Ip Of semrush
Exploit Intelligence
- Test code for poodle attack (CVE-2014-3566) (github-poc)
- uthrasri/openssl_g2.5_CVE-2014-3566 (github-poc)
- :poodle: Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 :poodle: (github-poc)
- CloudPassage Halo policy for detecting vulnerability to CVE-2014-3566 (AKA POODLE) (github-poc)
- mikesplain/CVE-2014-3566-poodle-cookbook (github-poc)
- SSLv3 Poodle Attack on Ip Of semrush (hackerone)
- SSLv3 Poodle Attack on Ip Of semrush (hackerone)
- Checks whether SSLv3 CBC ciphers are allowed (POODLE) Run with -sV to use Nmap's service scan to detect SSL/TLS on non-standard ports. Otherwise, ssl-poodle will only run on ports that are commonly used for SSL. POODLE is CVE-2014-3566. All implementations of SSLv3 that accept CBC ciphersuites are vulnerable. For speed of detection, this script will stop after the first CBC ciphersuite is discovered. If you want to enumerate all CBC ciphersuites, you can use Nmap's own ssl-enum-ciphers to do ... (nmap-nse)
- This script repeatedly initiates SSLv3/TLS connections, each time trying a new cipher or compressor while recording whether a host accepts or rejects it. The end result is a list of all the ciphersuites and compressors that a server accepts. Each ciphersuite is shown with a letter grade (A through F) indicating the strength of the connection. The grade is based on the cryptographic strength of the key exchange and of the stream cipher. The message integrity (hash) algorithm choice is not a fa... (nmap-nse)
Timeline
- Jun 20, 2016 PoC Published
- Mar 13, 2018 CVE Published
- Mar 13, 2018 PoC Published
- Jul 20, 2018 PoC Published
References
- SSLv3 Poodle Attack on Ip Of semrush advisory