RULE(RULE ID:710988)

Rule General Information
Release Date: 2015-03-06
Rule Name: SSL 3.0 Padding Oracle Information Disclosure Vulnerability -3 (CVE-2014-3566)
Severity:
CVE ID:
Rule Protection Details
Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack.
Impact: An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information.
Affected OS: Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS
Reference: SecurityFocusBID:70574
SecurityTrackerID:1031029
SecurityTrackerID:1031039
SecurityTrackerID:1031085
SecurityTrackerID:1031086
SecurityTrackerID:1031087
SecurityTrackerID:1031088
SecurityTrackerID:1031089
SecurityTrackerID:1031090
SecurityTrackerID:1031091
SecurityTrackerID:1031092
SecurityTrackerID:1031093
SecurityTrackerID:1031094
SecurityTrackerID:1031095
SecurityTrackerID:1031096
SecurityTrackerID:1031105
SecurityTrackerID:1031106
SecurityTrackerID:1031107
SecurityTrackerID:1031120
SecurityTrackerID:1031123
SecurityTrackerID:1031124
SecurityTrackerID:1031130
SecurityTrackerID:1031131
SecurityTrackerID:1031132
MicrosoftSecurityBulletin:3009008
Solutions
More advisories have been published on the website, please visit for more suggestions:
https://technet.microsoft.com/library/security/3009008
https://www.openssl.org/news/secadv_20141015.txt