CVE-2014-3566 - Low Severity Vulnerability
Vulnerable Library - opensslOpenSSL_1_0_1i
TLS/SSL and crypto library
Library home page: https://github.com/openssl/openssl.git
Found in base branch: archived-io.js-v0.10
Vulnerable Source Files (7)
node/deps/openssl/openssl/ssl/dtls1.h
node/deps/openssl/openssl/ssl/dtls1.h
node/deps/openssl/openssl/ssl/tls1.h
node/deps/openssl/openssl/ssl/s23_clnt.c
node/deps/openssl/openssl/ssl/dtls1.h
node/deps/openssl/openssl/ssl/tls1.h
node/deps/openssl/openssl/ssl/ssl3.h
Vulnerability Details
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Publish Date: 2014-10-15
URL: CVE-2014-3566
CVSS 3 Score Details (3.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201606-11
Release Date: 2016-06-26
Fix Resolution: All claws-mail users should upgrade to the latest version >= claws-mail-3.13.2
Step up your Open Source Security Game with WhiteSource here
CVE-2014-3566 - Low Severity Vulnerability
TLS/SSL and crypto library
Library home page: https://github.com/openssl/openssl.git
Found in base branch: archived-io.js-v0.10
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Publish Date: 2014-10-15
URL: CVE-2014-3566
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201606-11
Release Date: 2016-06-26
Fix Resolution: All claws-mail users should upgrade to the latest version >= claws-mail-3.13.2
Step up your Open Source Security Game with WhiteSource here