CERT mailing list archives
Certain TLS Implementations Vulnerable to POODLE Attacks
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Tue, 09 Dec 2014 15:30:50 -0600
NCCIC / US-CERT National Cyber Awareness System: Certain TLS Implementations Vulnerable to POODLE Attacks [ https://www.us-cert.gov/ncas/current-activity/2014/12/09/Certain-TLS-Implementations-Vulnerable-POODLE-Attacks ] 12/09/2014 03:20 PM EST Original release date: December 09, 2014 A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications. US-CERT encourages users and administrators to review TA14-290A [ https://www.us-cert.gov/ncas/alerts/TA14-290A ] for additional information on the POODLE attack and apply any necessary updates to address the vulnerability. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- Certain TLS Implementations Vulnerable to POODLE Attacks US-CERT (Dec 09)