CVE-2014-3566 aka POODLE

Today, a new attack on SSL v3 dubbed POODLE was published. We’ve reviewed the issue and concur with the community that the issue is similar to the BEAST attack published in 2011 but more practical. Like the BEAST attack, to exploit this vulnerability the attacker must have the capability to run his javascript in the […]]> Today, a new attack on SSL v3 dubbed POODLE was published. We’ve reviewed the issue and concur with the community that the issue is similar to the BEAST attack published in 2011 but more practical.


Like the BEAST attack, to exploit this vulnerability the attacker must have the capability to run his javascript in the victim’s browser and to be able to Man-in-the-Middle the connection between the client and server. At this time we view this as a browser-based attack and do not see direct relevance to VMware’s products.

We will shortly issue a VMware Knowledge Base (KB) article for POODLE with similar guidance to that found in our BEAST KB article.






from VMware Blogs http://bit.ly/1sGpjqb