HP Security Bulletin HPSBGN03209 - A potential security vulnerability has been identified with HP Application Lifecycle Management running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
e679dd5c2daede4524e04696a912f8c749c70a8bafe54a0b2f0b220562cbe80e
HP Security Bulletin HPSBGN03202 - A potential security vulnerability has been identified with HP CMS: Configuration Manager running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
11d8f74f3d234703927a352f928edc3ce65648f18012e6152aa5b809e5c5d27e
HP Security Bulletin HPSBGN03203 1 - A potential security vulnerability has been identified with HP CMS: UCMDB Browser running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
8281554f5b51f6acd0e47dfe32db3e2d7d3f99d482865c62907f01596d09e599
HP Security Bulletin HPSBGN03201 1 - A potential security vulnerability has been identified with HP Asset Manager running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
8d3005a1b0c642ff69a47c82927bf40817a1e1a51024896e3b5e09498f2f302f
HP Security Bulletin HPSBMU03214 1 - A potential security vulnerability has been identified with HP Systinet running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
5ee6de586eb2db1855ec3f8ac1c16341e1ee99491b3bc38b16ec20d914ac3e61
Gentoo Linux Security Advisory 201411-10 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service. Versions less than 11.13.1 are affected.
8cb3b44b05c040b60ed10a544ecb9a25244ce0962746f4d7d96926bcca8015f3
Mandriva Linux Security Advisory 2014-218 - Multiple vulnerabilities have been discovered and corrected in asterisk. The updated packages has been upgraded to the 11.14.1 version which is not vulnerable to these issues.
0534fe5967f21eae7e7046a4d878c5be5ad87b03ce2d780f490b6b44c04c1d6c
Red Hat Security Advisory 2014-1882-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
739553eebe194c764860fdf7fef41eee3aed9586ecf57cee33e3e900c897fed5
Red Hat Security Advisory 2014-1881-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
6d075d501782cf382bcc6edcafdc84e55624414d574fe5b16cd42344ff1b187a
Red Hat Security Advisory 2014-1880-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
5d609a90cdea6dcd204ddaeb5da8097ae2d553d12c9f429fe8566cb0ce22c142
Red Hat Security Advisory 2014-1877-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
03fd13611ccfc856be5e91a62ee8127d21ba187f8ca92810e9d322950c7c3bc1
Red Hat Security Advisory 2014-1876-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
6d221975cabbebbc241b0225aff33a5b993018aaf62f538567c220abef5005dd
HP Security Bulletin HPSBMU03183 2 - A potential security vulnerability has been identified with HP Server Automation and Server Automation Virtual Appliance running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
50dd42f8950f74ed5fcdb76107b4f0688854540b1ea9bbfc9deac8b085470f94
HP Security Bulletin HPSBGN03192 1 - A potential security vulnerability has been identified with HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the current HP iCAS client software. Revision 1 of this advisory.
3b22f5fc8d2a225d20468f2e0c34749da225bf5130569567f712ac91c0c6e28f
HP Security Bulletin HPSBGN03191 1 - A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd. These vulnerabilities could be exploited remotely resulting in disclosure of information, elevation of privilege, SQL injection, or to create a Denial of Service (DoS). These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the lighttpd based vCAS Web Server. Revision 1 of this advisory.
6f968d85b22f5fbfed109939f90483ff9eef7b3027bef59336a2b90ece346765
HP Security Bulletin HPSBGN03164 1 - A potential security vulnerability has been identified with HP IceWall SSO Dfw , SSO Certd, and MCRP running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
980ee97b143b372b5a1ff3b939f0feafd7414703cdce1d204f657684003c2051
HP Security Bulletin HPSBMU03184 1 - A potential security vulnerability has been identified with HP SiteScope running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
f5d4009faa0f2b4a38c2f39e1e8ea7a141f3a0e67dc5a7429bdc067345229661
HP Security Bulletin HPSBUX03162 SSRT101767 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
c51bd30a7372995a2a077c7720121ca3dfb8254c3036fbf6a8b37926e402e633
HP Security Bulletin HPSBUX03162 SSRT101767 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
6652a13d7c69ae6a2897c9474ac902a1366196ab08a094e82c693ce4abdb973b
HP Security Bulletin HPSBHF03156 - A potential security vulnerability has been identified with the HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
6e6c399de1b833236d40e0bbbc145b48364b6110b2c080f1fb91d4b0b75f0cbf
HP Security Bulletin HPSBMU03152 - A potential security vulnerability has been identified with HP Operations Orchestration running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
135b8b5df7d75054cff6030c520d1e1794639c655c17d21c329830247e297a86
Mandriva Linux Security Advisory 2014-203 - OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications to block the ability for a MITM attacker to force a protocol downgrade. Some client applications will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this issue in a Denial Of Service attack. The updated packages have been upgraded to the 1.0.0o version where these security flaws has been fixed.
462c872ebcc385be756aa0fb753b94bba6e8c81eea179a7094bc9780baab1264
FreeBSD Security Advisory - A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. The SSL protocol 3.0, as supported in OpenSSL and other products, supports CBC mode encryption where it could not adequately check the integrity of padding, because of the use of non-deterministic CBC padding. This protocol weakness makes it possible for an attacker to obtain clear text data through a padding-oracle attack. Some client applications (such as browsers) will reconnect using a downgraded protocol to work around interoperability bugs in older servers. This could be exploited by an active man-in-the-middle to downgrade connections to SSL 3.0 even if both sides of the connection support higher protocols. SSL 3.0 contains a number of weaknesses including POODLE.
1338c6e5d97b6096c8316516c16ede168dd7ee9fb4220f57cfcb0077bbbdbdbe
Asterisk Project Security Advisory - Asterisk suffered from the SSL POODLE vulnerability.
f3393b5e599a0d63b52314b6cb1f7808ffb0f59894dcb498c686d60e147cb6d3
Apple Security Advisory 2014-10-20-2 - Apple TV 7.0.1 is now available and addresses bluetooth and SSL 3.0 related security vulnerabilities.
c890e6b559bc3c39268a1477242e07d30dca426a1c327584e5bf3110bfd6fe17