A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
Find out more about CVE-2014-3566 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1.
This issue affects the version of nss as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Additional information can be found in the Red Hat Knowledgebase article:
https://access.redhat.com/articles/1232123
Base Score | 5 |
---|---|
Base Metrics | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | None |
Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Satellite Capsule 6.0 | RHBA-2014:1857 | 2014-11-13 |
Red Hat Satellite 5.6 (RHEL v.5) (java-1.6.0-ibm) | RHSA-2015:0264 | 2015-02-24 |
Red Hat Satellite 6.0 | RHBA-2014:1857 | 2014-11-13 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2015:0079 | 2015-01-22 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2015:0079 | 2015-01-22 |
Red Hat JBoss Web Server 2.1 | RHSA-2014:1920 | 2014-12-01 |
Red Hat JBoss Web Platform 5.2 | RHSA-2015:0011 | 2015-01-05 |
Red Hat JBoss Enterprise Application Platform 6.3 | RHSA-2015:0012 | 2015-01-05 |
Red Hat Satellite Capsule 6.0 | RHBA-2014:1857 | 2014-11-13 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2015:0080 | 2015-01-22 |
RHOSE Client 2.0 (openshift-origin-node-proxy) | RHSA-2015:1546 | 2015-08-04 |
RHOSE Client 2.0 (openshift-origin-node-proxy) | RHSA-2015:1545 | 2015-08-04 |
Red Hat Satellite 6.0 | RHBA-2014:1857 | 2014-11-13 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2015:0086 | 2015-01-26 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2014:1880 | 2014-11-20 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.5.0-ibm) | RHSA-2014:1881 | 2014-11-20 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.0-ibm) | RHSA-2014:1882 | 2014-11-20 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.6.0-ibm) | RHSA-2015:0264 | 2015-02-24 |
Red Hat JBoss Enterprise Application Platform 5.2 | RHSA-2015:0010 | 2015-01-05 |
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) | RHSA-2015:0085 | 2015-01-26 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2014:1880 | 2014-11-20 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2015:0067 | 2015-01-21 |
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) | RHSA-2015:0068 | 2015-01-20 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun) | RHSA-2015:0086 | 2015-01-26 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2015:0069 | 2015-01-21 |
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) | RHSA-2014:1876 | 2014-11-19 |
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) | RHSA-2014:1877 | 2014-11-19 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2015:0067 | 2015-01-21 |
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) | RHSA-2015:0079 | 2015-01-22 |
Red Hat Enterprise Linux 7 (java-1.6.0-openjdk) | RHSA-2015:0085 | 2015-01-26 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) | RHSA-2014:1877 | 2014-11-19 |
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) | RHSA-2015:0085 | 2015-01-26 |
Red Hat Enterprise Linux Supplementary 5 (java-1.5.0-ibm) | RHSA-2014:1881 | 2014-11-20 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2015:0086 | 2015-01-26 |
Platform | Package | State |
---|---|---|
Red Hat OpenStack Platform 9.0 | puppet | Will not fix |
Red Hat OpenStack Platform 8.0 (Liberty) | puppet | Will not fix |
Red Hat OpenShift Enterprise 2 | jenkins | Affected |
Red Hat OpenShift Enterprise 1 | jenkins | Will not fix |
Red Hat JBoss EWS 1 | openssl | Will not fix |
Red Hat Gluster Storage 2.1 | openssl | Affected |
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | puppet | Will not fix |
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | puppet | Will not fix |
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) | puppet | Will not fix |
Red Hat Enterprise Linux 7 | openssl098e | Affected |
Red Hat Enterprise Linux 7 | nss | Affected |
Red Hat Enterprise Linux 7 | openssl | Affected |
Red Hat Enterprise Linux 7 | gnutls | Under investigation |
Red Hat Enterprise Linux 6 | openssl | Affected |
Red Hat Enterprise Linux 6 | gnutls | Under investigation |
Red Hat Enterprise Linux 6 | nss | Affected |
Red Hat Enterprise Linux 5 | openssl097a | Affected |
Red Hat Enterprise Linux 5 | openssl | Affected |
Red Hat Enterprise Linux 5 | gnutls | Under investigation |
Red Hat Enterprise Linux 5 | nss | Affected |
RHEV Manager 3 | mingw-virt-viewer | Affected |
OpenStack 6 Installer for RHEL 7 | puppet | Will not fix |