Erlang/OTP prior to 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle malicious users to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
erlang erlang\\/otp |
||
oracle solaris 11.2 |
||
opensuse opensuse 13.2 |