A vulnerability, known as POODLE ("Padding Oracle On Downgraded Legacy Encryption"), was reported in this SSLv3. An attacker can exploit this vulnerability to obtain users’ cookies and compromise users’ accounts.
This vulnerability has been assigned a CVE number: CVE-2014-3566. For more information, do take a look at Security Vulnerability Alert: POODLE SSLv3.0 vulnerability
Web system owners are also advised to disable SSLv3 and enable TLS_FALLBACK_SCSV to maintain interoperability.
Do take a look at How To Protect your Server Against the POODLE SSLv3 Vulnerability on how to protect your servers from SSLv3 "POODLE" Vulnerability
Step 1. I would like to highlight the CentOS / Red Hat variety in
# vim /etc/httpd/conf.d/ssl.conf
Step 2. Find the SSLProtocol Directives,
SSLProtocol all -SSLv3 -SSLv2
Step 3. Restart the httpd services
# service httpd restart
References
No comments:
Post a Comment