Wednesday, October 15, 2014

POODLE SSL vulnerability (CVE-2014-3566)

A new vulnerability in the SSL protocol has been published today. Codenamed POODLE, it exploits a flaw in the design of SSL version 3.0. that allows the plaintext of secure connections to be calculated by a network attacker.

http://googleonlinesecurity.blogspot.com.es/2014/10/this-poodle-bites-exploiting-ssl-30.html

Recent Bitnami stacks released in the last 6 months are NOT affected as the default, optimized configuration we use for SSL is not vulnerable. If you are running an older version of a Bitnami stack you may be vulnerable and need to change your configuration. You can learn more in our wiki page for this issue.

No comments:

Post a Comment

Please use our community forum if you have any questions community.bitnami.com