Wednesday, October 15, 2014

POODLE SSL vulnerability (CVE-2014-3566)

A new vulnerability in the SSL protocol has been published today. Codenamed POODLE, it exploits a flaw in the design of SSL version 3.0. that allows the plaintext of secure connections to be calculated by a network attacker.

Recent Bitnami stacks released in the last 6 months are NOT affected as the default, optimized configuration we use for SSL is not vulnerable. If you are running an older version of a Bitnami stack you may be vulnerable and need to change your configuration. You can learn more in our wiki page for this issue.