SSL v3 “POODLE” Attack
Padding Oracle On Downgraded Legacy Encryption
The vulnerability is a Main in the middle (MITM) attack so isn’t trivially exploitable, but various sources indicate this has been seen in the wild. Currently there are no patches for this issue, OpenSSL, the world’s most used SSL library, are still patching the source code, after which they will release the update and vendors can then patch their systems.
The vulnerability exists if both the server and client accepts SSLv3 (even if both are capable of TLSv1/TLSv1.1/TLS1.2 due to a downgrade attack).
For more information see, http://www.cvedetails.com/cve/CVE-2014-3566/
Or search for ‘ CVE-2014-3566 ‘
In the meantime a quick and easy fix is to disable SSL v3 on your systems.
Regards
Netnorth Support