Skip to content
← Browse CVEs

CVE-2014-3566

Low · CVSS 3.4EPSS 100.0%CWE-310

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

References

NVD MITRE CVE.org

Published

Community ground truth

Community verdict

2 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

to add your verdict.

Community real-world severity: Medium (Medium 1 · Low 1) — CVSS base score 3.4

Practitioners rate this higher than its CVSS — treat with extra caution.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Waleed AzizCurated

    Real protocol flaw, but practical exploitation needs an active MITM position and many requests to peel one byte at a time. In 2014 it mattered; today it shows up mostly as a compliance/scanner ding for SSLv3 being enabled. Rarely a real-world incident.

  • 0
    Remediation · Nadia PetrovaCurated

    Just disable SSLv3 everywhere (enable TLS_FALLBACK_SCSV in the interim). It's the right fix and removes the finding regardless of practical exploitability.