Details
Critical Description
TLS CBC Incorrect Padding Abuse Vulnerability for ports - 18091/TCP over SSL, 18092/TCP over SSL and 11214/TCP over SSL.
POODLE attack on SSLv3 has been described here https://www.openssl.org/~bodo/ssl-poodle.pdf, where the attacker exploits the fact that the CBC padding values where not strictly defined by SSLv3 protocol. This was a SSLv3 protocol weakness. In case of TLS the padding byte values are well defined, however some vendors are reusing the SSLv3 processing algorithm to process the TLS records and as a result if the last byte contains a correct value, the entire padding is considered acceptable. This allows an attacker to launch a POODLE type of an attack against TLS versions. you can find details of vulnerability here https://www.a10networks.com/sites/default/files/security-advisories/A10-RapidResponse_CVE-2014-8730.pdf.
Attachments
Issue Links
- blocks
-
MB-14772 3.1.0 Minor Release
-
- Resolved
-
| For Gerrit Dashboard: MB-14844 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 51832,2 | MB-14844 Maintain only one list of supported ssl/tls versions. | rel-3.0.0++ | ns_server | Status: MERGED | +2 | +1 |
| 51833,2 | MB-14844 Don't support tlsv1. | rel-3.0.0++ | ns_server | Status: MERGED | +2 | +1 |
| 51932,1 | Merge remote-tracking branch 'couchbase/rel-3.0.0++' | master | ns_server | Status: MERGED | +2 | +1 |
| 51938,1 | MB-14844 Maintain only one list of supported ssl/tls versions. | master | ns_server | Status: ABANDONED | 0 | 0 |
| 51939,1 | MB-14844 Don't support tlsv1. | master | ns_server | Status: ABANDONED | 0 | 0 |