Update: RedShield Cloud is not vulnerable to the POODLE attack. Currently all SSL connections on RedShield use a patched version of TLS, and vulnerable customers are shielded from remote attackers targeting this vulnerability.
RedShield Cloud customers may still be vulnerable in the following circumstances:
- Origin web servers use SSLv3 or any SSL stack which has a vulnerable TLS implementation
- Attackers would need to successfully execute a man-in-the-middle (MITM) attack from a privileged position between RedShield Cloud, and the origin web server. The risk of this is negligible for most customers.
Patching and updating of servers, load balancers and any systems supporting SSL is recommended.
RedShield On-Premise customers may still be vulnerable in the following circumstances:
- On Premise F5 Big IP systems use SSLv3, or are running any version of TMOS which has a vulnerable TLS implementation
- Attackers would need to successfully execute a man-in-the-middle (MITM) attack positioned in the network anywhere between a client browser, and the origin web server.
Patching and updating of any F5 Big IP systems supporting SSL is recommended.
General Information Relating to CVE-2014-8730
The POODLE attack allows a network attacker to extract the plaintext of targeted parts of an SSL connection, usually cookie data.
The attack requires that a man-in-the-middle (MITM) attacker can make the victim repeatedly send the same secret information over an SSL connection, mixed with attacker provided data. For example, from a website an attacker's script could make a victim's browser send repeated requests to a target server. Each request would contain attacker controlled data (such as the target path and GET/POST data) as well as some secret information the attacker wanted to recover, such as an authentication cookie.
RedShield has rated this vulnerability using the CVSS as a 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Some links with more information about POODLE and TLS are here: