Operating System:

[WIN][LINUX][HP-UX][Solaris][AIX]

Published:

04 November 2014

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2014.2043 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.2043
       Vulnerability in SSLv3 (POODLE attack) affects IBM WebSphere
                         Adapters (CVE-2014-3566)
                              4 November 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM WebSphere Adapters
Publisher:         IBM
Operating System:  AIX
                   HP-UX
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Access Confidential Data -- Remote with User Interaction
                   Reduced Security         -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-3566  

Reference:         ASB-2014.0123
                   ASB-2014.0122
                   ESB-2014.2039
                   ESB-2014.2025
                   ESB-2014.2024
                   ESB-2014.2022
                   ESB-2014.2021
                   ESB-2014.2015
                   ESB-2014.2014
                   ESB-2014.2011

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21688947

Comment: The vendor advises an iFix is planned to be released for all 
         supported versions (V6.1 to V7.5.0.5) of WebSphere Adapter for FTP 
         by November 30th, 2014.

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability in SSLv3 (POODLE attack) affects IBM WebSphere Adapters 
(CVE-2014-3566)

Document information

More support for:

WebSphere Adapters

Adapter Non-specific

Software version:

6.1, 6.2, 6.2.0.1, 6.2.0.2, 6.2.0.3, 7.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.0.4,
7.0.1, 7.5

Operating system(s):

AIX, HP Itanium, HP-UX, Linux, Solaris, Windows, z/OS

Reference #:

1688947

Modified date:

2014-11-03

Flash (Alert)

Abstract

Vulnerability in SSLv3 ( POODLE attack) affects IBM WebSphere Adapters 
(CVE-2014-3566).

Content

SSLv3 contains a vulnerability that has been referred to as the Padding Oracle
On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is used for 
Client/Server communication via WebSphere Adapters.

Affected Products and Versions:

This vulnerability affects WebSphere Adapter for FTP on all supported versions

Work around and Mitigations:

An iFix is planned to be released for all supported versions (V6.1 to 
V7.5.0.5) of WebSphere Adapter for FTP by November 30th, 2014.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVFhUeBLndAQH1ShLAQJ53xAAmPUqjSBLmGDXaeF16RBHwQzN70b5Tcak
P7LNn8GilkG3ExcurIs4eFv/d8wQKAvNCTupr0sXMc+mn17TStusfqauRBF57/bQ
JewGn7UMBvphqESXY1ngAO1LzBfdjGV0Aags7KOW3M6sdytU/UqBUbq75Klsc4FR
5O0hd25oTWeHwRinO8JPL2yBN8QPjX2d6Fx6/1sCR3XsnQwRe7pZeeeyoNZi3ygF
gUbBhrzyRWgt4Y3noFG2VgUKcF4dfnUAs54D+1TgEsN9muKo/HrfMzHeowkSmwQq
kLi0F/6Qwp9ZpiHWqjg1twERUFEi7jsr9cA3l8xG7keSZvQgRlZeItC+Vp+JMqjv
TfL+8A4/MtCTriXBxXVNlemHX2/JqnN34l+Q54K1+5LAbJZ9UMhR38Ah7rUXdaBA
Ba19SUhA6xZQ/E4gvCtmlvyaj3eem8dJxuAuNXyjrq3m6FHvC2ExOcoIomtOqk2p
/urqc46ML3mpKvh1ssavolNAgjrnfXEC0oAKeJJV23oit74JKEKcWhUEQDoclAyt
2tyWqHjscGkBEuAaC5abW/FY+KaYHVVoC9MZ8llYLRT7Uj0VFuZpgA9z0FSWyqNK
BIPZegolT6ajPDeYhqXhQE/drp1HFp5JgTcjWkBvNsFS1waVe6GC9l4seIt88dGz
lxvFyILQaDQ=
=+jEo
-----END PGP SIGNATURE-----