Poodle Bites Back

vulnpoodle

Another Poodle related vulnerability has been reported in the wild in various channels. This time impacting TLS to a degree. So admin’s should take a moment and read up on it and keep current as its likely to continue developing over the next couple days/weeks as more vendors are likely determined as I am sure F5 was just the start.

As reported in the links below, about 10% of web sites operated are likely vulnerable, and F5 devices are vulnerable, and some others. Links below offer some handling details, testing, and it appears a CVE has been reserved, but is not fully populated just yet.

Mitre Page

Blog entry with further details.

Poodle Bites blog entry

Web server testing tool (same as original poodle article with enhancements)

SSL Labs testing page

Adam Langley – Google Security Engineer – Blog (Imperial Violet)

Imperial Violet Blog – Poodle Again

F5 security page about the vulnerability (lists models and details)

F5 models and vulnerabilities