The POODLE (“Padding Oracle On Downgraded Legacy Encryption”) attack is a man-in-the-middle exploit which takes advantage of Internet and security software clients’ fallback to SSL 3.0. SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-Oracle attack such as the POODLE issue.
Impact: Only older versions of Data Center RUM 12.2.x and earlier and AppMon 6.1 were affected.
- AppMon: This problem was addressed in AppMon 6.1 and back ported via public fixback to all the other older available versions. All versions are now using TLS only.
- DC RUM: In 12.2.x and earlier, disable the use of SSLv3 and use a more secure TLS protocol. Releases 12.3 and 12.4 are not affected (use of SSLv3 was disabled). See POODLE vulnerability in SSLv3 for details.