### [CVE-2014-3566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

### POC

#### Reference
- http://www-01.ibm.com/support/docview.wss?uid=swg21688283
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.vmware.com/security/advisories/VMSA-2015-0003.html
- https://github.com/mpgn/poodle-PoC
- https://www.elastic.co/blog/logstash-1-4-3-released

#### Github
- https://github.com/1N3/MassBleed
- https://github.com/20142995/sectool
- https://github.com/4psa/dnsmanagerpatches
- https://github.com/4psa/voipnowpatches
- https://github.com/84KaliPleXon3/a2sv
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CamiloEscobar98/DjangoProject
- https://github.com/CertifiedCEH/DB
- https://github.com/DButter/whitehat_public
- https://github.com/EvgeniyaBalanyuk/attacks
- https://github.com/F4RM0X/script_a2sv
- https://github.com/FroggDev/BASH_froggPoodler
- https://github.com/GhostTroops/TOP
- https://github.com/H4CK3RT3CH/a2sv
- https://github.com/JERRY123S/all-poc
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/Kapotov/3.9.1
- https://github.com/MrE-Fog/a2sv
- https://github.com/Mre11i0t/a2sv
- https://github.com/NikolayAntipov/DB_13-01
- https://github.com/SECURED-FP7/secured-psa-reencrypt
- https://github.com/TechPorter20/bouncer
- https://github.com/TheRipperJhon/a2sv
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
- https://github.com/Wanderwille/13.01
- https://github.com/WiktorMysz/devops-netology
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
- https://github.com/alexoslabs/HTTPSScan
- https://github.com/anthophilee/A2SV--SSL-VUL-Scan
- https://github.com/automatecloud/lacework-kaholo-autoremediation
- https://github.com/bjayesh/ric13351
- https://github.com/bysart/devops-netology
- https://github.com/camel-clarkson/non-controlflow-hijacking-datasets
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/clic-kbait/A2SV--SSL-VUL-Scan
- https://github.com/clino-mania/A2SV--SSL-VUL-Scan
- https://github.com/cloudpassage/mangy-beast
- https://github.com/cryptflow/checks
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/dmitrii1312/03-sysadmin-09
- https://github.com/fireorb/SSL-Scanner
- https://github.com/fireorb/sslscanner
- https://github.com/geon071/netolofy_12
- https://github.com/ggrandes/bouncer
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/giusepperuggiero96/Network-Security-2021
- https://github.com/hahwul/a2sv
- https://github.com/halencarjunior/HTTPSScan-PYTHON
- https://github.com/hktalent/TOP
- https://github.com/hrbrmstr/internetdb
- https://github.com/huggablehacker/poodle-test
- https://github.com/ilya-starchikov/devops-netology
- https://github.com/jbmihoub/all-poc
- https://github.com/jiphex/debsec
- https://github.com/mahendra1904/lacework-kaholo-autoremediation
- https://github.com/marcocastro100/Intrusion_Detection_System-Python
- https://github.com/marklogic/marklogic-docker
- https://github.com/matjohns/squeeze-lighttpd-poodle
- https://github.com/mawinkler/c1-ws-ansible
- https://github.com/mikemackintosh/ruby-qualys
- https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook
- https://github.com/mpgn/poodle-PoC
- https://github.com/n13l/measurements
- https://github.com/neominds/ric13351
- https://github.com/nikolay480/devops-netology
- https://github.com/odolezal/D-Link-DIR-655
- https://github.com/pashicop/3.9_1
- https://github.com/puppetlabs/puppetlabs-compliance_profile
- https://github.com/r0metheus/poodle-attack
- https://github.com/r0metheus/poodle-attack-poc
- https://github.com/r3p3r/1N3-MassBleed
- https://github.com/rameezts/poodle_check
- https://github.com/rvaralda/aws_poodle_fix
- https://github.com/shanekeels/harden-ssl-tls-windows
- https://github.com/stanmay77/security
- https://github.com/stdevel/poodle_protector
- https://github.com/toysweet/opensslbug
- https://github.com/tzaffi/testssl-report
- https://github.com/uthrasri/openssl_g2.5_CVE-2014-3566
- https://github.com/vitaliivakhr/NETOLOGY
- https://github.com/vshaliii/Hacklab-Vulnix
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/yellownine/netology-DevOps