Is Symantec Protection Engine affected by POODLE, the SSLv3 vulnerability?
Note: POODLE stands for Padding Oracle On Downgraded Legacy Encryption (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566). This vulnerability allows to launch a man-in-the-middle (MITM) attack on systems that are using SSLv3 protocol for communication.
Symantec Protection Engine (SPE) uses Java Secure Socket Extension (JSSE) to implement internal Java server logic that provides a base for UI (Web-browser)-based communication. Current implementation makes it possible for the client to communicate with this server using SSLv3 protocol.
The impact from this vulnerbility varies based on the deployment.
SPE is installed inside your perimeter level therefore, there is a very rare chance of the user interface being exposed and accessed by someone outside your premises. Also, SPE does not use the default SSL 443 port for communication.
Even if in some scenario, someone is able to get control over the communication channel by launching an MITM attack, it may at the most impact the working of SPE. This is also a rare possibility as the attacker would not have the knowledge of SPE policy settings. This means your environment/network will have no impact.
Hotfix has been released and attached to the Attachment section below for version SPE 7.0.3 and 7.5.1. As a result. it is essential to upgrade to one of these builds before applying the hotfix.