ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Protection Engine and POODLE: SSLv3 vulnerability (CVE-2014-3566)

book

Article ID: 161368

calendar_today

Updated On:

Products

Protection Engine for Cloud Services

Issue/Introduction

Is Symantec Protection Engine affected by POODLE, the SSLv3 vulnerability?

 

Note: POODLE stands for Padding Oracle On Downgraded Legacy Encryption (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566). This vulnerability allows to launch a man-in-the-middle (MITM) attack on systems that are using SSLv3 protocol for communication.

Cause

Symantec Protection Engine (SPE) uses Java Secure Socket Extension (JSSE) to implement internal Java server logic that provides a base for UI (Web-browser)-based communication. Current implementation makes it possible for the client to communicate with this server using SSLv3 protocol.

Resolution

The impact from this vulnerbility varies based on the deployment.

SPE is installed inside your perimeter level therefore, there is a very rare chance of the user interface being exposed and accessed by someone outside your premises. Also, SPE does not use the default SSL 443 port for communication.

Even if in some scenario, someone is able to get control over the communication channel by launching an MITM attack, it may at the most impact the working of SPE. This is also a rare possibility as the attacker would not have the knowledge of SPE policy settings. This means your environment/network will have no impact. 

Hotfix has been released and attached to the Attachment section below for version SPE 7.0.3 and 7.5.1. As a result. it is essential to upgrade to one of these builds before applying the hotfix.



Attachments

SPE_7.5.1_HF1.zip get_app
SPE_7.0.3_HF1.zip get_app
ReadMe_SPE_7.0.3_HF1.txt get_app
ReadMe_7.5.1_HF1.txt get_app