IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)
Specifically for WebSeal, IHS, WebSphere, TDS
TITLE: Security Bulletin: Vulnerability in SSLv3 affects Tivoli Access Manager for e-business and Security Access Manager for Web (CVE-2014-3566)
URL: http://www.ibm.com/support/docview.wss?uid=swg21687954&myns=swgother&mynp=OCSSPREK&mync=E
ABSTRACT: SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web.
TITLE: Security Bulletin: Vulnerability in SSLv3 affects WebSphere included with Tivoli Access Manager for e-business and Security Access Manager for Web (CVE-2014-3566)
URL: http://www.ibm.com/support/docview.wss?uid=swg21687955&myns=swgother&mynp=OCSSPREK&mync=E
ABSTRACT: SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in the IBM WebSphere product bundled with IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web.
TITLE: Security Bulletin: Vulnerability in SSLv3 affects Directory Server (CVE-2014-3566)
URL: http://www.ibm.com/support/docview.wss?uid=swg21687611&myns=swgother&mynp=OCSSVJJU&mync=E
ABSTRACT: SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in Tivoli Directory Server (TDS) and IBM Security Directory Server (SDS).
After making chnages one need to check if SSL connection is stopped, you can use below commands if you have OpenSSL installed.
openssl
s_client -connect <website_address>:<secureport>-ssl3
openssl
s_client -connect <website_address>:<secureport>-tls1
