Zombie POODLE and GOLDENDOODLE Vulnerabilities

Submitted on 14. June 2019 - 10:44 by rischi.
Last update on 20. June 2019 - 0:20.

IDs:

CVE-2019-6593

Keywords:

OpenSSL, TLS, Zombie POODLE and GOLDENDOODLE

Description:

New SSL/TLS vulnerabilities have been published with the names Zombie POODLE, GOLDENDOODLE and Sleeping POODLE [1].

No action required for Airlock WAF

Details:

The vulnerabilities describe a series of TLS CBC padding oracles affecting TLS protocol versions 1.0, 1.1 and 1.2. Airlock WAF supports CBC block cipher mode for backward compatibility only. Since Airlock WAF 7.2, modern clients will negotiate TLS protocol version 1.3 which is not affected. All CBC ciphers have a low priority on Airlock WAF. This means that block cipher modes like GCM or stream ciphers like ChaCha are preferred.

Exploits are known for various TLS implementation but not for OpenSSL.

Information about the related "0-Length OpenSSL" vulnerability can be found in [2].

Component:

Airlock

Airlock Vulnerability Status:

Does not affect Airlock

Back-end Vulnerability Status:

Does not affect back-end behind Airlock

Reference:

[1] Introducing Zombie POODLE and GOLDENDOODLE

[2] OpenSSL Vulnerabilities Fixed in Version 1.0.2r

Main menu

Navigation

User menu

You are here

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Main menu

Search form

Navigation

User menu

You are here

Zombie POODLE and GOLDENDOODLE Vulnerabilities