NVD

Id
24773  
Name
CVE-2015-2774  
Description
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2016-04-07  
Modified Date
2016-12-02  
Seq
2015-2774  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
130706 24773 CVE-2015-2774 openSUSE-SU-2016:0523  View
130707 24773 CVE-2015-2774 [oss-security] 20150327 CVE request: Erlang POODLE TLS vulnerability  View
130708 24773 CVE-2015-2774 [oss-security] 20150327 Re: CVE request: Erlang POODLE TLS vulnerability  View
130709 24773 CVE-2015-2774 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html  View
130710 24773 CVE-2015-2774 73398  View
130711 24773 CVE-2015-2774 https://web.archive.org/web/20150905124006/http://www.erlang.org/news/85  View
130712 24773 CVE-2015-2774 https://www.imperialviolet.org/2014/12/08/poodleagain.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11709 JVNDB-2015-007029 Erlang/OTP における平文データを取得される脆弱性 Erlang/OTP は、接続終了時に CBC パディングバイトを適切にチェックしないため、平文データを取得される脆弱性が存在します。 CVE-2015-2774 79999 CVE-2015-2774 24773 4.3 5.9 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-007029.html 2015-03-26 2016-04-14 View