5.9
CVE-2015-2774
- EPSS 1.9%
- Veröffentlicht 07.04.2016 21:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.9% | 0.77 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://usn.ubuntu.com/3571-1/
https://www.imperialviolet.org/2014/12/08/poodleagain.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00124.html
http://openwall.com/lists/oss-security/2015/03/27/6
http://openwall.com/lists/oss-security/2015/03/27/9
http://www.securityfocus.com/bid/73398
https://web.archive.org/web/20150905124006/http://www.erlang.org/news/85