Description: This bulletin provides information regarding the recently identified vulnerability in the SSL protocol documented by CVE-2014-3566. This vulnerability, commonly known as POODLE (Padded Oracle On Downgraded Legacy Encryption) is specific to SSL protocol 3.0, and takes advantage of the way blocks of data are encrypted in the Cipher Block Chaining (CBC) mode of block ciphers
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue
Brocade FastIron devices support SSL 3.0 and are thus susceptible to this vulnerability. SSL 3.0 is used whenever OpenFlow or Web Management (https) is configured.
February 27, 2015
Applicable To The Following Products
This is here to prevent you from accidentally submitting twice.