Shopping Cart

No items
Security Updates -
0% 100%

The POODLE attack (which stands for Padding Oracle On Downgraded Legacy Encryption) is a man in the middle exploit which takes advantage of web browsers' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. The Google Security team released a vulnerability announcement for the SSLv3 protocol (nicknamed “POODLE”) on October 14, 2014.

This vulnerability allows the plaintext of secure connections to be calculated by a network attacker if he has an ability to intercept and manipulate the connections between two SSL 3.0 hosts. You can find more detailed information about the vulnerability report on Google’s Security Blog or CVE-2014-3566.

You can check if your website is vulnerable with curl:

curl -v3 -X HEAD

If you are NOT vulnerable, your output should look something like this:

curl: (35) SSL connect error

If you ARE vulnerable, you will see normal connection outputs, potentially including the line:

SSL 3.0 connection using ...

You can also check at

Mitigation on CentOS

First step is to install the updates, you do this with the command:

yum update -y openssl

Mitigation on cPanel/WHM servers