---

The POODLE attack (which stands for Padding Oracle On Downgraded Legacy Encryption) is a man in the middle exploit which takes advantage of web browsers' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. The Google Security team released a vulnerability announcement for the SSLv3 protocol (nicknamed “POODLE”) on October 14, 2014.

Impact
This vulnerability allows the plaintext of secure connections to be calculated by a network attacker if he has an ability to intercept and manipulate the connections between two SSL 3.0 hosts. You can find more detailed information about the vulnerability report on Google’s Security Blog or CVE-2014-3566.

You can check if your website is vulnerable with curl:

curl -v3 -X HEAD https://www.example.com

If you are NOT vulnerable, your output should look something like this:

curl: (35) SSL connect error

If you ARE vulnerable, you will see normal connection outputs, potentially including the line:

SSL 3.0 connection using ...

You can also check at https://filippo.io/Heartbleed

Mitigation on CentOS

First step is to install the updates, you do this with the command:

yum update -y openssl

Mitigation on cPanel/WHM servers

/scripts/upcp 

Most useful articles

• 1. How do I Add an alias
  100%
• 2. VPS Hosting - Unable to open pty: No suc..
  100%
• 3. Adding Play List
  100%
• 4. PHP Web Hosting
  83%
• 5. Initial cPanel WHM Setup
  75%
• 6. Web Site Hosting
  67%
• 7. Introduction to Psybnc
  67%
• 8. Streaming to the server using SHOUTcast ..
  64%
• 9. What is Dedicated Server
  42%
• 10. Addon Domain
  40%

Popular articles

• 1. Setting Up Eggdrop
• 2. Using your Shell
• 3. What is IRCD
• 4. Introduction to Psybnc
• 5. Streaming to the server using SHOUTcast DSP Plugin for Winamp
• 6. What is Dedicated Server
• 7. Initial cPanel WHM Setup
• 8. Q & A for PLESK Control Panel
• 9. On Demand Streaming
• 10. Enhancing Your Eggdrop