| Note |
|---|
Applies to VoipNow Proffessional Professional 2.5 and VoipNow Service Provider Edition 3.0.0 - 3.0.5! |
There seems to be a vulnerability in the SSLv3 protocol, which is described in in CVE-2014-3566 (short name 'POODLE'). All implementations of SSLv3 are affected.
This vulnerability allows a man-in-the-middle attacker to decrypt SSL traffic. More details can be found found here.
Step-by-step guide
To verify if you are vulnerable, please run:
curl -v3 -X HEAD HEAD https://www.example.com- If you see "
curl: (35) SSL connect error", then you are not vulnerable. If you have a normal SSL connection, this means you are vulnerable.
To avoid being exploited, please run:
wget wget https://raw.githubusercontent.com/4psa/voipnowpatches/master/sslpoodlefix.shsh sslpoodlefix.sh
Related articles
| Content by Label | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Page properties | ||
|---|---|---|
| ||
|
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.