LOW: SSL POODLE Report

DESCRIPTION LAST UPDATED:  2024-01-01

DEFAULT SEVERITY LEVEL: LOW

This report identifies hosts that allow the use of SSL v3.0 with cipher-block chaining (CBC) mode ciphers, which are vulnerable to the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack.

See US-CERT alert TA14-290A at: https://www.us-cert.gov/ncas/alerts/TA14-290A for more information on this vulnerability and exploit.

You can track SSL POODLE scan results on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page..

Filenames: scan_ssl_poodle, scan6_ssl_poodle

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • port
    Port that the SSL response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Report tag (SSL)
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • ssl_poodle
    If "Y", then the device completed an SSLv3 handshake that used CBC (Cipher-Block Chaining) CipherSuites, which is vulnerable to a POODLE attack
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","handshake","asn","geo","region","city","cipher_suite","ssl_poodle","cert_length","subject_common_name","issuer_common_name","cert_issue_date","cert_expiration_date","sha1_fingerprint","cert_serial_number","ssl_version","signature_algorithm","key_algorithm","subject_organization_name","subject_organization_unit_name","subject_country","subject_state_or_province_name","subject_locality_name","subject_street_address","subject_postal_code","subject_surname","subject_given_name","subject_email_address","subject_business_category","subject_serial_number","issuer_organization_name","issuer_organization_unit_name","issuer_country","issuer_state_or_province_name","issuer_locality_name","issuer_street_address","issuer_postal_code","issuer_surname","issuer_given_name","issuer_email_address","issuer_business_category","issuer_serial_number","naics","hostname_source","sector","sha256_fingerprint","sha512_fingerprint","md5_fingerprint","http_response_type","http_code","http_reason","content_type","http_connection","www_authenticate","set_cookie","server_type","content_length","transfer_encoding","http_date","cert_valid","self_signed","cert_expired","browser_trusted","validation_level","browser_error","tlsv13_support","tlsv13_cipher","raw_cert","raw_cert_chain","jarm","device_vendor","device_type","device_model","device_version","device_sector","page_sha256fp"
"2010-02-10 00:00:00",low,192.168.0.1,tcp,10443,node01.example.com,ssl;ssl-poodle,TLSv1.2,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,Y,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,2,sha256WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,ptr,,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,302,Found,,,,,,0,,"Wed, 10 Feb 2010 00:00:00 GMT",N,Y,Y,N,unknown,,N,,,,,,,,,,
"2010-02-10 00:00:01",low,192.168.0.2,tcp,10443,node02.example.com,ssl;ssl-poodle,TLSv1.0,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,Y,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,2,sha1WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,,,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,302,Found,,,,,ICG,,,"Wed, 10 Feb 2010 00:00:01 GMT",N,N,Y,N,unknown,,N,,,,,,,,,,
"2010-02-10 00:00:02",low,192.168.0.3,tcp,10443,node03.example.com,ssl;ssl-poodle;vpn,TLSv1.2,64512,ZZ,Region,City,TLS_AES_256_GCM_SHA384,Y,2048,example.com,example.com,"2012-11-14 11:18:27","2021-11-12 11:18:27",03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,B3F13DFBDBA2D8B2,2,sha1WithRSAEncryption,rsaEncryption,,,ZZ,,,,,,,,,,,,,,,,,,,,,,0,,"Communications, Service Provider, and Hosting Service",E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,HTTP/1.1,200,OK,text/html,,,,,131,,"Wed, 10 Feb 2010 00:00:02 GMT",N,Y,Y,N,unknown,,N,,,,,Fortinet,firewall,FortiGate,,enterprise,6e24d74ebc881e1e97331bb72d6edee8431485a8a0cafd7c4a913a3819817b84

Our 124 Report Types