Security Updates -
The POODLE attack (which stands for Padding Oracle On Downgraded Legacy Encryption) is a man in the middle exploit which takes advantage of web browsers' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. The Google Security team released a vulnerability announcement for the SSLv3 protocol (nicknamed “POODLE”) on October 14, 2014.
This vulnerability allows the plaintext of secure connections to be calculated by a network attacker if he has an ability to intercept and manipulate the connections between two SSL 3.0 hosts. You can find more detailed information about the vulnerability report on Google’s Security Blog or CVE-2014-3566.
You can check if your website is vulnerable with curl:
curl -v3 -X HEAD https://www.example.com
If you are NOT vulnerable, your output should look something like this:
curl: (35) SSL connect error
If you ARE vulnerable, you will see normal connection outputs, potentially including the line:
SSL 3.0 connection using ...
You can also check at https://filippo.io/Heartbleed
Mitigation on CentOS
First step is to install the updates, you do this with the command:
yum update -y openssl
Mitigation on cPanel/WHM servers
Most useful articles
- 10. Addon Domain40%