Skip links

Fixing POODLE SSLv3.0 Vulnerability in AS Java, SAP security note 2094598

Description

An attacker can discover information related to SAP NetWeaver (NW) Application Server (AS) Java when using SSL 3.0 protocol.
Such information could allow the attacker to specialize attacks against AS Java.

As reported in CVE-2014-3566, a so called man-in-the-middle attack is possible, even if the newer protocol version TLS 1.0 is turned on or configured in addition to SSLv3.

Available fix and Supported packages

  • SAP-JEECOR | 7.00 | 7.00
  • SAP-JEECOR | 7.01 | 7.02
  • SAP J2EE ENGINE CORE 7.00 | SP026 | 000031
  • SAP J2EE ENGINE CORE 7.00 | SP027 | 000021
  • SAP J2EE ENGINE CORE 7.00 | SP028 | 000018
  • SAP J2EE ENGINE CORE 7.00 | SP029 | 000011
  • SAP J2EE ENGINE CORE 7.00 | SP030 | 000011
  • SAP J2EE ENGINE CORE 7.00 | SP031 | 000011
  • SAP J2EE ENGINE CORE 7.00 | SP032 | 000000
  • SAP J2EE ENGINE CORE 7.01 | SP011 | 000035
  • SAP J2EE ENGINE CORE 7.01 | SP012 | 000028
  • SAP J2EE ENGINE CORE 7.01 | SP013 | 000015
  • SAP J2EE ENGINE CORE 7.01 | SP014 | 000016
  • SAP J2EE ENGINE CORE 7.01 | SP015 | 000012
  • SAP J2EE ENGINE CORE 7.01 | SP016 | 000010
  • SAP J2EE ENGINE CORE 7.01 | SP017 | 000000
  • SAP J2EE ENGINE CORE 7.02 | SP010 | 000030
  • SAP J2EE ENGINE CORE 7.02 | SP011 | 000037
  • SAP J2EE ENGINE CORE 7.02 | SP012 | 000030
  • SAP J2EE ENGINE CORE 7.02 | SP013 | 000018
  • SAP J2EE ENGINE CORE 7.02 | SP014 | 000020
  • SAP J2EE ENGINE CORE 7.02 | SP015 | 000015

Affected component

    BC-JAS-SEC-CPG
    Cryptography

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2094598

TAGS

#Information-disclosure
#SSL-v3.0
#POODLE
#CVE-2014-3566