XOS patch 1.8 affected by CVE-2014-3566 and CVE-2004-0230?

HI, Our customer uses XOS patch 1.8 and during the test he found out that it may be affected by CVE-2014-3566 ( poodle ) and DOS CVE-2004-0230. Extreme page says about poodle that XOS version higher than 15.3 is patched , however SSL v3 is stil availble there , am i right ? How to deactiavte SSLv3 on this version and use TLS 1.1 or higher ?

Can you elabore more on SSLv3 ?

What about the other CVE-2004 -0230, does it affect them ?


2 replies

Userlevel 3
Please open a new GTAC case for this inquiry. Also, in case description can you please clarify what are the test performed with steps and attach the copy of the outputs in the case notes which causes concern.
Userlevel 3
Potential Vulnerability - CVE-2014-3566 aka POODLE SSL protocol 3.0 can be tracked using CR# xos0058527.

Fixed in following EXOS version: