Skip to main content
Delphix

CVE-2014-3566 Vulnerability Statement (TB018)

Alert Type

Security

Contributing Factors

The vulnerability affects Delphix releases prior to Delphix Engine 4.1.3, including:

  • Delphix Engine 2.6
  • Delphix Engine 2.7.0.0
  • Delphix Engine 2.7.1.0, 2.7.1.1, and 2.7.1.2
  • Delphix Engine 2.7.2.0
  • Delphix Engine 2.7.3.0 and 2.7.3.1
  • Delphix Engine 2.7.4.0
  • Delphix Engine 2.7.5.0
  • Delphix Engine 2.7.6.0
  • Delphix Engine 3.0.0.3 and 3.0.0.4
  • Delphix Engine 3.0.1.0, 3.0.1.2, and 3.0.1.3
  • Delphix Engine 3.0.2.0 and 3.0.2.1
  • Delphix Engine 3.0.3.0 and 3.0.3.1
  • Delphix Engine 3.0.4.0
  • Delphix Engine 3.0.5.0
  • Delphix Engine 3.1.0.1
  • Delphix Engine 3.1.1.0
  • Delphix Engine 3.1.2.0 and 3.1.2.1
  • Delphix Engine 3.1.3.0, 3.1.3.1, and 3.1.3.2
  • Delphix Engine 3.1.4.0
  • Delphix Engine 3.1.5.0
  • Delphix Engine 3.2.0.0
  • Delphix Engine 3.2.1.0
  • Delphix Engine 3.2.2.0 and 3.2.2.1
  • Delphix Engine 3.2.3.0 and 3.2.3.1
  • Delphix Engine 3.2.4.0, 3.2.4.1, and 3.2.4.2
  • Delphix Engine 3.2.5.0 and 3.2.5.1
  • Delphix Engine 3.2.6.0
  • Delphix Engine 3.2.7.0
  • Delphix Engine 4.0.0.0 and 4.0.0.1
  • Delphix Engine 4.0.1.0
  • Delphix Engine 4.0.2.0
  • Delphix Engine 4.0.3.0
  • Delphix Engine 4.0.4.0
  • Delphix Engine 4.0.5.0
  • Delphix Engine 4.0.6.0 and 4.0.6.1
  • Delphix Engine 4.1.0.0
  • Delphix Engine 4.1.1.0
  • Delphix Engine 4.1.2.0

Overview

Delphix has evaluated its Transport Layer Security (TLS) implementation in the Delphix Engine product and found that it is vulnerable to exploits that take advantage of TLS fail back to SSLv3.0.  The links in the "Additional Information" section contain further information about the potential exploit.  Exploiting this vulnerability is difficult and would generally require another successful intrusion, such as a man-in-the-middle (MITM) attack.  Because Delphix typically operates in environments where MITM attacks are difficult, this vulnerability is classified as a moderate-risk. 

Resolution

This vulnerability is fully resolved in Delphix Engine 4.1.3.0, and later releases. 

Additional Information

Google POODLE exploit description (external link)

United States Computer Emergency Readiness Team (CERT) Alert (TA14-290A) (external link)

National Vulnerability Database: CVE-2014-3566 (external link)