The SSL protocol 3.0 (SSLv3) uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack. This issue is also known as the "POODLE" vulnerability.
SSLv3 is an older security protocol with known issues, but still exists as a fallback protocol on many devices.
Vulnerable Products
- Pulse Policy Secure
- Pulse Connect Secure
Pulse Secure is continuing to investigate our product portfolio for affected software that is not mentioned above. As new information becomes available this document will be updated.
This issue has been assigned
CVE-2014-3566.