TIBCO eFTL and the POODLE Vulnerability
Article ID: KB0093156
Updated On:
| Products | Versions |
|---|---|
| TIBCO eFTL | - |
| Not Applicable | - |
Description
Description:
eFTL is vulnerable to the POODLE attack when used with the JavaScript client via a web
browser or node.js. Since the JavaScript client uses the underlying environment’s SSL
implementation, any vulnerabilities in that environment will apply to communications with the
eFTL server.
This will be addressed in eFTL 1.1.1 by disabling SSLv3 in the server. This fix will
be effective even with older versions of the client. As long as the server is version 1.1.1 or
newer, the connections will be secure against the POODLE attack.
eFTL is vulnerable to the POODLE attack when used with the JavaScript client via a web
browser or node.js. Since the JavaScript client uses the underlying environment’s SSL
implementation, any vulnerabilities in that environment will apply to communications with the
eFTL server.
This will be addressed in eFTL 1.1.1 by disabling SSLv3 in the server. This fix will
be effective even with older versions of the client. As long as the server is version 1.1.1 or
newer, the connections will be secure against the POODLE attack.
Issue/Introduction
TIBCO eFTL and the POODLE Vulnerability
Feedback
Yes
No
Powered by
