CVE-2014-3566 relates to a flaw found in handling of padded bytes in SSL3.0 when using CBC mode for the encryption. The flaw may be exploited topermit a man-in-the-middle (MITM) attack. The attacker may be able todecrypt a selected byte of a cipher text in a limited number (256) ofattempts, by repeatedly requesting the victim to send the same data overmultiple SSLv3 connections.
The vulnerability exists in the protocol itself and not a specificimplementation of the protocol e.
Read More →