A vulnerability (CVE-2014-8730) was discovered where the “POODLE” attack has been repurposed to attack TLS. The “POODLE” attack originally identified in CVE-2014-3566 focused on the fact that SSLv3 doesn’t require it’s padding to be in any particular format (except for the last byte, the length), opening itself to attacks by active network attackers. However, even though TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS.
KEMP LoadMaster running version 7.1-20b or higher is not vulnerable to CVE-2014-8730.
However it is still important to mitigate the original “POODLE” attack with the steps outlined in.
Investigation on how to mitigate this vulnerability is ongoing for KEMP LoadMaster running versions 7.0-10.
For further information on this vulnerability please see
For additional information and alternative download versions please contact KEMP Support.
KEMP is committed to resolving security vulnerabilities carefully and quickly. If you think you have found a security flaw in a KEMP product, please send all supporting information to email@example.com .