Similar to the previous POODLE vulnerability we wrote about two months ago is back and this time, it has the ability to affect even the newest version of the protocol. The new vulnerability is only estimated to affect under 10% of servers. The current POODLE attack can be executed with similar efficiency as POODLE with SSL 3.0, but has a much smaller number of potentially affected targets. Unlike the first POODLE, this new vulnerability is not due to a flaw in the protocol specification, but only in specific applications of it.
Because there is a smaller group of servers being affected, most of them will be patched by server administrators quickly in order to stave off any attempts at an attack.
If you have any questions about POODLE, or would like to know if you are protected please contact RedOrum today for assistance.