/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- As reported in CVE-2014-3566, the use of the SSLv3.0 protocol in SSL-encrypted client server communication, where the SSL client is a web browser, is susceptible to padding-oracle attack. The Padding Oracle On Downgraded Legacy Encryption (POODLE) attack exploits this vulnerability to obtain cleartext data.
- When acting as an SSL server, the Netweaver AS Java supports the use of SSLv3.0 for backward compatibility reasons.
- You would like to ensure that your Netweaver AS Java 6.40 - 7.0x is not susceptible to the aforementioned vulnerability
Read more...
Environment
- SAP NetWeaver 7.0
- SAP enhancement package 1 for SAP NetWeaver 7.0
- SAP enhancement package 2 for SAP NetWeaver 7.0
- SAP Netweaver 2004
Product
SAP NetWeaver Application Server 7.0
Keywords
Disabling SSLv3.0 in Netweaver AS Java not susceptible to the aforementioned vulnerability , KBA , BC-JAS-SEC-CPG , Cryptography , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)