- As reported in CVE-2014-3566, the use of the SSLv3.0 protocol in SSL-encrypted client server communication, where the SSL client is a web browser, is susceptible to padding-oracle attack. The Padding Oracle On Downgraded Legacy Encryption (POODLE) attack exploits this vulnerability to obtain cleartext data.
- When acting as an SSL server, the Netweaver AS Java supports the use of SSLv3.0 for backward compatibility reasons.
- You would like to ensure that your Netweaver AS Java 6.40 - 7.0x is not susceptible to the aforementioned vulnerability
- SAP NetWeaver 7.0
- SAP enhancement package 1 for SAP NetWeaver 7.0
- SAP enhancement package 2 for SAP NetWeaver 7.0
- SAP Netweaver 2004
SAP NetWeaver Application Server 7.0
Disabling SSLv3.0 in Netweaver AS Java not susceptible to the aforementioned vulnerability , KBA , BC-JAS-SEC-CPG , Cryptography , How To
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.