Symptom
- The version of Tomcat provided by SAP BI 4.1 can fall back to SSL 3.0 when its Protocol option is set to "TLS"
- In the server.xml for Tomcat, TLS protocol is enabled by default.
- This can make connections with Web Application Server vulnerable to POODLE (also called POODLEBLEED) attacks.
Read more...
Environment
- SAP BusinessObjects Business Intelligence Platform (BI) 4.1.
- Tomcat 7.0
Product
SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.1
Keywords
BI, 4.x, 4.0, vulnerable, POODLE, Tomcat, attacks, CVE-2014-3566, tomcat7, PoodleBleed, TLS, SSL, server.xml, default, 41, 40, vulnerability, exploit, cve, 3566, 2014-3566 , KBA , bi4 , bi40 , bi41 , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , BI-BIP-INS , Installation, Updates, Upgrade, Patching , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.