Please login or register. November 20, 2019, 06:19:36 AM

Author Topic: TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730)  (Read 4660 times)

0 Members and 1 Guest are viewing this topic.


  • Administrator
  • Hero Member
  • *****
  • Posts: 1179
  • Karma: +0/-0
Security Bulletin
TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730)

Transport Layer Security (TLS) padding vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack affects IBM HTTP Server.
Workarounds and Mitigations
For all versions and releases of Apache based IBM HTTP server, IBM recommends enabling strict CBC padding enforcement. Add the following directive to the httpd.conf file to disable SSLv3 and SSLv2 for each context that contains "SSLEnable":

# Enable strict CBC padding
SSLAttributeSet 471 1

For full text see IBM bulletin
(or my copy here)