Purpose

This document contains information about the SSL3.0 vulnerability CVE-2014-3566 and whether is affects Shavlik Products or infrastructure.

Details

The CVE-2014-3566 SSL 3.0 (POODLE) vulnerability does not affect Shavlik products or infrastructure directly.

The vulnerability is in the SSL 3.0 protocol.  If you disable this protocol on systems running Shavlik products you will effectively resolve the vulnerability.  Guidance on how to disable SSL 3.0 is available from OS and browser vendors.  Several are listed out inthis blog article.   Disabling SSL 3.0 on servers running web services in your environment will prevent exposure to those specific services.  You should also disable SSL 3.0 on client machines in your environment to protect them from connecting to services that are still exposed.  Again, documentation from Microsoft and other vendors describe how to do this at the OS and browser level. 

Finally, the Shavlik team has already taken steps to secure Shavlik content and cloud services to ensure that all web services hosting Shavlik content and resources are protected from this vulnerability.

Products

Protect 9.x

Shavlik Patch