!!! Overview
The [{$pagename}] attack [Exploits] a flaw that is specific to [SSLv3] with [CBC]-based [Cipher Suites]. 

[{$pagename}] relies on an often overlooked feature of [SSLv3]: most [Padding bit] are ignored. 

In [TLS 1.0], the [Padding bits] (bytes added in a record to make the length compatible with [CBC] [Encryption], which only processes full blocks) is fully specified; all the bytes must have a specific value and the recipient checks that. 

In [SSLv3], [Padding bits] contents are ignored, which allows an [attacker] to perform alterations that go mostly unnoticed. The alteration impact only non-applicative [data], but can be used as a [decryption] oracle in a way vaguely similar to [BEAST].

!! Resolution
The best Resolution we can find is to configure Servers to only allow [TLS 1.1] or [TLS 1.2].

There are some concerns of "older" devices, typically, smaller devices being able to support only [TLS 1.1] or [TLS 1.2]. Do your own due diligence.

!! More details can be read:
* [https://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability/70724#70724|https://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability/70724#70724|target='_blank']

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [How Does SSL TLS Work|https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work/20847#20847|target='_blank'] - based on information obtained 2015-03-15