Poodle fix – Apache/IHS

Updated on:

Overview

POODLE  is an security vulnerability in SSLv3 discovered by Google. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. All the websites supporting SSLv3 is vulnerable to POODLE, even if it also supports more recent versions of TLS. Using POODLE a hacker run Man-in-the-middle attacks attacks in your network stream and can steal secure HTTP cookies.

SSL v2 & v3 has many security flaws, and if you are working towards penetration test or PCI compliance, then you are expected to close security finding to disable SSL v2/v3.

Any SSL v2/v3 communication may be vulnerable to a Man-in-The-Middle attack that could allow data tampering or disclosure.

Let’s implement apache web server to accept only latest TLS and reject SSL v2/v3 connection request.

Implementation

  • Go to $Web_Server/conf folder
  • Modify SSLProtocol directive in httpd-ssl.conf as below to accept only TLS 1.0+

SSLProtocol –ALL +TLSv1 +TLSv1.1 +TLSv1.2

Restart Webserver.

More from Middleware Inventory

  • Apache Clickjack
    How to Disable the Weak Ciphers – Apache/IHS

    Overview SSL Cipher is an encryption algorithm, which is used as a key between two computers over the Internet. Data encryption is the process of converting plain text into secret ciphered codes. It’s based on your web server SSL Cipher configuration and strong protocol that allows data encryption to take…

  • Denial of Service or Slow Loris – Apache/IHS

    Overview A Slowloris or Slow HTTP DoS attack is a type of denial of service that can affect thread-based web servers such as Apache. This means that your Apache web servers for Faspex or Console are vulnerable to this attack (applications based on nginx, such as Shares, are safe). The attack exploits…

  • Disable WebServer Banner Apache/IHS

    Overview Don’t display or send Apache version (Set ServerTokens) By default, the server HTTP response header will contains apache and php version. Something similar to the following. This is harmful, as we don’t want an attacker to know about the specific version number. Apache can reveal information by default configuration,…

  • POODLE fix in Weblogic

    POODLE fix in Oracle weblogic server   Overview Newer versions of web browsers (e.g. Chrome) are now configured with policies which only allow websites or portal which enforce the strongest encryption technology to be viewed. SSL version 3 is no more secure due to POODLE attack. Most of the browser…

  • Cross Site Scripting Attack - Apache/IHS

    Overview   Cross Site Scripting (XSS) protection can be bypassed in many browsers. You can apply this protection for a web application if it was disabled by the user. This is used by a majority of giant web companies like Facebook, Twitter, Google, etc. Solution Go to $Web_Server/conf directory Open…