OPERATIONAL DEFECT DATABASE
...
...
This article indicates that POODLE (CVE-2014-3566) cannot be used on TCP port 4172 (PCoIP Secure Gateway), and that PCI scans are detecting a false positive.
VMware Engineering has determined that POODLE cannot be used on port 4172. The scan is only detecting that SSLv3 is enabled on the port. PCI scans are detecting a false positive.
PCI scans detect the PCoIP Secure Gateway SSLv3 as an available encryption protocol. The PCoIP Secure Gateway can run on either a VMware Horizon View Security Server or VMware Horizon View Connection Server. The POODLE exploit depends on the SSLv3 client running a web browser with JavaScript enabled and a Man-In-The-Middle attacker. The Man-In-The-Middle sends a JavaScript block to the web browser that tricks it into performing a long series of SSLv3 connections that eventually expose the plain text. For more information, see the Teradici Knowledge Base article 2341. Note: The preceding link was correct as of December 27, 2014. If you find the link is broken, provide feedback and a VMware employee will update the link. To exploit vulnerability, you must have the capability to run the javascript in the browser and Man-in-the-Middle the connection between the client and server. For more information, see VMware Security & Compliance Blog. The only application capable of communicating over 4172 with the PCoIP Secure Gateway is the View Client. View Clients, either in their Software or in Hardware based forms, are not capable or running scripts of any kind such as JavaScript.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
