Chapter 3. Known Security Issues

The Poodle SSLv3 vulnerability is an issue with SSLv3 which could allow man-in-the-middle attacks. Red Hat has provided a description of the issue and its effect on some Red Hat proucts in this article POODLE: SSLv3 vulnerability (CVE-2014-3566).

The Poodle SSLv3 vulnerability will affect some of the components of Red Hat JBoss Fuse. The structure of the product offers some protection by providing a layer of abstraction. Red Hat JBoss Fuse will have the same protections in place as Red Hat JBoss Enterprise Application Platform. See the Red Hat JBoss Enterprise Application Platform section of the article mentioned above for links to how to disable SSLv3 for various products.

Note

Please note that some of the instructions in the article links are not available for Red Hat JBoss Fuse. The layers of abstraction in the product remove the ability to directly interact with some of the components. Contact the Red Hat helpdesk with specific queries regarding any Red Hat JBoss Fuse components that your company uses.

A best practice for maximum security is to adapt new product releases and product patches soon after they are made available. Please work with your operations team to implement this best practice.