My Oracle Support Banner

CVE-2014-3566 - Instructions to Mitigate the SSLv3 Vulnerability ("POODLE Attack") in Oracle E-Business Suite (Doc ID 1937646.1)

Last updated on MAY 08, 2018

Applies to:

Oracle E-Business Suite
Information in this document applies to any platform.

Purpose

This document provides instructions to resolve the SSL 3.0 security vulnerability (POODLE) referenced in CVE-2014-3566.

Scope

This document covers the required steps to disable SSL and enable TLS for all Oracle E-Business Suite products and core infrastructure components used by Oracle E-Business Suite. This document does not cover externally integrated products (for example, Oracle Access Manager, Oracle Web Cache) except where they require special configuration for Oracle E-Business Suite. 

It is important to monitor the Oracle Alert on the SSL V3.0 "POODLE" Vulnerability - CVE-2014-3566 (http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html) for information on all externally integrated products you use and to follow each product’s respective guidelines.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 Configuring the Oracle E-Business Suite Web Server (Oracle HTTP Server)
 Configuring the Oracle Database
 Configuring Product Specific Patches from Oracle E-Business Suite
 Configuring the OPMN Remote ONS Port
 Release-Specific Requirements
 Strong Cipher Configuration Instructions
 Notes
 Change Log
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.