CVE-2015-2774

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to 18.0-rc1

Description The issue makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of the POODLE attack. This occurs because Erlang/OTP does not properly check CBC padding bytes when terminating connections.

Recommendations For versions prior to 18.0-rc1, update to version 18.0-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update can be applied.