Create CVE-2015-2774.yml

Author: codelion

Diff for: Erlang/CVE-2015-2774.yml

@@ -0,0 +1,13 @@
+---
+type: runtime
+cve: CVE-2015-2774
+url: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2774
+title: Padding-oracle Attack
+date: 2016-07-04
+description: >
+	Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, 
+  which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle
+  attack, a variant of CVE-2014-3566 (aka POODLE). 
+cvss_v2: 4.3
+patched_versions:
+  - ">= OTP 18.0-rc1"