Recently we have observed there was a possibility of these types of attacks in one of our client places.
POODLE stands for Padding Oracle on Downgraded Legacy Encryption. POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3. It does not affect the newer encryption mechanism known as Transport Layer Security (TLS).
Though TLS 1.2 is enabled if the server supports sslv3, there is a possibility of security risk, so it’s recommended to disable sslv3 and configure server only with the latest TLS versions (TLS1.1 or TLS1.2 preferably).
We can you IISCrypto tool to disable these ciphers. Please check for the article "Configuring Protocols, Ciphers or Hashes using IIS Crypto" in our knowledge base.
Vulnerability name that confirms the type of attack is POODLE attack are,
- sslv3-cve-2014-3566-poodle
- ssl-cve-2011-3389-beast
- sslv3-supported
Below link has more details on this,