The POODLE attack (Padding Oracle On Downgraded Legacy Encryption) will allows items such as “secure” HTTP cookies or HTTP Authorization header contents to be stolen from downgraded communications. If POODLE is used against SSL 3.0, there is no workaround or corrective action that will mitigate the attack. The only solution is to stop supporting SSL 3.0. Disabling SSL 3.0 can be done either at the server or the client (e.g., browser) side. Most server administrators should consider disabling SSL 3.0.