session cookie data is copied to the end of the message.This vulnerability applies to all implementations of the SSLv3. If your web server does not permit SSL connections and only utilizes TLS (Transport Layer Security), you will not be affected as the connection cannot be downgraded from TLS to SSL if SSL is not available. POODLE affects older standards of encryption, specifically SSLv3. It does not affect the newer encryption mechanism, like the TLS.POODLE has raised concerns in organisations since unlike Heartbleed and Shell Shock, which targeted servers, POODLE targets clients and data on transit over a network a situation that leads to leakage of sensitive information to the wrong hands.As an administrator some of the solutions to this vulnerability are:
Disabling SSLv3 wherever possible
Apply patches and updates from vendors especially in cases where the SSLv3 cannot be disabled.
Deploying support for TLS Signalling Cipher Suite Value (SCSV). SCSV prevents downgrading or fall-back attacks to SSLv3 or earlier versions in case of a man-in-the-middle attack.
Disabling SSLv3 completely on both the server side and client side is the only sure way to deal with Man-in-the-middle attacks although doing so might cause problems to clients using SSLv3 on their browsers when accessing the servers.