October's POODLE attack affected CBC-mode cipher suites in SSLv3 due to SSLv3's under-specification of the contents of the CBC padding bytes. Since SSLv3 didn't say what the padding bytes should be, implementations couldn't check them and that opened SSLv3 up to an oracle attack.
more here.........https://www.imperialviolet.org/2014/12/08/poodleagain.html
more here.........https://www.imperialviolet.org/2014/12/08/poodleagain.html