This vulnerability may allow an attacker who is already man-in-the-middle (at the network level) to decrypt the static data from an SSL communication between the victim user and a vulnerable server. The attacker will probably try to obtain the HTTP cookies or other static data. For that, he needs to convince both the victim's browser and the server to speak SSLv3 and to use a vulnerable cipher (in Cipher Block Chaining mode). This could be done by forcing a downgrade during the SSL/TLS negociation.
When a vulnerable server is found, the tool displays the actual SSLv3 CBC cipher supported.
How it works
The scanner first tries to determine which hosts from the target range have the specified port open and then it tries to probe for the SSLv3 POODLE vulnerability.
The vulnerability is discovered by trying to negociate with the server an SSLv3 connection with a vulnerable CBC cipher. If the negociation succeeds, the host is declared vulnerable.