Oval Definition:	oval:org.mitre.oval:def:29478
Revision Date: 2016-02-19 Version: 16 Title: HP-UX OpenSSL Vulnerability (DHE man-in-the-middle protection (Logjam)) Description: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-4000 Platform(s): HP-UX 11 Product(s): Definition Synopsis Criteria meets HP Security Bulletin HPSBUX03388 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-PVT version is less than A.01.00.01p OR openssl.OPENSSL-RUN version is less than A.01.00.01p OR openssl.OPENSSL-CER version is less than A.01.00.01p OR openssl.OPENSSL-CONF version is less than A.01.00.01p OR openssl.OPENSSL-DOC version is less than A.01.00.01p OR openssl.OPENSSL-INC version is less than A.01.00.01p OR openssl.OPENSSL-LIB version is less than A.01.00.01p OR openssl.OPENSSL-MAN version is less than A.01.00.01p OR openssl.OPENSSL-SRC version is less than A.01.00.01p OR openssl.OPENSSL-MIS version is less than A.01.00.01p OR openssl.OPENSSL-PRNG version is less than A.01.00.01p
BACK