Oval Definition:	oval:com.ubuntu.xenial:def:2018123840000000
Revision Date: 2019-04-29 Version: 1 Title: CVE-2018-12384 on Ubuntu 16.04 LTS (xenial) - low. Description: When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. Family: unix Class: vulnerability Status: Reference(s): CVE-2018-12384 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND nss package in xenial was vulnerable but has been fixed (note: '2:3.28.4-0ubuntu0.16.04.4').
BACK