Oval Definition:oval:org.cisecurity:def:308
Revision Date:2016-02-08Version:16
Title:HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description:The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-2808
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX03435
  • HP-UX B.11.31
  • AND filesets test
  • hpuxws22APACHE.APACHE version is less than B.2.2.29.02
  • OR hpuxws22APACHE.APACHE2 version is less than B.2.2.29.02
  • OR hpuxws22APACHE.AUTH_LDAP version is less than B.2.2.29.02
  • OR hpuxws22APACHE.AUTH_LDAP2 version is less than B.2.2.29.02
  • OR hpuxws22APACHE.MOD_JK version is less than B.2.2.29.02
  • OR hpuxws22APACHE.MOD_JK2 version is less than B.2.2.29.02
  • OR hpuxws22APACHE.MOD_PERL version is less than B.2.2.29.02
  • OR hpuxws22APACHE.MOD_PERL2 version is less than B.2.2.29.02
  • OR hpuxws22APACHE.PHP version is less than B.2.2.29.02
  • OR hpuxws22APACHE.PHP2 version is less than B.2.2.29.02
  • OR hpuxws22APACHE.WEBPROXY version is less than B.2.2.29.02
  • OR hpuxws22APACHE.WEBPROXY2 version is less than B.2.2.29.02
  • OR hpuxws22TOMCAT.TOMCAT version is less than C.6.0.43.01
  • OR Criteria meets HP Security Bulletin HPSBUX03435
  • HP-UX B.11.23
  • AND filesets tests
  • hpuxws22APACHE32.APACHE version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.APACHE2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.AUTH_LDAP version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.AUTH_LDAP2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.MOD_JK version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.MOD_JK2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.MOD_PERL version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.MOD_PERL2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.PHP version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.PHP2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.WEBPROXY version is less than B.2.2.15.18
  • OR hpuxws22APACHE32.WEBPROXY2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE.APACHE version is less than B.2.2.15.18
  • OR hpuxws22APACHE.APACHE2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE.AUTH_LDAP version is less than B.2.2.15.18
  • OR hpuxws22APACHE.AUTH_LDAP2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE.MOD_JK version is less than B.2.2.15.18
  • OR hpuxws22APACHE.MOD_JK2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE.MOD_PERL version is less than B.2.2.15.18
  • OR hpuxws22APACHE.MOD_PERL2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE.PHP version is less than B.2.2.15.18
  • OR hpuxws22APACHE.PHP2 version is less than B.2.2.15.18
  • OR hpuxws22APACHE.WEBPROXY version is less than B.2.2.15.18
  • OR hpuxws22APACHE.WEBPROXY2 version is less than B.2.2.15.18
  • OR hpuxws22TOMCAT.TOMCAT version is less than C.6.0.35.01
  • OR hpuxws22TOMCAT32.TOMCAT version is less than C.6.0.35.01
  • OR hpuxws22WEBMIN.HPDOCS version is less than A.1.070.13
  • OR hpuxws22WEBMIN.WEBMIN version is less than A.1.070.13
  • BACK