OVAL Reference oval:org.mitre.oval:def:18841

Oval Definition:

oval:org.mitre.oval:def:18841

Revision Date:	2015-04-20	Version:	29
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description:	The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:	unix	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2013-0169
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis
Criteria meets HP Security Bulletin HPSBUX02856 HP-UX B.11.11 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.001 OR openssl.OPENSSL-CONF version is less than A.00.09.08y.001 OR openssl.OPENSSL-DOC version is less than A.00.09.08y.001 OR openssl.OPENSSL-INC version is less than A.00.09.08y.001 OR openssl.OPENSSL-LIB version is less than A.00.09.08y.001 OR openssl.OPENSSL-MAN version is less than A.00.09.08y.001 OR openssl.OPENSSL-MIS version is less than A.00.09.08y.001 OR openssl.OPENSSL-PRNG version is less than A.00.09.08y.001 OR openssl.OPENSSL-PVT version is less than A.00.09.08y.001 OR openssl.OPENSSL-RUN version is less than A.00.09.08y.001 OR openssl.OPENSSL-SRC version is less than A.00.09.08y.001 OR Criteria meets HP Security Bulletin HPSBUX02856 HP-UX B.11.23 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.002 OR openssl.OPENSSL-CONF version is less than A.00.09.08y.002 OR openssl.OPENSSL-DOC version is less than A.00.09.08y.002 OR openssl.OPENSSL-INC version is less than A.00.09.08y.002 OR openssl.OPENSSL-LIB version is less than A.00.09.08y.002 OR openssl.OPENSSL-MAN version is less than A.00.09.08y.002 OR openssl.OPENSSL-MIS version is less than A.00.09.08y.002 OR openssl.OPENSSL-PRNG version is less than A.00.09.08y.002 OR openssl.OPENSSL-PVT version is less than A.00.09.08y.002 OR openssl.OPENSSL-RUN version is less than A.00.09.08y.002 OR openssl.OPENSSL-SRC version is less than A.00.09.08y.002 OR Criteria meets HP Security Bulletin HPSBUX02856 HP-UX B.11.31 AND filesets test openssl.OPENSSL-CER version is less than A.00.09.08y.003 OR openssl.OPENSSL-CONF version is less than A.00.09.08y.003 OR openssl.OPENSSL-DOC version is less than A.00.09.08y.003 OR openssl.OPENSSL-INC version is less than A.00.09.08y.003 OR openssl.OPENSSL-LIB version is less than A.00.09.08y.003 OR openssl.OPENSSL-MAN version is less than A.00.09.08y.003 OR openssl.OPENSSL-MIS version is less than A.00.09.08y.003 OR openssl.OPENSSL-PRNG version is less than A.00.09.08y.003 OR openssl.OPENSSL-PVT version is less than A.00.09.08y.003 OR openssl.OPENSSL-RUN version is less than A.00.09.08y.003 OR openssl.OPENSSL-SRC version is less than A.00.09.08y.003

BACK