Oval Definition:oval:org.mitre.oval:def:19547
Revision Date:2015-04-20Version:28
Title:HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS), Authentication Bypass
Description:OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-4180
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02638
  • HP-UX B.11.11
  • AND filesets tests
  • openssl.OPENSSL-CER version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-CONF version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-DOC version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-INC version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-LIB version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-MAN version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-MIS version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-PRNG version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-PVT version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-RUN version is less than A.00.09.08q.001
  • OR openssl.OPENSSL-SRC version is less than A.00.09.08q.001
  • OR Criteria meets HP Security Bulletin HPSBUX02638
  • HP-UX B.11.23
  • AND filesets tests
  • openssl.OPENSSL-CER version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-CONF version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-DOC version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-INC version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-LIB version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-MAN version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-MIS version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-PRNG version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-PVT version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-RUN version is less than A.00.09.08q.002
  • OR openssl.OPENSSL-SRC version is less than A.00.09.08q.002
  • OR Criteria meets HP Security Bulletin HPSBUX02638
  • HP-UX B.11.31
  • AND filesets tests
  • openssl.OPENSSL-CER version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-CONF version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-DOC version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-INC version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-LIB version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-MAN version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-MIS version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-PRNG version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-PVT version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-RUN version is less than A.00.09.08q.003
  • OR openssl.OPENSSL-SRC version is less than A.00.09.08q.003
    • BACK