OVAL Reference oval:org.mitre.oval:def:22023

Oval Definition:

oval:org.mitre.oval:def:22023

Revision Date:	2015-04-20	Version:	24
Title:	HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions
Description:	The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
Family:	unix	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2009-0591
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis
Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.11 AND filesets tests fips_1_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.1.2.049 OR fips_1_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.1.2.049 OR fips_1_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.1.2.049 OR fips_1_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.1.2.049 OR fips_1_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.1.2.049 OR fips_1_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.1.2.049 OR fips_1_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.1.2.049 OR fips_1_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.1.2.049 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.11 AND filesets tests fips_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.2.001 OR fips_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.2.001 OR fips_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.2.001 OR fips_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.2.001 OR fips_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.2.001 OR fips_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.2.001 OR fips_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.2.001 OR fips_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.2.001 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.11 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.07m.049 OR openssl.OPENSSL-CONF version is less than A.00.09.07m.049 OR openssl.OPENSSL-DOC version is less than A.00.09.07m.049 OR openssl.OPENSSL-INC version is less than A.00.09.07m.049 OR openssl.OPENSSL-LIB version is less than A.00.09.07m.049 OR openssl.OPENSSL-MAN version is less than A.00.09.07m.049 OR openssl.OPENSSL-MIS version is less than A.00.09.07m.049 OR openssl.OPENSSL-PRNG version is less than A.00.09.07m.049 OR openssl.OPENSSL-PVT version is less than A.00.09.07m.049 OR openssl.OPENSSL-RUN version is less than A.00.09.07m.049 OR openssl.OPENSSL-SRC version is less than A.00.09.07m.049 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.23 AND filesets tests URL: version is less than FIPS-OPENSSL-1.1.2.050 OR fips_1_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.1.2.050 OR fips_1_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.1.2.050 OR fips_1_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.1.2.050 OR fips_1_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.1.2.050 OR fips_1_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.1.2.050 OR fips_1_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.1.2.050 OR fips_1_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.1.2.050 OR fips_1_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.1.2.050 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.23 AND filesets tests fips_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.2.002 OR fips_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.2.002 OR fips_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.2.002 OR fips_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.2.002 OR fips_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.2.002 OR fips_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.2.002 OR fips_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.2.002 OR fips_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.2.002 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.23 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.07m.050 OR openssl.OPENSSL-CONF version is less than A.00.09.07m.050 OR openssl.OPENSSL-DOC version is less than A.00.09.07m.050 OR openssl.OPENSSL-INC version is less than A.00.09.07m.050 OR openssl.OPENSSL-LIB version is less than A.00.09.07m.050 OR openssl.OPENSSL-MAN version is less than A.00.09.07m.050 OR openssl.OPENSSL-MIS version is less than A.00.09.07m.050 OR openssl.OPENSSL-PRNG version is less than A.00.09.07m.050 OR openssl.OPENSSL-PVT version is less than A.00.09.07m.050 OR openssl.OPENSSL-RUN version is less than A.00.09.07m.050 OR openssl.OPENSSL-SRC version is less than A.00.09.07m.050 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.31 AND filesets tests URL: version is less than FIPS-OPENSSL-1.1.2.051 OR fips_1_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.1.2.051 OR fips_1_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.1.2.051 OR fips_1_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.1.2.051 OR fips_1_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.1.2.051 OR fips_1_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.1.2.051 OR fips_1_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.1.2.051 OR fips_1_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.1.2.051 OR fips_1_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.1.2.051 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.31 AND filesets tests fips_1_2.FIPS-CONF version is less than FIPS-OPENSSL-1.2.003 OR fips_1_2.FIPS-DOC version is less than FIPS-OPENSSL-1.2.003 OR fips_1_2.FIPS-INC version is less than FIPS-OPENSSL-1.2.003 OR fips_1_2.FIPS-LIB version is less than FIPS-OPENSSL-1.2.003 OR fips_1_2.FIPS-MAN version is less than FIPS-OPENSSL-1.2.003 OR fips_1_2.FIPS-MIS version is less than FIPS-OPENSSL-1.2.003 OR fips_1_2.FIPS-RUN version is less than FIPS-OPENSSL-1.2.003 OR fips_1_2.FIPS-SRC version is less than FIPS-OPENSSL-1.2.003 OR Criteria meets HP Security Bulletin HPSBUX02435 HP-UX B.11.31 AND filesets tests openssl.OPENSSL-CER version is less than A.00.09.08k.003 OR openssl.OPENSSL-CONF version is less than A.00.09.08k.003 OR openssl.OPENSSL-DOC version is less than A.00.09.08k.003 OR openssl.OPENSSL-INC version is less than A.00.09.08k.003 OR openssl.OPENSSL-LIB version is less than A.00.09.08k.003 OR openssl.OPENSSL-MAN version is less than A.00.09.08k.003 OR openssl.OPENSSL-MIS version is less than A.00.09.08k.003 OR openssl.OPENSSL-PRNG version is less than A.00.09.08k.003 OR openssl.OPENSSL-PVT version is less than A.00.09.08k.003 OR openssl.OPENSSL-RUN version is less than A.00.09.08k.003 OR openssl.OPENSSL-SRC version is less than A.00.09.08k.003

BACK