OVAL Reference oval:org.mitre.oval:def:28720

Oval Definition:

oval:org.mitre.oval:def:28720

Revision Date:	2015-06-01	Version:	14
Title:	Vulnerability in IBM SDK Java JSSE affects AIX
Description:	GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
Family:	unix	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2015-0138
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis
platforms IBM AIX 6.1 is installed OR IBM AIX 7.1 is installed AND File Version Exists Java5.sdk less than 5.0.0.590 OR Java5_64.sdk less than 5.0.0.590 OR Java6.sdk less than 6.0.0.470 OR Java6_64.sdk less than 6.0.0.470 OR Java7.sdk less than 7.0.0.195 OR Java7_64.sdk less than 7.0.0.195 OR Java71.sdk less than 7.1.0.75 OR Java71_64.sdk less than 7.1.0.75