HP Version Control Agent (VCA) Heartbeat Information Disclosure (Heartbleed)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains software that is affected by an information
disclosure vulnerability.

Description :

The RPM installation of HP Version Control Agent (VCA) on the remote
Linux host is version 7.2.2, 7.3.0, or 7.3.1. It is, therefore,
affected by an information disclosure vulnerability.

An out-of-bounds read error, known as the 'Heartbleed Bug', exists
related to handling TLS heartbeat extensions that could allow an
attacker to obtain sensitive information such as primary key material,
secondary key material, and other protected content.

See also :

http://www.nessus.org/u?d9ffb6dc
http://www.heartbleed.com
https://eprint.iacr.org/2014/140
https://www.openssl.org/news/vulnerabilities.html#2014-0160
https://www.openssl.org/news/secadv/20140407.txt

Solution :

Upgrade to VCA 7.3.2 or later.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 7.4
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 77023 ()

Bugtraq ID: 66690

CVE ID: CVE-2014-0160

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now