Hewlett Packard Enterprise Product Security Vulnerability Alerts

FalseCONNECT Vulnerability (Multiple CVEs)

Version 2.0 :  Last Updated: January 5th, 2017

This website is updated frequently, as new product information becomes available.

On August 15th, 2016, a vulnerability was disclosed in certain web browsers, operating systems and software applications which respond to HTTP CONNECT requests via HTTP/1.0 407 Proxy Authentication Required responses. The vulnerability is referred to as “FalseCONNECT”. The flaw is in the implementation of the proxy authentication protocol which can allow an attacker on the network, man-in-the-middle (MITM), to listen to unencrypted proxy traffic messages sent to the local proxy. WebKit-based clients are vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally requested HTTPS domain.

Additional information about the vulnerability is available on the NIST website.

Usage Instructions and Definitions for CVE Vulnerability Information

Data

Definition

Product Family

High-level product description.

Product Name

Detailed product description.

CVE-XXXX

Indicates whether the specific product is affected by the cited vulnerability.

(Impacted Y/N)

Impacted

Indicates whether the specific product is directly affected by the cited vulnerability or is indirectly affected due to a dependence on a separate, embedded or associated product.

Direct/Indirect

If Impacted

Information regarding how to address a vulnerability.

Mitigation Info

Notes

Miscellaneous information regarding the vulnerability.

Link to Security Bulletin

Link to HPE's Security Bulletin

 

Use the following table to find vulnerability information.

Product Category

Product

Sub- Category

Product Name

HTTPoxy (impacted Y/N)

If Impacted - Mitigation

Link(s) to security bulletin (PSRT or Vendor)

CDI

Platform Software

Onboard Administrator(OA)

Yes

Under Investigation

 

Storage

StoreEasy

StoreEasy

Yes

Under Investigation

 

CDI

Converged Systems

HP Converged System 700 2.0 Foundation

Yes

Under Investigation

 

CDI

Converged Systems

HP Converged System 700 2.0 VMWare

Yes

Under Investigation

 

CDI

Converged Systems

HP ConvergedSystem 700X (727178-B21)

Yes

Under Investigation

 

CDI

Converged Systems

HP ConvergedSystem 700X for Microsoft (727177-B21)

Yes

Under Investigation

 

CDI

Converged Systems

HP ConvergedSystem 700X for Vmware (721223-B21)

Yes

Under Investigation

 

CDI

Converged Systems

HP ConvergedSystem 700X v1.1 Foundation Kit (J0H71A)

Yes

Under Investigation

 

CDI

Converged Systems

HP ConvergedSystem 700X v1.1 Microsoft Kit (J0H73A)

Yes

Under Investigation

 

CDI

Converged Systems

HP ConvergedSystem 700X v1.1 Vmware Kit (J0H72A)

Yes

Under Investigation

 

CDI

Converged Systems

HPE Converged Architecture 700

Yes

Under Investigation

 

Servers

Platform Software

HP OpenVMS

Yes

Under Investigation

 

CDI

Converged Systems

HP AppSystem for SAP HANA Scale Out 1.2

Yes

Under Investigation

 

CDI

Converged Systems

HP AppSystems for SAP HANA Scale-out Gen 1.0

Yes

Under Investigation

 

Servers

NonStop

NonStop Server for Java (32-bit)

Yes

Under Investigation

 

Servers

NonStop

NonStop Server for Java (64-bit)

Yes

Under Investigation

 

Servers

NonStop

Virtual TapeSystem (VTS)

Yes

Under Investigation

 

CDI

Converged Systems

HPE ConvergedSystem 700 2.0 Hyper-V

Yes

Under Investigation

 

Servers

HP-UX

HP-UX Java

Yes

Under Investigation

 

Software

Security Products

SecureMail Client (Voltage)

Yes

Under Investigation. Workaround: Upgrade to IOS 9.3.4 or later

 

Servers

NonStop

IOE Client Installer

Yes

Under Investigation

 

Servers

NonStop

NonStop Software Essentials Client

Yes

Under Investigation

 

Servers

NonStop

RMXCI installer

Yes

Under Investigation

 

Servers

NonStop

OSM Service Connection

Yes

Under Investigation

 

Servers

NonStop

NonStop Software Essentials client

Yes

Under Investigation

 

Servers

NonStop

NonStop Cluster Essentials client

Yes

Under Investigation

 

Servers

NonStop

NonStop I/O Essentials client

Yes

Under Investigation

 

Servers

NonStop

NonStop Samba SWAT client

Yes

Under Investigation

 

Servers

Platform Software

C-Track

Under Investigation

 

 

Servers

Platform Software

HP Insight Remote Support (V5 Client)

Under Investigation

 

 

Servers

Platform Software

HP Insight Remote Support (V7 Client)

Under Investigation

 

 

Servers

Platform Software

HPRC Client

Under Investigation

 

 

Servers

Platform Software

HPRC Upload Applet

Under Investigation

 

 

Servers

Platform Software

Instant Support Personal Edition (ISPE) Mobile App

Under Investigation

 

 

Servers

Non-HP OS

SUSE Linux Enterprise Server

Under Investigation

 

 

Servers

Non-HP OS

CentOS

Under Investigation

 

 

Servers

Non-HP OS

Citrix XenServer

Under Investigation

 

 

Servers

Non-HP OS

Debian

Under Investigation

 

 

Servers

Non-HP OS

Oracle Linux

Under Investigation

 

 

Servers

Non-HP OS

Red Hat Enterprise Linux

Under Investigation

 

 

Servers

Non-HP OS

Solaris

Under Investigation

 

 

Servers

Non-HP OS

Ubuntu

Under Investigation

 

 

Networking

H3C Network

Comware v5

Under Investigation

 

 

Networking

H3C Network

Comware v7

Under Investigation

 

 

Networking

H3C Network

Intelligent Management Center (IMC)

Under Investigation

 

 

Networking

H3C Network

SecBlade SSL VPN (Comware v3)

Under Investigation

 

 

Networking

H3C Network

Small Medium Business Solutions

Under Investigation

 

 

Networking

H3C Network

Unified Wireless Solutions (Comware V5)

Under Investigation

 

 

Networking

H3C Network

VoIP (VCX)

Under Investigation

 

 

Networking

H3C Network

vSwitch

Under Investigation

 

 

Networking

HPE Network

SDN Applications

Under Investigation

 

 

Networking

HPE Network

OA Service O/S (Used in the Advanced Services v2 zl Module with HDD and Advanced Services v2 zl Module with SSD)

Under Investigation

 

 

Networking

Network Security

Threat Management Services (TMS) zl Security Module

Under Investigation

 

 

CDI

Converged Systems

HP ConvergedSystem  500 for SAP HANA - Single-Node (Scale-up)

Under Investigation

 

 

CDI

Converged Systems

HP ConvergedSystem 500 for SAP HANA - Scale Out

Under Investigation

 

 

CDI

Converged Systems

HP ConvergedSystem 900 for SAP HANA - Scale Out (IVB only)

Under Investigation

 

 

CDI

Converged Systems

HP ConvergedSystem 900 for SAP HANA - Scale Up

Under Investigation

 

 

CDI

Converged Systems

HP AppSystems for SAP HANA Scale-up Gen 1.0

Under Investigation

 

 

Servers

HP-UX

HP-UX Firefox

Under Investigation

 

 

CDI

Converged Systems

HPE HC380 1.0

Under Investigation

 

 

CDI

Converged Systems

HPE HC380 1.0 U1

Under Investigation

 

 

CDI

Converged Systems

HPE HC380 1.1

Under Investigation

 

 

CDI

Converged Systems

HPE Hyper Converged 250 for Microsoft CPS

Under Investigation

 

 

CDI

Platform Software

HPE OneView for vRealize

Under Investigation

 

 

CDI

Converged Systems

HP ConvergedSystem 200-HC StoreVirtual System

Under Investigation

 

 

CDI

Converged Systems

HP ConvergedSystem 300 for Microsoft 1.1

Under Investigation

 

 

CDI

Platform Software

Insight Control server migration (SMP, V2V/P2P etc.))

No

 

 

CDI

Platform Software

Insight Control Virt/ Virt Machine Mgt (VMM)

No

 

 

CDI

Platform Software

Insight Orchestration

No

 

 

CDI

Platform Software

Matrix Recovery Management

No

 

 

CDI

Platform Software

MOE- global Workforce Load Manager ; gWLM

No

 

 

CDI

Platform Software

SPM (Storage) (SSI Plug-in)

No

 

 

CDI

Platform Software

System Management Homepage for Linux

No

 

 

CDI

Platform Software

System Management Homepage for Windows

No

 

 

CDI

Platform Software

VCEM SDK

No

 

 

CDI

Platform Software

LSM Adaptor

No

 

 

Servers

Platform Software

HP VMware WBEM Providers

No

 

 

Servers

Platform Software

HP VMware Utilities

No

 

 

Servers

Power

HP DF UPS MM, HP Direct Flow UPS Management Module

No

 

 

Servers

Platform Software

HP Intelligent Modular Power Distribution Unit/Kit

No

 

 

Servers

Platform Software

HP IP Console Switch, HP Server Console Switch

No

 

 

Servers

Platform Software

HP Managed PDU

No

 

 

Servers

Platform Software

HP Monitored PDU

No

 

 

Servers

Power

HP UPS Network Management Card

No

 

 

Servers

Power

HP UPS Power Protector Software

No

 

 

Servers

Apollo

Apollo 8000 System Manager

No

 

 

Servers

Platform Software

HP Modular Cooling System, HP MCS x00 Cooling Unit

No

 

 

Servers

HP-UX

HP-UX iCAP

No

 

 

Servers

HP-UX

HP-UX VirtProvider

No

 

 

Servers

HP-UX

HP-UX vmProvider

No

 

 

Servers

HP-UX

HP-UX VSMgr

No

 

 

Servers

Platform Software

Remote Device Access - Instant Customer Access Server (iCAS)

No

 

 

Servers

Platform Software

Remote Device Access - Virtual Customer Access System (vCAS)

No

 

 

Servers

Platform Software

HP Service Pack for ProLiant

No


N/A

 

Servers

Platform Software

Integrated Management Log Viewer for Windows

No

 

 

Servers

Platform Software

Management Controller Driver for Windows

No

 

 

Servers

Platform Software

HP Insight Management Agents (Linux)

No

 

 

Servers

Platform Software

HP ProLiant Solaris 11 Support Bundle

No

 

 

Servers

Platform Software

HP SNMP Agents for Citrix XenServer

No

 

 

Servers

Platform Software

HP System Management Homepage for Solaris 10 (x86[/x64]) Systems

No

 

 

Servers

Platform Software

Management Component Pack CD for dpkg-based distributions

No

 

 

Servers

Platform Software

Management Component Pack for Asianux 4 (i386 and x86_64)

No

 

 

Servers

Platform Software

Management Component Pack for CentOS 5 (i386 and x86_64)

No

 

 

Servers

Platform Software

Management Component Pack for CentOS 6 (i386 and x86_64)

No

 

 

Servers

Platform Software

Management Component Pack for CentOS 7

No

 

 

Servers

Platform Software

Management Component Pack for Oracle 5[.x] (i386 and x86_64)

No

 

 

Servers

Platform Software

Management Component Pack for Oracle 6.x (x86_64)

No

 

 

Servers

Platform Software

Management Component Pack for Oracle 7.x (x86_64)

No

 

 

Servers

Platform Software

ProLiant Support Pack for Asianux 3 (i386 and x86_64)

No

 

 

Servers

Platform Software

ProLiant Support Pack for Fedora 14 (i386 and x86_64)

No

 

 

Servers

Platform Software

ProLiant Support Pack for openSUSE 11.3 (i386 and x86_64)

No

 

 

Servers

Platform Software

Support Bundle for Oracle Solaris 10 (x86/x64) on ProLiant

No

 

 

Servers

Platform Software

Support Bundle for Oracle Solaris 10 1/13 (x86/x64) on ProLiant

No

 

 

Servers

Platform Software

HPAPM, HP Advanced Power Manager

No

 

 

Servers

Platform Software

SLAPM, HP ProLiant SL Advanced Power Manager

No

 

 

Moonshot

Software

HP ILO Chassis Mgr (Moonshot)

No

 

 

Servers

HP-UX

HP-UX HIDS

No

 

 

Servers

HP-UX

HP-UX OpenSSL

No

 

 

Servers

Platform Software

HP iLO Mobile Application

No

 

 

Servers

Platform Software

HP BladeSystem c-Class Virtual Connect Support Utility

No

 

 

Servers

Platform Software

HP Insight Management VCEM Web Client SDK

No

 

 

Servers

Platform Software

Virtual Connect

No

 

 

Servers

Platform Software

Virtual Connect Enterprise Manager

No

 

 

Servers

Platform Software

HP Integrated Lights Out (iLO)

No

 

 

Servers

Platform Software

HP SUM

No

 

 

Networking

HPE Network

MSM Wireless

No

 

 

Networking

HPE Network

PVOS Legacy

No

 

 

Networking

HPE Network

ProVision Switches

No

 

 

Networking

HPE Network

SDN Controller

No

 

 

Networking

HPE Network

Small Medium Buisness Solutions

No

 

 

Software

Security Products

Atalla NSP (Payments HSM)

No

 

 

Networking

Aruba Network

Airwave

No

 

 

Networking

Aruba Network

AOS

No

 

Networking

Aruba Network

ClearPass

No

 

 

Servers

Platform Software

HP Intelligent Provisioning

No

 

 

Servers

Platform Software

HP Agentless Mgmt Service for VMware

No

 

 

Storage

3PAR

3PAR

No

 

 

Servers

Integrity

HP Integrity CB900s i2 & i4 Superdome 2 Server

No

 

 

Servers

Integrity

HP Integrity cx2600, cx2620, BL60P, rx1600, rx1620, rx4640, rx5670,  rx2600,  rx2620, zx2000,  zx8000

No

 

 

Servers

Integrity

HP Integrity rx8640 Server; HP 9000 rp8420 Server; HP Integrity rx7640 Server; HP 9000 rp7420 Server

No

 

 

Servers

Integrity

HP Integrity Superdome X

No

 

 

Servers

Integrity

Integrity BL860c & BL870c

No

 

 

Servers

Integrity

Integrity BL8x0C i2 & i4

No

 

 

Servers

Integrity

Integrity rx2800 i2 &  i4

No

 

 

Servers

Integrity

Integrity rx6600, rx3600, rx2660

No

 

 

Servers

DL Platform

Proliant DL785

No

 

 

Servers

DL Platform

Proliant DL980 G7 Server

No

 

 

Servers

Platform Software

SD 2/SD X OA2

No

 

 

Servers

Superdome

SD 9000 Superdome OA

No

 

 

Servers

Platform Software

HP SUM ISO

No

 

 

Software

Security Products

SecureData (Voltage)

No

 

 

Software

Security Products

SecureMail (Voltage)

No

 

 

Servers

Platform Software

HP Insight Management Agents

No

 

 

Servers

Non-HP OS

HP SSL for OpenVMS

No

 

 

Servers

HP-UX

HP-UX KERNEL-PROVIDERS

No

 

 

Servers

HP-UX

HP-UX LVM Providers

No

 

 

Servers

HP-UX

HP-UX NParProvider

No

 

 

Servers

HP-UX

HP-UX NPartition

No

 

 

Servers

HP-UX

HP-UX olosProvider

No

 

 

Servers

HP-UX

HP-UX PartitionManager

No

 

 

Servers

HP-UX

HP-UX ProviderSvcsCore

No

 

 

Servers

HP-UX

HP-UX RAIDSA-PROVIDER

No

 

 

Servers

HP-UX

HP-UX SAS-PROVIDER

No

 

 

Servers

HP-UX

HP-UX SCSI-Provider

No

 

 

Servers

HP-UX

HP-UX SFM-CORE

No

 

 

Servers

HP-UX