CVE-2013-0169

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-0169
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

2.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/ Third Party Advisory
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html Third Party Advisory
http://marc.info/?l=bugtraq&m=136396549913849&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=136432043316835&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=136439120408139&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=136733161405818&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=137545771702053&w=2 Third Party Advisory
http://openwall.com/lists/oss-security/2013/02/05/24 Mailing List
http://rhn.redhat.com/errata/RHSA-2013-0587.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0782.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0783.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0833.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1455.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1456.html Third Party Advisory
http://secunia.com/advisories/53623 Third Party Advisory
http://secunia.com/advisories/55108 Third Party Advisory
http://secunia.com/advisories/55139 Third Party Advisory
http://secunia.com/advisories/55322 Third Party Advisory
http://secunia.com/advisories/55350 Third Party Advisory
http://secunia.com/advisories/55351 Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-32.xml Third Party Advisory
http://support.apple.com/kb/HT5880 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21644047 Third Party Advisory
http://www.debian.org/security/2013/dsa-2621 Third Party Advisory
http://www.debian.org/security/2013/dsa-2622 Third Party Advisory
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf Third Party Advisory
http://www.kb.cert.org/vuls/id/737740 Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 Third Party Advisory
http://www.matrixssl.org/news.html Third Party Advisory
http://www.openssl.org/news/secadv_20130204.txt Vendor Advisory
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html Third Party Advisory
http://www.securityfocus.com/bid/57778 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029190 Third Party Advisory VDB Entry
http://www.splunk.com/view/SP-CAAAHXG Third Party Advisory
http://www.ubuntu.com/usn/USN-1735-1 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA13-051A.html Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841 Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016 Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424 Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540 Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608 Third Party Advisory
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released Vendor Advisory
https://puppet.com/security/cve/cve-2013-0169 Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001 Third Party Advisory
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*
History

12 May 2023, 12:58

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:openjdk:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:*		 cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*
cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*
Information

Published : 2013-02-08 19:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-0169

Mitre link : CVE-2013-0169

CVE.ORG link : CVE-2013-0169

JSON object : View

Products Affected

openssl

  • openssl

oracle

  • openjdk

polarssl

  • polarssl
CWE
CWE-310

Cryptographic Issues