CVE-2013-1620

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-1620
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html Broken Link
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html Broken Link
http://openwall.com/lists/oss-security/2013/02/05/24 Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1135.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1144.html Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23 Mailing List Third Party Advisory
http://security.gentoo.org/glsa/glsa-201406-19.xml Third Party Advisory
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf Technical Description Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/57777 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/64758 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1763-1 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*

Configuration 4 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
History

21 Dec 2022, 17:30

Type Values Removed Values Added
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1135.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1135.html - Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2014/Dec/23 - (FULLDISC) http://seclists.org/fulldisclosure/2014/Dec/23 - Mailing List, Third Party Advisory
References (GENTOO) http://security.gentoo.org/glsa/glsa-201406-19.xml - (GENTOO) http://security.gentoo.org/glsa/glsa-201406-19.xml - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1144.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1144.html - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/57777 - (BID) http://www.securityfocus.com/bid/57777 - Third Party Advisory, VDB Entry
References (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html - (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html - Third Party Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/534161/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/534161/100/0/threaded - Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/64758 - (BID) http://www.securityfocus.com/bid/64758 - Third Party Advisory, VDB Entry
References (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 - (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 - Third Party Advisory
References (MISC) http://www.isg.rhul.ac.uk/tls/TLStiming.pdf - (MISC) http://www.isg.rhul.ac.uk/tls/TLStiming.pdf - Technical Description, Third Party Advisory
References (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2014-0012.html - (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2014-0012.html - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html - (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - (CONFIRM) http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html - Broken Link
References (MLIST) http://openwall.com/lists/oss-security/2013/02/05/24 - (MLIST) http://openwall.com/lists/oss-security/2013/02/05/24 - Mailing List, Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html - Broken Link
References (UBUNTU) http://www.ubuntu.com/usn/USN-1763-1 - (UBUNTU) http://www.ubuntu.com/usn/USN-1763-1 - Third Party Advisory
CPE cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
First Time Redhat enterprise Linux Eus
Canonical
Oracle iplanet Web Proxy Server
Oracle glassfish Communications Server
Oracle traffic Director
Canonical ubuntu Linux
Oracle glassfish Server
Oracle enterprise Manager Ops Center
Redhat enterprise Linux Desktop
Redhat
Redhat enterprise Linux Server
Oracle vm Server
Oracle
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Workstation
Oracle iplanet Web Server
Oracle opensso
CWE CWE-310 CWE-203
Information

Published : 2013-02-08 19:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-1620

Mitre link : CVE-2013-1620

CVE.ORG link : CVE-2013-1620

JSON object : View

Products Affected

oracle

  • vm_server
  • glassfish_server
  • glassfish_communications_server
  • traffic_director
  • iplanet_web_server
  • opensso
  • enterprise_manager_ops_center
  • iplanet_web_proxy_server

redhat

  • enterprise_linux_server_aus
  • enterprise_linux_desktop
  • enterprise_linux_workstation
  • enterprise_linux_eus
  • enterprise_linux_server

canonical

  • ubuntu_linux

mozilla

  • network_security_services
CWE
CWE-203

Observable Discrepancy