The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Dec 2022, 17:30
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1135.html - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2014/Dec/23 - Mailing List, Third Party Advisory | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-201406-19.xml - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-1144.html - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/57777 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html - Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/534161/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/64758 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 - Third Party Advisory | |
References | (MISC) http://www.isg.rhul.ac.uk/tls/TLStiming.pdf - Technical Description, Third Party Advisory | |
References | (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2014-0012.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html - Broken Link | |
References | (MLIST) http://openwall.com/lists/oss-security/2013/02/05/24 - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html - Broken Link | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-1763-1 - Third Party Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:* cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:* cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* |
|
First Time |
Redhat enterprise Linux Eus
Canonical Oracle iplanet Web Proxy Server Oracle glassfish Communications Server Oracle traffic Director Canonical ubuntu Linux Oracle glassfish Server Oracle enterprise Manager Ops Center Redhat enterprise Linux Desktop Redhat Redhat enterprise Linux Server Oracle vm Server Oracle Redhat enterprise Linux Server Aus Redhat enterprise Linux Workstation Oracle iplanet Web Server Oracle opensso |
|
CWE | CWE-203 |
Information
Published : 2013-02-08 19:55
Updated : 2023-12-10 11:16
NVD link : CVE-2013-1620
Mitre link : CVE-2013-1620
CVE.ORG link : CVE-2013-1620
JSON object : View
Products Affected
oracle
- vm_server
- glassfish_server
- glassfish_communications_server
- traffic_director
- iplanet_web_server
- opensso
- enterprise_manager_ops_center
- iplanet_web_proxy_server
redhat
- enterprise_linux_server_aus
- enterprise_linux_desktop
- enterprise_linux_workstation
- enterprise_linux_eus
- enterprise_linux_server
canonical
- ubuntu_linux
mozilla
- network_security_services
CWE
CWE-203
Observable Discrepancy