2.6

CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version >= 0.9.8 <= 0.9.8x
OpenSSLOpenSSL Version >= 1.0.0 <= 1.0.0j
OpenSSLOpenSSL Version >= 1.0.1 <= 1.0.1d
OracleOpenjdk Version1.6.0 Update-
OracleOpenjdk Version1.6.0 Updateupdate1
OracleOpenjdk Version1.6.0 Updateupdate10
OracleOpenjdk Version1.6.0 Updateupdate11
OracleOpenjdk Version1.6.0 Updateupdate12
OracleOpenjdk Version1.6.0 Updateupdate13
OracleOpenjdk Version1.6.0 Updateupdate14
OracleOpenjdk Version1.6.0 Updateupdate15
OracleOpenjdk Version1.6.0 Updateupdate16
OracleOpenjdk Version1.6.0 Updateupdate17
OracleOpenjdk Version1.6.0 Updateupdate18
OracleOpenjdk Version1.6.0 Updateupdate19
OracleOpenjdk Version1.6.0 Updateupdate2
OracleOpenjdk Version1.6.0 Updateupdate20
OracleOpenjdk Version1.6.0 Updateupdate21
OracleOpenjdk Version1.6.0 Updateupdate22
OracleOpenjdk Version1.6.0 Updateupdate23
OracleOpenjdk Version1.6.0 Updateupdate24
OracleOpenjdk Version1.6.0 Updateupdate25
OracleOpenjdk Version1.6.0 Updateupdate26
OracleOpenjdk Version1.6.0 Updateupdate27
OracleOpenjdk Version1.6.0 Updateupdate29
OracleOpenjdk Version1.6.0 Updateupdate3
OracleOpenjdk Version1.6.0 Updateupdate30
OracleOpenjdk Version1.6.0 Updateupdate31
OracleOpenjdk Version1.6.0 Updateupdate32
OracleOpenjdk Version1.6.0 Updateupdate33
OracleOpenjdk Version1.6.0 Updateupdate34
OracleOpenjdk Version1.6.0 Updateupdate35
OracleOpenjdk Version1.6.0 Updateupdate37
OracleOpenjdk Version1.6.0 Updateupdate38
OracleOpenjdk Version1.6.0 Updateupdate4
OracleOpenjdk Version1.6.0 Updateupdate5
OracleOpenjdk Version1.6.0 Updateupdate6
OracleOpenjdk Version1.6.0 Updateupdate7
OracleOpenjdk Version1.7.0 Update-
OracleOpenjdk Version1.7.0 Updateupdate1
OracleOpenjdk Version1.7.0 Updateupdate10
OracleOpenjdk Version1.7.0 Updateupdate11
OracleOpenjdk Version1.7.0 Updateupdate13
OracleOpenjdk Version1.7.0 Updateupdate2
OracleOpenjdk Version1.7.0 Updateupdate3
OracleOpenjdk Version1.7.0 Updateupdate4
OracleOpenjdk Version1.7.0 Updateupdate5
OracleOpenjdk Version1.7.0 Updateupdate6
OracleOpenjdk Version1.7.0 Updateupdate7
OracleOpenjdk Version1.7.0 Updateupdate9
PolarsslPolarssl Version0.10.0
PolarsslPolarssl Version0.10.1
PolarsslPolarssl Version0.11.0
PolarsslPolarssl Version0.11.1
PolarsslPolarssl Version0.12.0
PolarsslPolarssl Version0.12.1
PolarsslPolarssl Version0.13.1
PolarsslPolarssl Version0.14.0
PolarsslPolarssl Version0.14.2
PolarsslPolarssl Version0.14.3
PolarsslPolarssl Version0.99 Updatepre1
PolarsslPolarssl Version0.99 Updatepre3
PolarsslPolarssl Version0.99 Updatepre4
PolarsslPolarssl Version0.99 Updatepre5
PolarsslPolarssl Version1.0.0
PolarsslPolarssl Version1.1.0
PolarsslPolarssl Version1.1.0 Updaterc0
PolarsslPolarssl Version1.1.0 Updaterc1
PolarsslPolarssl Version1.1.1
PolarsslPolarssl Version1.1.2
PolarsslPolarssl Version1.1.3
PolarsslPolarssl Version1.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 35.58% 0.983
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory
http://www.kb.cert.org/vuls/id/737740
Third Party Advisory
US Government Resource
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Third Party Advisory
http://secunia.com/advisories/55322
Third Party Advisory
http://secunia.com/advisories/55350
Third Party Advisory
http://secunia.com/advisories/55351
Third Party Advisory
http://www.securitytracker.com/id/1029190
Third Party Advisory
VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
Third Party Advisory
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT5880
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1456.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=136432043316835&w=2
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0587.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Third Party Advisory
http://marc.info/?l=bugtraq&m=136439120408139&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=136733161405818&w=2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0833.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=137545771702053&w=2
Third Party Advisory
http://secunia.com/advisories/55108
Third Party Advisory
http://secunia.com/advisories/55139
Third Party Advisory
http://www.openssl.org/news/secadv_20130204.txt
Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=136396549913849&w=2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0782.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0783.html
Third Party Advisory
http://secunia.com/advisories/53623
Third Party Advisory
http://www.debian.org/security/2013/dsa-2621
Third Party Advisory
http://www.splunk.com/view/SP-CAAAHXG
Third Party Advisory
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html
Third Party Advisory
http://openwall.com/lists/oss-security/2013/02/05/24
Mailing List
http://www.debian.org/security/2013/dsa-2622
Third Party Advisory
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Third Party Advisory
http://www.matrixssl.org/news.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
Third Party Advisory
http://www.securityfocus.com/bid/57778
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1735-1
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA13-051A.html
Third Party Advisory
US Government Resource
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608
Third Party Advisory
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
Vendor Advisory
https://puppet.com/security/cve/cve-2013-0169
Third Party Advisory
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
Third Party Advisory