4.3
CVE-2013-1620
- EPSS 3.72%
- Veröffentlicht 08.02.2013 19:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Network Security Services Version < 3.14.3
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version12.10
Oracle ≫ Enterprise Manager Ops Center Version11.1
Oracle ≫ Enterprise Manager Ops Center Version12.1
Oracle ≫ Enterprise Manager Ops Center Version12.2
Oracle ≫ Glassfish Communications Server Version2.0
Oracle ≫ Glassfish Server Version2.1.1
Oracle ≫ Iplanet Web Proxy Server Version4.0
Oracle ≫ Iplanet Web Server Version6.1
Oracle ≫ Iplanet Web Server Version7.0
Oracle ≫ Traffic Director Version11.1.1.6.0
Oracle ≫ Traffic Director Version11.1.1.7.0
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version5.9
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Aus Version5.9
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.72% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://www.securityfocus.com/bid/64758
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://openwall.com/lists/oss-security/2013/02/05/24
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
http://rhn.redhat.com/errata/RHSA-2013-1135.html
http://rhn.redhat.com/errata/RHSA-2013-1144.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://security.gentoo.org/glsa/glsa-201406-19.xml
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/57777
http://www.ubuntu.com/usn/USN-1763-1
http://www.vmware.com/security/advisories/VMSA-2014-0012.html