Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-1620

Опубликовано: 08 фев. 2013
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
Версия до 3.14.3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*
Конфигурация 4

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00593
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

ubuntu логотип

CVE-2013-1620

ubuntu
больше 12 лет назад

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

redhat логотип

CVE-2013-1620

redhat
больше 12 лет назад

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

debian логотип

CVE-2013-1620

debian
больше 12 лет назад

The TLS implementation in Mozilla Network Security Services (NSS) does ...

github логотип

GHSA-4pp6-m86c-j4gj

github
больше 3 лет назад

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

oracle-oval логотип

ELSA-2013-1144

oracle-oval
около 12 лет назад

ELSA-2013-1144: nss, nss-util, nss-softokn, and nspr security update (MODERATE)

EPSS

Процентиль: 68%
0.00593
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-203