Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2013-216
HistoryAug 07, 2013 - 9:23 p.m.

Medium: nspr

2013-08-0721:23:00
alas.aws.amazon.com
16

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.069 Low

EPSS

Percentile

93.8%

JSON

Issue Overview:

It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-1620)

An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash. (CVE-2013-0791)

Affected Packages:

nspr

Issue Correction:
Run yum update nspr to update your system.

New Packages:

i686:  
    nspr-4.9.5-2.17.amzn1.i686  
    nspr-devel-4.9.5-2.17.amzn1.i686  
    nspr-debuginfo-4.9.5-2.17.amzn1.i686  
  
src:  
    nspr-4.9.5-2.17.amzn1.src  
  
x86_64:  
    nspr-devel-4.9.5-2.17.amzn1.x86_64  
    nspr-debuginfo-4.9.5-2.17.amzn1.x86_64  
    nspr-4.9.5-2.17.amzn1.x86_64

Additional References

Red Hat: CVE-2013-0791, CVE-2013-1620

Mitre: CVE-2013-0791, CVE-2013-1620

Related

nessus 55
openvas 87
centos 4
amazon 3
redhat 5
oraclelinux 2
veracode 6
securityvulns 3
fedora 10
ubuntu 4
mozilla 1
cve 2
ubuntucve 2
prion 2
debiancve 2
f5 2
suse 6
vmware 1
gentoo 1
freebsd 1
nessus
nessus
CentOS 5 : nss (CESA-2013:1135)
2013-08-06 00:00:00
Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20130805)
2013-08-06 00:00:00
Oracle Linux 6 : nspr / nss / nss-softokn / nss-util (ELSA-2013-1144)
2013-08-08 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2013-1135)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2013-1144)
2015-10-06 00:00:00
RedHat Update for nss, nss-util, nss-softokn, and nspr RHSA-2013:1144-01
2013-08-08 00:00:00
centos
centos
nspr, nss security update
2013-08-05 19:56:06
nspr, nss security update
2013-08-07 22:22:50
nspr, nss security update
2013-12-13 00:04:31
amazon
amazon
Medium: nss
2013-08-07 21:23:00
Important: nss
2013-12-17 21:31:00
Important: nspr
2013-12-17 21:31:00
redhat
redhat
(RHSA-2013:1135) Moderate: nss and nspr security, bug fix, and enhancement update
2013-08-05 00:00:00
(RHSA-2013:1144) Moderate: nss, nss-util, nss-softokn, and nspr security update
2013-08-07 00:00:00
(RHSA-2013:1181) Moderate: rhev-hypervisor6 security and bug fix update
2013-08-27 00:00:00
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2013-08-05 00:00:00
nss, nss-util, nss-softokn, and nspr security update
2013-08-07 00:00:00
veracode
veracode
Timing Side-Channel
2019-05-02 04:48:16
Denial Of Service (DoS)
2019-01-15 08:57:12
Denial Of Service
2019-01-15 08:52:48
securityvulns
securityvulns
Mozilla NSS library TLS timing attacks
2013-03-24 00:00:00
[USN-1763-1] NSS vulnerability
2013-03-24 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-04-03 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: nss-util-3.14.3-1.fc18
2013-02-28 07:04:40
[SECURITY] Fedora 17 Update: nss-3.14.3-1.fc17
2013-03-14 02:40:31
[SECURITY] Fedora 17 Update: nss-softokn-3.14.3-1.fc17
2013-03-14 02:40:31
ubuntu
ubuntu
NSS vulnerability
2013-03-14 00:00:00
Thunderbird vulnerabilities
2013-04-08 00:00:00
Firefox vulnerabilities
2013-04-04 00:00:00
mozilla
mozilla
Out-of-bounds array read in CERT_DecodeCertPackage — Mozilla
2013-04-02 00:00:00
cve
cve
CVE-2013-0791
2013-04-03 11:56:00
CVE-2013-1620
2013-02-08 19:55:00
ubuntucve
ubuntucve
CVE-2013-0791
2013-04-03 00:00:00
CVE-2013-1620
2013-02-08 00:00:00
prion
prion
Out-of-bounds
2013-04-03 11:56:00
Design/Logic Flaw
2013-02-08 19:55:00
debiancve
debiancve
CVE-2013-0791
2013-04-03 11:56:00
CVE-2013-1620
2013-02-08 19:55:00
f5
f5
SOL15630 - TLS in Mozilla NSS vulnerability CVE-2013-1620
2014-09-25 00:00:00
K15630 : TLS in Mozilla NSS vulnerability CVE-2013-1620
2015-09-17 00:00:00
suse
suse
Mozilla Firefox and others: Update to Firefox 20.0 release (important)
2013-04-05 15:06:14
Mozilla Firefox and others: Update to 20.0/17.0.5 releases (important)
2013-04-05 18:06:10
Security update for Mozilla Firefox (important)
2013-05-28 22:04:36
vmware
vmware
VMware ESX updates to third party libraries
2013-12-05 00:00:00
gentoo
gentoo
Mozilla Network Security Service: Multiple vulnerabilities
2014-06-21 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-04-02 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.069 Low

EPSS

Percentile

93.8%

JSON
Related for ALAS-2013-216
nessus55openvas87centos4amazon3redhat5oraclelinux2veracode6securityvulns3fedora10ubuntu4mozilla1cve2ubuntucve2prion2debiancve2f52suse6vmware1gentoo1freebsd1