Lucene search

K
cveRedhatCVE-2013-0169
HistoryFeb 08, 2013 - 7:55 p.m.

CVE-2013-0169

2013-02-0819:55:01
CWE-310
redhat
web.nvd.nist.gov
8508
cve-2013-0169
timing side-channel attacks
tls protocol
dtls protocol
openssl
openjdk
polarssl
lucky thirteen issue

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.3%

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the “Lucky Thirteen” issue.

Affected configurations

Nvd
Node
opensslopensslRange0.9.80.9.8x
OR
opensslopensslRange1.0.01.0.0j
OR
opensslopensslRange1.0.11.0.1d
Node
oracleopenjdkMatch1.6.0-
OR
oracleopenjdkMatch1.6.0update1
OR
oracleopenjdkMatch1.6.0update10
OR
oracleopenjdkMatch1.6.0update11
OR
oracleopenjdkMatch1.6.0update12
OR
oracleopenjdkMatch1.6.0update13
OR
oracleopenjdkMatch1.6.0update14
OR
oracleopenjdkMatch1.6.0update15
OR
oracleopenjdkMatch1.6.0update16
OR
oracleopenjdkMatch1.6.0update17
OR
oracleopenjdkMatch1.6.0update18
OR
oracleopenjdkMatch1.6.0update19
OR
oracleopenjdkMatch1.6.0update2
OR
oracleopenjdkMatch1.6.0update20
OR
oracleopenjdkMatch1.6.0update21
OR
oracleopenjdkMatch1.6.0update22
OR
oracleopenjdkMatch1.6.0update23
OR
oracleopenjdkMatch1.6.0update24
OR
oracleopenjdkMatch1.6.0update25
OR
oracleopenjdkMatch1.6.0update26
OR
oracleopenjdkMatch1.6.0update27
OR
oracleopenjdkMatch1.6.0update29
OR
oracleopenjdkMatch1.6.0update3
OR
oracleopenjdkMatch1.6.0update30
OR
oracleopenjdkMatch1.6.0update31
OR
oracleopenjdkMatch1.6.0update32
OR
oracleopenjdkMatch1.6.0update33
OR
oracleopenjdkMatch1.6.0update34
OR
oracleopenjdkMatch1.6.0update35
OR
oracleopenjdkMatch1.6.0update37
OR
oracleopenjdkMatch1.6.0update38
OR
oracleopenjdkMatch1.6.0update4
OR
oracleopenjdkMatch1.6.0update5
OR
oracleopenjdkMatch1.6.0update6
OR
oracleopenjdkMatch1.6.0update7
OR
oracleopenjdkMatch1.7.0-
OR
oracleopenjdkMatch1.7.0update1
OR
oracleopenjdkMatch1.7.0update10
OR
oracleopenjdkMatch1.7.0update11
OR
oracleopenjdkMatch1.7.0update13
OR
oracleopenjdkMatch1.7.0update2
OR
oracleopenjdkMatch1.7.0update3
OR
oracleopenjdkMatch1.7.0update4
OR
oracleopenjdkMatch1.7.0update5
OR
oracleopenjdkMatch1.7.0update6
OR
oracleopenjdkMatch1.7.0update7
OR
oracleopenjdkMatch1.7.0update9
Node
polarsslpolarsslMatch0.10.0
OR
polarsslpolarsslMatch0.10.1
OR
polarsslpolarsslMatch0.11.0
OR
polarsslpolarsslMatch0.11.1
OR
polarsslpolarsslMatch0.12.0
OR
polarsslpolarsslMatch0.12.1
OR
polarsslpolarsslMatch0.13.1
OR
polarsslpolarsslMatch0.14.0
OR
polarsslpolarsslMatch0.14.2
OR
polarsslpolarsslMatch0.14.3
OR
polarsslpolarsslMatch0.99pre1
OR
polarsslpolarsslMatch0.99pre3
OR
polarsslpolarsslMatch0.99pre4
OR
polarsslpolarsslMatch0.99pre5
OR
polarsslpolarsslMatch1.0.0
OR
polarsslpolarsslMatch1.1.0
OR
polarsslpolarsslMatch1.1.0rc0
OR
polarsslpolarsslMatch1.1.0rc1
OR
polarsslpolarsslMatch1.1.1
OR
polarsslpolarsslMatch1.1.2
OR
polarsslpolarsslMatch1.1.3
OR
polarsslpolarsslMatch1.1.4
VendorProductVersionCPE
opensslopenssl*cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*
oracleopenjdk1.6.0cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*
Rows per page:
1-10 of 701

References

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.3%