Lucene search

K
cve[email protected]CVE-2013-1620
HistoryFeb 08, 2013 - 7:55 p.m.

CVE-2013-1620

2013-02-0819:55:01
CWE-203
web.nvd.nist.gov
48
cve-2013-1620
mozilla
network security
nss
tls
timing side-channel attacks
mac check operation
cbc padding
remote attackers
statistical analysis
crafted packets
plaintext-recovery attacks
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.005

Percentile

77.3%

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected configurations

NVD
Node
mozillanetwork_security_servicesRange<3.14.3
Node
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch11.10
OR
canonicalubuntu_linuxMatch12.04-
OR
canonicalubuntu_linuxMatch12.10
Node
oracleenterprise_manager_ops_centerMatch11.1
OR
oracleenterprise_manager_ops_centerMatch12.1
OR
oracleenterprise_manager_ops_centerMatch12.2
OR
oracleglassfish_communications_serverMatch2.0
OR
oracleglassfish_serverMatch2.1.1
OR
oracleiplanet_web_proxy_serverMatch4.0
OR
oracleiplanet_web_serverMatch6.1
OR
oracleiplanet_web_serverMatch7.0
OR
oracleopenssoMatch3.0-03
OR
oracletraffic_directorMatch11.1.1.6.0
OR
oracletraffic_directorMatch11.1.1.7.0
OR
oraclevm_serverMatch3.2x86
Node
redhatenterprise_linux_desktopMatch5.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_eusMatch5.9
OR
redhatenterprise_linux_serverMatch5.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_server_ausMatch5.9
OR
redhatenterprise_linux_workstationMatch5.0
OR
redhatenterprise_linux_workstationMatch6.0

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.005

Percentile

77.3%