The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

References

openwall.com/lists/oss-security/2013/02/05/24

rhn.redhat.com/errata/RHSA-2014-0371.html

rhn.redhat.com/errata/RHSA-2014-0372.html

secunia.com/advisories/57716

secunia.com/advisories/57719

www.isg.rhul.ac.uk/tls/TLStiming.pdf

osv 4

ubuntucve 10

debiancve 5

prion 10

github 1

nvd 9

cve 10

ibm 25

nessus 35

cvelist 9

securityvulns 5

openvas 30

f5 11

veracode 3

openssl 2

slackware 1

hackerone 1

pentestpartners 1

centos 2

altlinux 5

suse 3

freebsd 1

fedora 2

amazon 2

oraclelinux 2

redhat 3

debian 1

alpinelinux 2

aix 2

freebsd_advisory 1

ubuntu 1

osv

Improper Input Validation in Bouncy Castle

2022-05-14 02:14:04

CVE-2016-2107

2016-05-05 01:59:00

openssl - several vulnerabilities

2013-02-13 00:00:00

ubuntucve

CVE-2013-1624

2013-02-08 00:00:00

CVE-2013-0169

2013-02-08 00:00:00

CVE-2013-1619

2013-02-08 00:00:00

debiancve

CVE-2013-1624

2013-02-08 19:55:01

CVE-2013-0169

2013-02-08 19:55:01

CVE-2013-1620

2013-02-08 19:55:01

prion

Design/Logic Flaw

2013-02-08 19:55:00

Design/Logic Flaw

2013-02-08 19:55:00

Design/Logic Flaw

2013-02-08 19:55:00

github

Improper Input Validation in Bouncy Castle

2022-05-14 02:14:04

nvd

CVE-2013-1624

2013-02-08 19:55:01

CVE-2013-0169

2013-02-08 19:55:01

CVE-2013-1621

2013-02-08 19:55:01

cve

CVE-2013-1624

2013-02-08 19:55:01

CVE-2013-0169

2013-02-08 19:55:01

CVE-2013-1623

2013-02-08 19:55:01

ibm

Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-0169)

2018-06-17 04:47:31

Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)

2018-06-17 04:48:04

Security Bulletin: Potential security vulnerabilities in WebSphere Partner Gateway Express for the Oracle CPU April 2013.

2022-09-25 21:06:56

nessus

Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure

2014-07-14 00:00:00

IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure

2014-08-11 00:00:00

F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190)

2014-10-10 00:00:00

cvelist

CVE-2013-0169

2013-02-08 19:00:00

CVE-2013-1620

2013-02-08 19:00:00

CVE-2016-2107

2016-05-05 00:00:00

securityvulns

ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability

2013-07-15 00:00:00

ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability

2013-07-15 00:00:00

ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities

2014-04-07 00:00:00

openvas

Slackware: Security Advisory (SSA:2013-042-01)

2022-04-21 00:00:00

OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Linux

2021-08-17 00:00:00

OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Windows

2021-08-17 00:00:00

K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169

2015-04-30 00:00:00

SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169

2013-02-08 00:00:00

K15637 : GnuTLS vulnerability CVE-2013-2116

2014-10-16 00:00:00

veracode

Timing Attacks

2017-02-10 05:59:15

Timing Side- Channel Attack

2019-01-15 08:52:54

Padding Oracle Attack

2017-01-27 03:10:31

openssl

Vulnerability in OpenSSL CVE-2013-0169

2013-02-04 00:00:00

Vulnerability in OpenSSL CVE-2016-2107

2016-05-03 00:00:00

slackware

openssl

2013-02-11 23:49:59

hackerone

Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com

2017-07-30 20:00:47

pentestpartners

Vulnerabilities that (mostly) aren’t: LUCKY13

2024-05-03 05:12:27

centos

java security update

2013-02-20 20:11:32

java security update

2013-02-20 20:33:43

altlinux

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1

2013-02-27 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1

2013-02-27 00:00:00

Security fix for the ALT Linux 7 package openssl10 version 1.0.0k-alt1

2013-02-27 00:00:00

suse

java-1_6_0-openjdk: update to icedtea 1.12.3 (important)

2013-03-01 18:04:30

Security update for Java (important)

2013-02-22 20:04:33

java-1_6_0-openjdk: update to icedtea 1.12.3 (important)

2013-03-01 17:04:41

freebsd

FreeBSD -- OpenSSL multiple vulnerabilities

2013-04-02 00:00:00

fedora

[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18

2013-04-03 04:51:11

[SECURITY] Fedora 18 Update: openssl-1.0.1e-3.fc18

2013-03-02 19:55:52

amazon

Critical: openssl

2014-04-07 17:26:00

Important: java-1.6.0-openjdk

2013-03-02 16:50:00

oraclelinux

java-1.6.0-openjdk security update

2013-02-20 00:00:00

java-1.6.0-openjdk security update

2013-02-20 00:00:00

redhat

(RHSA-2013:0783) Moderate: openssl security update

2013-05-01 17:58:17

(RHSA-2013:0273) Critical: java-1.6.0-openjdk security update

2013-02-20 00:00:00

(RHSA-2013:0274) Important: java-1.6.0-openjdk security update

2013-02-20 00:00:00

debian

[SECURITY] [DSA 2621-1] openssl security update

2013-02-13 20:07:41

alpinelinux

CVE-2018-0497

2018-07-28 17:29:00

CVE-2016-2107

2016-05-05 01:59:03

aix

Multiple OpenSSL vulnerabilities

2013-03-15 03:20:11

AIX OpenSSH Vulnerability

2013-04-08 15:19:58

freebsd_advisory

FreeBSD-SA-13:03.openssl

2013-04-02 00:00:00

ubuntu

OpenSSL regression

2013-02-28 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.7

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

Related for CVELIST:CVE-2013-1624