SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID: CVE-2013-0169
Description:
A weakness in the handling of CBC cipher suites in SSL, TLS and DTLS exploits timing differences arising during MAC processing. OpenSSL versions affected include 1.0.1c, 1.0.0j and 0.9.8x.
Note: This vulnerability is only partially mitigated when OpenSSL is used in conjunction with the OpenSSL FIPS Object Module and the FIPS mode of operation is enabled.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81902> for the current score. *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
IBM Rational Build Forge version 8.0 and all earlier versions.
Upgrade to Rational Build Forge Fix Pack 1 (8.0.0.1) for 8.0
None