Lucene search

[email protected]NVD:CVE-2013-1620

HistoryFeb 08, 2013 - 7:55 p.m.

CVE-2013-1620

2013-02-0819:55:01

CWE-203

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.005

Percentile

77.6%

JSON

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected configurations

Nvd

Node

mozillanetwork_security_servicesRange<3.14.3

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch12.10

Node

oracleenterprise_manager_ops_centerMatch11.1

oracleenterprise_manager_ops_centerMatch12.1

oracleenterprise_manager_ops_centerMatch12.2

oracleglassfish_communications_serverMatch2.0

oracleglassfish_serverMatch2.1.1

oracleiplanet_web_proxy_serverMatch4.0

oracleiplanet_web_serverMatch6.1

oracleiplanet_web_serverMatch7.0

oracleopenssoMatch3.0-03

oracletraffic_directorMatch11.1.1.6.0

oracletraffic_directorMatch11.1.1.7.0

oraclevm_serverMatch3.2x86

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch5.9

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch5.9

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

VendorProductVersionCPE
mozillanetwork_security_services*cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
canonicalubuntu_linux12.10cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
oracleenterprise_manager_ops_center11.1cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*
oracleenterprise_manager_ops_center12.1cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*
oracleenterprise_manager_ops_center12.2cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*
oracleglassfish_communications_server2.0cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*
oracleglassfish_server2.1.1cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	network_security_services	*	cpe:2.3:a:mozilla:network_security_services::::::::
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
canonical	ubuntu_linux	11.10	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
canonical	ubuntu_linux	12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
oracle	enterprise_manager_ops_center	11.1	cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:::::::*
oracle	enterprise_manager_ops_center	12.1	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:::::::*
oracle	enterprise_manager_ops_center	12.2	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:::::::*
oracle	glassfish_communications_server	2.0	cpe:2.3:a:oracle:glassfish_communications_server:2.0:::::::*
oracle	glassfish_server	2.1.1	cpe:2.3:a:oracle:glassfish_server:2.1.1:::::::*