Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.4 views

bouncycastle: TLS CBC padding timing attack

It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

4CVSS7.3AI score0.02972EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/05/01 5:59 p.m.7 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/03/04 9:5 p.m.6 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/02/20 11:6 a.m.4 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2013/02/13 12:0 a.m.37 views

Debian Security Advisory DSA 2621-1 (openssl - several vulnerabilities)

Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an inval...

5CVSS0.2AI score0.35584EPSS
Exploits1References1
Rows per page
Query Builder