Timing Side- Channel Attack

🗓️ 15 Jan 2019 08:52:54Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 35 Views

OpenSSL vulnerable to timing attacks due to lack of MAC address validation in CBC paddin

Reporter	Title	Published	Views	Family All 489
FreeBSD	OpenSSL -- TLS 1.1, 1.2 denial of service	5 Feb 201300:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM and QRadar Risk Manager can be affected by three vulnerabilities in the IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)	25 Sep 202223:13	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in IBM Rational ClearCase (GSKit component) with potential for TLS Attack (CVE-2013-0169)	10 Jul 201808:34	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server - IBM SDK for Java April 2013 CPU	26 Sep 202205:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Systems Director is affected by vulnerabilities in OpenSSL (CVE-2014-0224, CVE-2013-0169 and CVE-2014-3470)	31 Jan 201901:25	–	ibm
IBM Security Bulletins	Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0169)	17 Jun 201804:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QuickFile is affected by vulnerabilities that exist in the IBM Java SDK.	25 Sep 202223:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Express for UNIX is affected by multiple vulnerabilities in OpenSSL	24 Jul 202022:49	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server Community Edition 3.0.0.3 Oracle CPU April 2013	25 Sep 202221:06	–	ibm

Vulners

Node

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.10.1_1jpp.5.el6_2

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.4_1jpp.1.el5

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.9.1_1jpp.1.el5

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.8.1_1jpp.2.el5

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.9.1_1jpp.1.el6

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.10.1_1jpp.1.el5

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.3.2.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.5_2.2.1.el6_3.3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.5.3.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.3.el6_3.1

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.5_2.2.1.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.5.3.el5_9

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.4.el5_9.1

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.4.1.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.3_2.1.el6.7

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.3.el5.1

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.43.1.10.6.el6_2

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.21.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.50.1.11.5.el6_3

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.7.b09.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.20.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.39.b17.el6_0

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.28.1.10.10.el5_8

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.21.b17.el6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.24.1.10.4.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.41.1.10.4.el6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.40.1.9.10.el6_1

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.23.1.9.10.el5_7

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.36.b17.el6_0

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_0.30.b09.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.49.1.11.4.el6_3

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.16.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.11.b16.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.48.1.11.3.el6_2

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_0.25.b09.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.45.1.11.1.el6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.31.b17.el6_0

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.33.1.11.6.el5_9

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.17.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.18.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.54.1.11.6.el6_3

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.39.1.9.7.el6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.2.b09.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.27.1.10.8.el5_8

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.22.1.9.8.el5_6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.39.1.9.8.el6_1

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.13.b16.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.42.1.10.4.el6_2

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.28.1.10.9.el5_8

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.30.1.11.5.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.25.1.10.6.el5_8

openssl opensslMatch0.9.8e_22.el5

openssl opensslMatch0.9.8b_8.3.el5_0.2

openssl opensslMatch1.0.0_20.el6_2.3

openssl opensslMatch0.9.8e_12.el5_4.1

openssl opensslMatch0.9.8b_10.el5_2.1

openssl opensslMatch1.0.0_4.el6_0.1

openssl opensslMatch1.0.0_4.el6

openssl opensslMatch1.0.0_10.el6_1.4

openssl opensslMatch1.0.0_20.el6_2.5

openssl opensslMatch0.9.8e_22.el5_8.1

openssl opensslMatch1.0.0_10.el6

openssl opensslMatch0.9.8e_7.el5

openssl opensslMatch0.9.8e_20.el5_7.1

openssl opensslMatch0.9.8e_20.el5

openssl opensslMatch1.0.0_20.el6_2.4

openssl opensslMatch1.0.0_4.el6_0.2

openssl opensslMatch0.9.8e_12.el5_5.7

openssl opensslMatch0.9.8e_22.el5_8.3

openssl opensslMatch0.9.8e_12.el5

openssl opensslMatch1.0.0_10.el6_1.5

openssl opensslMatch1.0.0_20.el6

openssl opensslMatch1.0.0_25.el6_3.1

openssl opensslMatch0.9.8e_22.el5_8.4

openssl opensslMatch1.0.0_20.el6_2.2

openssl opensslMatch0.9.8b_10.el5

openssl opensslMatch1.0.0_20.el6_2.1

openssl opensslMatch0.9.8b_8.3.el5

openssl opensslMatch0.9.8e_12.el5_4.6

Source	Link
securitytracker	www.securitytracker.com/id/1029190
secunia	www.secunia.com/advisories/53623
secunia	www.secunia.com/advisories/55108
secunia	www.secunia.com/advisories/55139
secunia	www.secunia.com/advisories/55322
secunia	www.secunia.com/advisories/55350
secunia	www.secunia.com/advisories/55351
securityfocus	www.securityfocus.com/bid/57778
lists	www.lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
lists	www.lists.debian.org/debian-lts-announce/2018/09/msg00029.html

12 May 2023 15:34Current

6.4Medium risk

Vulners AI Score6.4

CVSS 22.6

EPSS0.00943