CVE-2013-0169
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.Enginsight
Vendor | Product | Version |
---|---|---|
openssl | openssl | 0.9.8 ≤ 𝑥 ≤ 0.9.8x |
openssl | openssl | 1.0.0 ≤ 𝑥 ≤ 1.0.0j |
openssl | openssl | 1.0.1 ≤ 𝑥 ≤ 1.0.1d |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.6.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
oracle | openjdk | 1.7.0 |
polarssl | polarssl | 0.10.0 |
polarssl | polarssl | 0.10.1 |
polarssl | polarssl | 0.11.0 |
polarssl | polarssl | 0.11.1 |
polarssl | polarssl | 0.12.0 |
polarssl | polarssl | 0.12.1 |
polarssl | polarssl | 0.13.1 |
polarssl | polarssl | 0.14.0 |
polarssl | polarssl | 0.14.2 |
polarssl | polarssl | 0.14.3 |
polarssl | polarssl | 0.99 |
polarssl | polarssl | 0.99 |
polarssl | polarssl | 0.99 |
polarssl | polarssl | 0.99 |
polarssl | polarssl | 1.0.0 |
polarssl | polarssl | 1.1.0 |
polarssl | polarssl | 1.1.0 |
polarssl | polarssl | 1.1.0 |
polarssl | polarssl | 1.1.1 |
polarssl | polarssl | 1.1.2 |
polarssl | polarssl | 1.1.3 |
polarssl | polarssl | 1.1.4 |
Debian Releases
Debian Product | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
bouncycastle |
| ||||||||||||||||
gnutls28 |
| ||||||||||||||||
nss |
| ||||||||||||||||
openssl |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
openjdk-6 |
| ||||||||||||||||
openjdk-7 |
| ||||||||||||||||
openssl |
| ||||||||||||||||
openssl098 |
|
Common Weakness Enumeration