CVE-2013-1620
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.Enginsight
Vendor | Product | Version |
---|---|---|
mozilla | network_security_services | 𝑥 < 3.14.3 |
canonical | ubuntu_linux | 10.04 |
canonical | ubuntu_linux | 11.10 |
canonical | ubuntu_linux | 12.04 |
canonical | ubuntu_linux | 12.10 |
oracle | enterprise_manager_ops_center | 11.1 |
oracle | enterprise_manager_ops_center | 12.1 |
oracle | enterprise_manager_ops_center | 12.2 |
oracle | glassfish_communications_server | 2.0 |
oracle | glassfish_server | 2.1.1 |
oracle | iplanet_web_proxy_server | 4.0 |
oracle | iplanet_web_server | 6.1 |
oracle | iplanet_web_server | 7.0 |
oracle | opensso | 3.0-03 |
oracle | traffic_director | 11.1.1.6.0 |
oracle | traffic_director | 11.1.1.7.0 |
oracle | vm_server | 3.2 |
redhat | enterprise_linux_desktop | 5.0 |
redhat | enterprise_linux_desktop | 6.0 |
redhat | enterprise_linux_eus | 5.9 |
redhat | enterprise_linux_server | 5.0 |
redhat | enterprise_linux_server | 6.0 |
redhat | enterprise_linux_server_aus | 5.9 |
redhat | enterprise_linux_workstation | 5.0 |
redhat | enterprise_linux_workstation | 6.0 |
Debian Releases
Ubuntu Releases
Common Weakness Enumeration