1. Home
  2. Vulnerabilities
  3. CVE-2013-1620

CVE-2013-1620

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.44 % (75th)
0.44% Progress
Affected Products 15
Advisories 13
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Weaknesses
CWE-203
Observable Discrepancy
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2013-02-08 19:55:01
(11 years ago)
Updated Date
2022-12-21 17:30:12
(21 months ago)

Affected Products

Canonical

Mozilla

Oracle

Redhat

Configuration #1

    CPE23 From Up To
  Mozilla Network Security Services prior 3.14.3 version cpe:2.3:a:mozilla:network_security_services < 3.14.3

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-
  Canonical Ubuntu Linux 11.10 cpe:2.3:o:canonical:ubuntu_linux:11.10
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-
  Canonical Ubuntu Linux 12.10 cpe:2.3:o:canonical:ubuntu_linux:12.10

Configuration #3

    CPE23 From Up To
  Oracle Enterprise Manager Ops Center 11.1 cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1
  Oracle Enterprise Manager Ops Center 12.1 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1
  Oracle Enterprise Manager Ops Center 12.2 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2
  Oracle Glassfish Communications Server 2.0 cpe:2.3:a:oracle:glassfish_communications_server:2.0
  Oracle Glassfish Server 2.1.1 cpe:2.3:a:oracle:glassfish_server:2.1.1
  Oracle Iplanet Web Proxy Server 4.0 cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0
  Oracle Iplanet Web Server 6.1 cpe:2.3:a:oracle:iplanet_web_server:6.1
  Oracle Iplanet Web Server 7.0 cpe:2.3:a:oracle:iplanet_web_server:7.0
  Oracle Opensso 3.0-03 cpe:2.3:a:oracle:opensso:3.0-03
  Oracle Traffic Director 11.1.1.6.0 cpe:2.3:a:oracle:traffic_director:11.1.1.6.0
  Oracle Traffic Director 11.1.1.7.0 cpe:2.3:a:oracle:traffic_director:11.1.1.7.0
  Oracle Vm Server 3.2 on X86 cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86

Configuration #4

    CPE23 From Up To
  Redhat Enterprise Linux Desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
  Redhat Enterprise Linux Desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  Redhat Enterprise Linux Eus 5.9 cpe:2.3:o:redhat:enterprise_linux_eus:5.9
  Redhat Enterprise Linux Server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0
  Redhat Enterprise Linux Server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0
  Redhat Enterprise Linux Server Aus 5.9 cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9
  Redhat Enterprise Linux Workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
  Redhat Enterprise Linux Workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0