CVE-2013-0169
Vulnerability from cvelistv5
Published
2013-02-08 19:00
Modified
2024-08-06 14:18
Severity ?
Summary
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
References
secalert@redhat.comhttp://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/Third Party Advisory
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlThird Party Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlThird Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136396549913849&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136432043316835&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136439120408139&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=136733161405818&w=2Third Party Advisory
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=137545771702053&w=2Third Party Advisory
secalert@redhat.comhttp://openwall.com/lists/oss-security/2013/02/05/24Mailing List
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0587.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0782.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0783.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0833.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1455.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-1456.htmlThird Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/53623Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55108Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55139Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55322Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55350Third Party Advisory
secalert@redhat.comhttp://secunia.com/advisories/55351Third Party Advisory
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201406-32.xmlThird Party Advisory
secalert@redhat.comhttp://support.apple.com/kb/HT5880Third Party Advisory
secalert@redhat.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21644047Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2621Third Party Advisory
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2622Third Party Advisory
secalert@redhat.comhttp://www.isg.rhul.ac.uk/tls/TLStiming.pdfThird Party Advisory
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/737740Third Party Advisory, US Government Resource
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:095Third Party Advisory
secalert@redhat.comhttp://www.matrixssl.org/news.htmlThird Party Advisory
secalert@redhat.comhttp://www.openssl.org/news/secadv_20130204.txtVendor Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.htmlThird Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/57778Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1029190Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.splunk.com/view/SP-CAAAHXGThird Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1735-1Third Party Advisory
secalert@redhat.comhttp://www.us-cert.gov/cas/techalerts/TA13-051A.htmlThird Party Advisory, US Government Resource
secalert@redhat.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdfThird Party Advisory
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2018/09/msg00029.htmlThird Party Advisory
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841Tool Signature
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016Tool Signature
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424Tool Signature
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540Tool Signature
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608Third Party Advisory
secalert@redhat.comhttps://polarssl.org/tech-updates/releases/polarssl-1.2.5-releasedVendor Advisory
secalert@redhat.comhttps://puppet.com/security/cve/cve-2013-0169Third Party Advisory
secalert@redhat.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001Third Party Advisory
secalert@redhat.comhttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084Third Party Advisory
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.matrixssl.org/news.html"
          },
          {
            "name": "RHSA-2013:0587",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
          },
          {
            "name": "GLSA-201406-32",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
          },
          {
            "name": "FEDORA-2013-4403",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
          },
          {
            "name": "TA13-051A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:19016",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
          },
          {
            "name": "MDVSA-2013:095",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
          },
          {
            "name": "55139",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55139"
          },
          {
            "name": "55322",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55322"
          },
          {
            "name": "oval:org.mitre.oval:def:19608",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20130204.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
          },
          {
            "name": "openSUSE-SU-2013:0378",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
          },
          {
            "name": "DSA-2622",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2622"
          },
          {
            "name": "57778",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/57778"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
          },
          {
            "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
          },
          {
            "name": "RHSA-2013:1455",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
          },
          {
            "name": "55351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55351"
          },
          {
            "name": "HPSBUX02856",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2013-0169"
          },
          {
            "name": "SSRT101289",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "openSUSE-SU-2016:0640",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
          },
          {
            "name": "SSRT101108",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "SUSE-SU-2013:0328",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
          },
          {
            "name": "RHSA-2013:0833",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
          },
          {
            "name": "USN-1735-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1735-1"
          },
          {
            "name": "SUSE-SU-2014:0320",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
          },
          {
            "name": "HPSBUX02857",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
          },
          {
            "name": "53623",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53623"
          },
          {
            "name": "SUSE-SU-2013:0701",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
          },
          {
            "name": "VU#737740",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/737740"
          },
          {
            "name": "oval:org.mitre.oval:def:19424",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
          },
          {
            "name": "HPSBUX02909",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
          },
          {
            "name": "DSA-2621",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2013/dsa-2621"
          },
          {
            "name": "RHSA-2013:0783",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
          },
          {
            "name": "HPSBMU02874",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
          },
          {
            "name": "APPLE-SA-2013-09-12-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
          },
          {
            "name": "55108",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55108"
          },
          {
            "name": "RHSA-2013:0782",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
          },
          {
            "name": "HPSBOV02852",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
          },
          {
            "name": "SSRT101103",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
          },
          {
            "name": "SSRT101104",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
          },
          {
            "name": "SUSE-SU-2015:0578",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
          },
          {
            "name": "openSUSE-SU-2013:0375",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
          },
          {
            "name": "oval:org.mitre.oval:def:19540",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
          },
          {
            "name": "1029190",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029190"
          },
          {
            "name": "oval:org.mitre.oval:def:18841",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.splunk.com/view/SP-CAAAHXG"
          },
          {
            "name": "RHSA-2013:1456",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5880"
          },
          {
            "name": "SSRT101184",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
          },
          {
            "name": "55350",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55350"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-09T12:06:03",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.matrixssl.org/news.html"
        },
        {
          "name": "RHSA-2013:0587",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
        },
        {
          "name": "GLSA-201406-32",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
        },
        {
          "name": "FEDORA-2013-4403",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
        },
        {
          "name": "TA13-051A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:19016",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
        },
        {
          "name": "MDVSA-2013:095",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
        },
        {
          "name": "55139",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55139"
        },
        {
          "name": "55322",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55322"
        },
        {
          "name": "oval:org.mitre.oval:def:19608",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20130204.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
        },
        {
          "name": "openSUSE-SU-2013:0378",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
        },
        {
          "name": "DSA-2622",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2622"
        },
        {
          "name": "57778",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/57778"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
        },
        {
          "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
        },
        {
          "name": "RHSA-2013:1455",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
        },
        {
          "name": "55351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55351"
        },
        {
          "name": "HPSBUX02856",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2013-0169"
        },
        {
          "name": "SSRT101289",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "openSUSE-SU-2016:0640",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
        },
        {
          "name": "SSRT101108",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "SUSE-SU-2013:0328",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
        },
        {
          "name": "RHSA-2013:0833",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
        },
        {
          "name": "USN-1735-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1735-1"
        },
        {
          "name": "SUSE-SU-2014:0320",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
        },
        {
          "name": "HPSBUX02857",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
        },
        {
          "name": "53623",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53623"
        },
        {
          "name": "SUSE-SU-2013:0701",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
        },
        {
          "name": "VU#737740",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/737740"
        },
        {
          "name": "oval:org.mitre.oval:def:19424",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
        },
        {
          "name": "HPSBUX02909",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
        },
        {
          "name": "DSA-2621",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2013/dsa-2621"
        },
        {
          "name": "RHSA-2013:0783",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
        },
        {
          "name": "HPSBMU02874",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
        },
        {
          "name": "APPLE-SA-2013-09-12-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
        },
        {
          "name": "55108",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55108"
        },
        {
          "name": "RHSA-2013:0782",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
        },
        {
          "name": "HPSBOV02852",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
        },
        {
          "name": "SSRT101103",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
        },
        {
          "name": "SSRT101104",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
        },
        {
          "name": "SUSE-SU-2015:0578",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
        },
        {
          "name": "openSUSE-SU-2013:0375",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
        },
        {
          "name": "oval:org.mitre.oval:def:19540",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
        },
        {
          "name": "1029190",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029190"
        },
        {
          "name": "oval:org.mitre.oval:def:18841",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.splunk.com/view/SP-CAAAHXG"
        },
        {
          "name": "RHSA-2013:1456",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5880"
        },
        {
          "name": "SSRT101184",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
        },
        {
          "name": "55350",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55350"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-0169",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
            },
            {
              "name": "http://www.matrixssl.org/news.html",
              "refsource": "CONFIRM",
              "url": "http://www.matrixssl.org/news.html"
            },
            {
              "name": "RHSA-2013:0587",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
            },
            {
              "name": "GLSA-201406-32",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
            },
            {
              "name": "FEDORA-2013-4403",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
            },
            {
              "name": "TA13-051A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:19016",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
            },
            {
              "name": "MDVSA-2013:095",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
            },
            {
              "name": "55139",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55139"
            },
            {
              "name": "55322",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55322"
            },
            {
              "name": "oval:org.mitre.oval:def:19608",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
            },
            {
              "name": "http://www.openssl.org/news/secadv_20130204.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openssl.org/news/secadv_20130204.txt"
            },
            {
              "name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/",
              "refsource": "MISC",
              "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
            },
            {
              "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084",
              "refsource": "CONFIRM",
              "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
            },
            {
              "name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
              "refsource": "MISC",
              "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
            },
            {
              "name": "openSUSE-SU-2013:0378",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
            },
            {
              "name": "DSA-2622",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2622"
            },
            {
              "name": "57778",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/57778"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
            },
            {
              "name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
            },
            {
              "name": "RHSA-2013:1455",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
            },
            {
              "name": "55351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55351"
            },
            {
              "name": "HPSBUX02856",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2013-0169",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2013-0169"
            },
            {
              "name": "SSRT101289",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "openSUSE-SU-2016:0640",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
            },
            {
              "name": "SSRT101108",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "SUSE-SU-2013:0328",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
            },
            {
              "name": "RHSA-2013:0833",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
            },
            {
              "name": "USN-1735-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1735-1"
            },
            {
              "name": "SUSE-SU-2014:0320",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
            },
            {
              "name": "HPSBUX02857",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
            },
            {
              "name": "53623",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53623"
            },
            {
              "name": "SUSE-SU-2013:0701",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
            },
            {
              "name": "VU#737740",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/737740"
            },
            {
              "name": "oval:org.mitre.oval:def:19424",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
            },
            {
              "name": "HPSBUX02909",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
            },
            {
              "name": "DSA-2621",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2013/dsa-2621"
            },
            {
              "name": "RHSA-2013:0783",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
            },
            {
              "name": "HPSBMU02874",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
            },
            {
              "name": "APPLE-SA-2013-09-12-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
            },
            {
              "name": "55108",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55108"
            },
            {
              "name": "RHSA-2013:0782",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
            },
            {
              "name": "HPSBOV02852",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
            },
            {
              "name": "SSRT101103",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
            },
            {
              "name": "SSRT101104",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
            },
            {
              "name": "SUSE-SU-2015:0578",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
            },
            {
              "name": "openSUSE-SU-2013:0375",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
            },
            {
              "name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
              "refsource": "CONFIRM",
              "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
            },
            {
              "name": "oval:org.mitre.oval:def:19540",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
            },
            {
              "name": "1029190",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029190"
            },
            {
              "name": "oval:org.mitre.oval:def:18841",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
            },
            {
              "name": "http://www.splunk.com/view/SP-CAAAHXG",
              "refsource": "CONFIRM",
              "url": "http://www.splunk.com/view/SP-CAAAHXG"
            },
            {
              "name": "RHSA-2013:1456",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5880",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5880"
            },
            {
              "name": "SSRT101184",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
            },
            {
              "name": "55350",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55350"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0169",
    "datePublished": "2013-02-08T19:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2024-08-06T14:18:09.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-0169\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-02-08T19:55:01.030\",\"lastModified\":\"2023-05-12T12:58:44.970\",\"vulnStatus\":\"Analyzed\",\"evaluatorComment\":\"Per http://www.openssl.org/news/vulnerabilities.html:\\nFixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) \\nFixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) \\nFixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)\\n\\nAffected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y\\n(The fix in 1.0.1d wasn\u0027t complete, so please use 1.0.1e or later)\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \\\"Lucky Thirteen\\\" issue.\"},{\"lang\":\"es\",\"value\":\"El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se utiliza en OpenSSL, OpenJDK, PolarSSL, y otros productos, no considera adecuadamente ataques a un requisito de verificaci\u00f3n MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperaci\u00f3n de texto plano trav\u00e9s del an\u00e1lisis estad\u00edstico de los datos de tiempo de los paquetes hechos a mano, tambi\u00e9n conocido como el \\\"Lucky Thirteen\\\" de emisi\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.6},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.9.8\",\"versionEndIncluding\":\"0.9.8x\",\"matchCriteriaId\":\"7C2F01ED-AB65-4006-AE2A-E9F73791D436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.0.0j\",\"matchCriteriaId\":\"581DC050-33FB-408D-AB43-D3D796BCBBDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.1\",\"versionEndIncluding\":\"1.0.1d\",\"matchCriteriaId\":\"02E6874F-3469-4173-92DE-1E90F0B241FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C58642D-8504-4D3B-A411-96B83CFCD05D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"603BED29-3B3F-49AD-A518-E68B40AE8484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F03670F-559C-433D-8AE8-A3C16F05E1D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A294535-7190-4C33-910D-0520F575D800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*\",\"matchCriteriaId\":\"52A6300A-98F2-4E5A-909E-895A6C5B1D04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"2280FB93-81A0-4BF4-AD7E-C9EAD277B379\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E42E405-91ED-4F41-A2EE-CECB27EB4951\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*\",\"matchCriteriaId\":\"11BCE518-1A35-44DE-9B40-B89E7637F830\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D0BB1F-FA76-4185-ACD4-587DFB24CFF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*\",\"matchCriteriaId\":\"D27FDDD5-083F-4A83-836F-BDCEB94894FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*\",\"matchCriteriaId\":\"30BF0C2F-BF35-41B8-BC6A-F2DACE6A9A32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE05CDF7-1C43-46BF-9A7E-56B31BC1C837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A520D505-7BDC-4E82-8A43-7C50AEE2B222\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ADF3C32-6663-4003-B7D6-CE3D02AFF45E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*\",\"matchCriteriaId\":\"F15C4440-6283-433E-998E-856DA7ED4DB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*\",\"matchCriteriaId\":\"C729FF50-6E41-4CEB-888A-E0FBD69B7897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB0AB341-46CE-4851-899A-B09C81A9792E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*\",\"matchCriteriaId\":\"68EF7AC1-0179-4E10-89DD-5DA33682B3F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*\",\"matchCriteriaId\":\"243726CF-F79A-4487-8807-FFA0AC86760B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DECF6EC-B787-4CBA-936C-527864B504DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C70C7D7-4E28-49D9-A007-EB186E85E5B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B2B1A1-C3E5-4A32-8F5A-4BA8664E7537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F57C81C-446F-462C-BB64-65F87D1AA28F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CFFA025-08DC-4AEF-AAE3-B20ECCB0946E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACBA03CE-2EF2-4C51-B796-54C65C3CFBCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*\",\"matchCriteriaId\":\"085241E5-F958-43DD-AB0A-35EAF6954CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*\",\"matchCriteriaId\":\"20CD7414-1D66-4311-90FB-5D53C0C22D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DCB646B-3F17-427D-AE89-039FCA1F6D7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2AB84A-05D5-4091-B225-7762A73D45BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A5A15F9-5047-4BB9-9B3E-A00998B6E7C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*\",\"matchCriteriaId\":\"11A0378E-0D41-4FE0-8DAF-A01B66D814DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"942C51A3-87AC-4DB5-BAB9-3771A19C472A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C34819D3-615F-4CEE-BEAA-CE48BC2E53BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"D97A141E-5FC0-4B79-ABAA-82F6DE857625\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32EAE02-B313-47AC-A1A3-BBF58A692E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"81EA5E3B-7EA9-45A4-9B69-2DD96471A731\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"27DED59D-C293-4D36-B194-B1645CD798C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC3ADCB9-C4B7-4D30-932B-415C317870F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*\",\"matchCriteriaId\":\"06FB52F8-8702-4795-BA47-28A1D007952F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FDD48A5-9956-4AE6-9899-40D0830719FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*\",\"matchCriteriaId\":\"875DAD00-C396-4F45-8C39-843686D5C3DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F45FA1E6-D848-482B-BB3F-5B02E837EE60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*\",\"matchCriteriaId\":\"94A59C56-6A9B-4630-ACBD-45359451120D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*\",\"matchCriteriaId\":\"795C1133-BF5E-4B07-A448-13EFAFEED9B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF20B7CE-1CD3-4D1E-9C5F-E9594A5135D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*\",\"matchCriteriaId\":\"3206CF31-0EF2-4351-A077-1F8935965492\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2E1A163-7376-41C9-A0FF-C8C3B192B73A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21684D8F-C925-4BBE-A9E5-3799C84BDB13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CE3EE93-6274-4996-A843-D2DF3249E06C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3C08BCF-F438-4862-B93A-76282A4129D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA654207-3F1A-4737-AA1C-523DBD420D2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D1B837-15DB-4A37-AF13-9FE6D894C084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA214D9-E535-4F68-9A23-504121748700\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"131EF818-747C-47F0-A69B-7F55CCA93F9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B86C938F-CE5E-4955-8702-ABE9B635E337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8DC2818-EBB5-4A14-9468-57737B04F5A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0D9D498-444E-4E92-B2A1-C8D72FA59F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*\",\"matchCriteriaId\":\"22EA88C6-E217-4D1F-981B-096930A7728C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E25A1C90-15E9-4577-B25D-855D48C4F4E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18BC3056-6CF9-4C6A-9F03-C8812CA10AF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"02CE9326-279B-4CFE-8FBD-4450793D9C67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7513F8AC-A847-412D-B657-9426E4C6C020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE920F-DBD6-4D01-87E1-26FA10101692\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F1E192-D0F2-476E-A7A9-AFB031687533\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F9DDE3F-26AE-41E0-9433-E5C018C699E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F9819E-798E-4DA6-A7E4-39A85B68A5F5\"}]}]}],\"references\":[{\"url\":\"http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2013/02/05/24\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0587.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0782.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0783.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0833.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1455.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1456.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/53623\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/55108\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/55139\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/55322\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/55350\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/55351\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-201406-32.xml\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5880\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21644047\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2013/dsa-2621\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2013/dsa-2622\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.isg.rhul.ac.uk/tls/TLStiming.pdf\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/737740\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:095\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.matrixssl.org/news.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openssl.org/news/secadv_20130204.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/57778\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029190\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.splunk.com/view/SP-CAAAHXG\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-1735-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA13-051A.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://puppet.com/security/cve/cve-2013-0169\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.