Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-1435
Vulnerability from csaf_certbund - Published: 2023-06-12 22:00 - Updated: 2023-06-12 22:00Summary
Hitachi Energy Relion: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die Relion-Produktfamilie umfasst Produkte für Schutz, Steuerung, Messung und Überwachung von Energiesystemen für IEC- und ANSI-Anwendungen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Hitachi Energy Relion ausnutzen, um einen Denial of Service Angriff durchzuführen und Informationen offenzulegen.
Betroffene Betriebssysteme: - BIOS/Firmware
In Hitachi Energy Relion existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer unsicherer TLS-Konfigurationen in Lucky13 und BEAST und der Preisgabe eines sensiblen Cookies in einer HTTPS-Sitzung ohne "HttpOnly"-Flag. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
In Hitachi Energy Relion existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer unsicherer TLS-Konfigurationen in Lucky13 und BEAST und der Preisgabe eines sensiblen Cookies in einer HTTPS-Sitzung ohne "HttpOnly"-Flag. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
In Hitachi Energy Relion existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer unsicherer TLS-Konfigurationen in Lucky13 und BEAST und der Preisgabe eines sensiblen Cookies in einer HTTPS-Sitzung ohne "HttpOnly"-Flag. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Es existiert eine Schwachstelle in Hitachi Energy Relion. Der Fehler besteht aufgrund einer nicht ordnungsgemäß funktionierenden TLS-Sitzungsneuaushandlung auf Client-Seite. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die Relion-Produktfamilie umfasst Produkte f\u00fcr Schutz, Steuerung, Messung und \u00dcberwachung von Energiesystemen f\u00fcr IEC- und ANSI-Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Hitachi Energy Relion ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1435 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1435.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1435 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1435"
},
{
"category": "external",
"summary": "ABB Relion REX640 Cyber Security Improvements vom 2023-06-12",
"url": "https://library.e.abb.com/public/1f777da94ee04c6a8108533b46c46971/ABB%20Relion%20REX640%20Cyber%20Security%20Improvements_Rev.A.pdf"
}
],
"source_lang": "en-US",
"title": "Hitachi Energy Relion: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-06-12T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:52:21.046+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1435",
"initial_release_date": "2023-06-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Energy Relion REX640 FW \u003c 1.0.8",
"product": {
"name": "Hitachi Energy Relion REX640 FW \u003c 1.0.8",
"product_id": "T028062",
"product_identification_helper": {
"cpe": "cpe:/h:abb:relion:rex640_fw__1.0.8"
}
}
},
{
"category": "product_name",
"name": "Hitachi Energy Relion REX640 FW \u003c 1.1.4",
"product": {
"name": "Hitachi Energy Relion REX640 FW \u003c 1.1.4",
"product_id": "T028063",
"product_identification_helper": {
"cpe": "cpe:/h:abb:relion:rex640_fw__1.1.4"
}
}
},
{
"category": "product_name",
"name": "Hitachi Energy Relion REX640 FW \u003c 1.2.1",
"product": {
"name": "Hitachi Energy Relion REX640 FW \u003c 1.2.1",
"product_id": "T028064",
"product_identification_helper": {
"cpe": "cpe:/h:abb:relion:rex640_fw__1.2.1"
}
}
}
],
"category": "product_name",
"name": "Relion"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2876",
"notes": [
{
"category": "description",
"text": "In Hitachi Energy Relion existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer unsicherer TLS-Konfigurationen in Lucky13 und BEAST und der Preisgabe eines sensiblen Cookies in einer HTTPS-Sitzung ohne \"HttpOnly\"-Flag. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-2876"
},
{
"cve": "CVE-2013-0169",
"notes": [
{
"category": "description",
"text": "In Hitachi Energy Relion existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer unsicherer TLS-Konfigurationen in Lucky13 und BEAST und der Preisgabe eines sensiblen Cookies in einer HTTPS-Sitzung ohne \"HttpOnly\"-Flag. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2013-0169"
},
{
"cve": "CVE-2011-3389",
"notes": [
{
"category": "description",
"text": "In Hitachi Energy Relion existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund mehrerer unsicherer TLS-Konfigurationen in Lucky13 und BEAST und der Preisgabe eines sensiblen Cookies in einer HTTPS-Sitzung ohne \"HttpOnly\"-Flag. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2011-3389"
},
{
"cve": "CVE-2011-1473",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Hitachi Energy Relion. Der Fehler besteht aufgrund einer nicht ordnungsgem\u00e4\u00df funktionierenden TLS-Sitzungsneuaushandlung auf Client-Seite. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
}
],
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2011-1473"
}
]
}
CVE-2011-1473 (GCVE-0-2011-1473)
Vulnerability from cvelistv5 – Published: 2012-06-16 21:00 – Updated: 2024-08-06 22:28 Disputed
VLAI?
EPSS
Summary
OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2011-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "[tls] 20110315 SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
},
{
"name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-20T15:06:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "[tls] 20110315 SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
},
{
"name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d%40%3Ccommits.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557%40%3Cdev.rocketmq.apache.org%3E"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-5094. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html",
"refsource": "MISC",
"url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065"
},
{
"name": "20140214 ESA-2014-009: RSA BSAFE SSL-J Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html"
},
{
"name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html"
},
{
"name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/08/2"
},
{
"name": "SSRT100852",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "[tls] 20110318 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html"
},
{
"name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html",
"refsource": "MISC",
"url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html"
},
{
"name": "HPSBMU02776",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "[tls] 20110315 SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html"
},
{
"name": "[tls] 20110315 Re: SSL Renegotiation DOS",
"refsource": "MLIST",
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html"
},
{
"name": "[rocketmq-dev] 20190527 [GitHub] [rocketmq] bix29 opened a new issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/142b93d261e8ac7c5ceffdce848d622404abc1c286bbc999f43a9e10@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20190801 [GitHub] [rocketmq] duhenglucky commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6121becfdd23f9aeb675d5db80616536277d5931d6cde9dca292e509@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20191024 [GitHub] [rocketmq] Journey-x commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8be38d35654441140db8eb3f7433524b3653ac3fdc26e2fa94626a3a@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1e33410bb5c81536e7fe14b51fa83e7bfd9445db61fd10c134792bde@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] coveralls commented on issue #1820: [ISSUE #1233] Fix CVE-2011-1473",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r298a09a2b98446b27217d719e877c643b6d13fac0bcafe04696a446b@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20200305 [GitHub] [rocketmq] ShadowySpirits opened a new pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r77fe575893261889b983e067293be72fa1f8c6305ede9fdbc404c514@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling closed issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e595b91f00613dafa635852121d45b161e8b5c3eba4551aeccc6483@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-commits] 20210311 [rocketmq] branch develop updated: [ISSUE #1233] Fix CVE-2011-1473",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3822ad69442291562c2ab41132fc49780d269e8b52deb458b7060f6d@%3Ccommits.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] vongosling merged pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8680f41bcdad13c3f267cb868b45e5fb1f57df8b39d25193f7d66500@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210311 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra95c355827b3c96c8013ed8e0666c851581651be2524f3d28cd4fe71@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210327 [GitHub] [rocketmq] liufeiguo commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r13a07a09f98b2841193dbf17a47c7f09b464e0747a1d3e7298ad4c81@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz commented on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9e8ae0356af3ec4f7780ca651b770721d287d4d55f62f4f754e0a6f@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20210420 [GitHub] [rocketmq] mouzz removed a comment on pull request #1820: [ISSUE #1233] Fix CVE-2011-1473",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc98eaa3f8223ac75aa5969f717954d8cbc9f3a9d8b7a6156a54fa557@%3Cdev.rocketmq.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1473",
"datePublished": "2012-06-16T21:00:00.000Z",
"dateReserved": "2011-03-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0169 (GCVE-0-2013-0169)
Vulnerability from cvelistv5 – Published: 2013-02-08 19:00 – Updated: 2024-08-06 14:18
VLAI?
EPSS
Summary
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2013-02-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57778"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-09T12:06:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57778"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"name": "http://www.matrixssl.org/news.html",
"refsource": "CONFIRM",
"url": "http://www.matrixssl.org/news.html"
},
{
"name": "RHSA-2013:0587",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "FEDORA-2013-4403",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"
},
{
"name": "TA13-051A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"
},
{
"name": "oval:org.mitre.oval:def:19016",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"
},
{
"name": "MDVSA-2013:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
},
{
"name": "55139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55139"
},
{
"name": "55322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55322"
},
{
"name": "oval:org.mitre.oval:def:19608",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"
},
{
"name": "http://www.openssl.org/news/secadv_20130204.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20130204.txt"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/",
"refsource": "MISC",
"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"
},
{
"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf",
"refsource": "MISC",
"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"
},
{
"name": "openSUSE-SU-2013:0378",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"
},
{
"name": "DSA-2622",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2622"
},
{
"name": "57778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57778"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/02/05/24"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55351"
},
{
"name": "HPSBUX02856",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "https://puppet.com/security/cve/cve-2013-0169",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2013-0169"
},
{
"name": "SSRT101289",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "SSRT101108",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SUSE-SU-2013:0328",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"
},
{
"name": "RHSA-2013:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "USN-1735-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1735-1"
},
{
"name": "SUSE-SU-2014:0320",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
},
{
"name": "HPSBUX02857",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03883001"
},
{
"name": "53623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53623"
},
{
"name": "SUSE-SU-2013:0701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"
},
{
"name": "VU#737740",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "oval:org.mitre.oval:def:19424",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"
},
{
"name": "HPSBUX02909",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137545771702053\u0026w=2"
},
{
"name": "DSA-2621",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2621"
},
{
"name": "RHSA-2013:0783",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"
},
{
"name": "HPSBMU02874",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "55108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55108"
},
{
"name": "RHSA-2013:0782",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"
},
{
"name": "HPSBOV02852",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136432043316835\u0026w=2"
},
{
"name": "SSRT101103",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136439120408139\u0026w=2"
},
{
"name": "SSRT101104",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136396549913849\u0026w=2"
},
{
"name": "SUSE-SU-2015:0578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "openSUSE-SU-2013:0375",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"
},
{
"name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released",
"refsource": "CONFIRM",
"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"
},
{
"name": "oval:org.mitre.oval:def:19540",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "oval:org.mitre.oval:def:18841",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"
},
{
"name": "http://www.splunk.com/view/SP-CAAAHXG",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAHXG"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=136733161405818\u0026w=2"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0169",
"datePublished": "2013-02-08T19:00:00.000Z",
"dateReserved": "2012-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:18:09.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3389 (GCVE-0-2011-3389)
Vulnerability from cvelistv5 – Published: 2011-09-06 19:00 – Updated: 2024-08-06 23:29
VLAI?
EPSS
Summary
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Date Public ?
2004-05-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/74829"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55322"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48948"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T21:06:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/74829"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2004/111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55322"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48948"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026103"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5501"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74829",
"refsource": "OSVDB",
"url": "http://osvdb.org/74829"
},
{
"name": "http://eprint.iacr.org/2004/111",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2004/111"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635",
"refsource": "MISC",
"url": "http://isc.sans.edu/diary/SSL+TLS+part+3+/11635"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"name": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf",
"refsource": "CONFIRM",
"url": "http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf"
},
{
"name": "SSRT100805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "55322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55322"
},
{
"name": "http://support.apple.com/kb/HT5130",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5130"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=737506",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=737506"
},
{
"name": "HPSBUX02730",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "SUSE-SU-2012:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "1025997",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025997"
},
{
"name": "TA12-010A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-010A.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "SUSE-SU-2012:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "49388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49388"
},
{
"name": "http://ekoparty.org/2011/juliano-rizzo.php",
"refsource": "MISC",
"url": "http://ekoparty.org/2011/juliano-rizzo.php"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2016-001.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2016-001.html"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "55351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55351"
},
{
"name": "SSRT100710",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132750579901589\u0026w=2"
},
{
"name": "VU#864643",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/864643"
},
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "49778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49778"
},
{
"name": "DSA-2398",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2398"
},
{
"name": "48948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48948"
},
{
"name": "http://support.apple.com/kb/HT6150",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6150"
},
{
"name": "APPLE-SA-2012-02-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
},
{
"name": "http://technet.microsoft.com/security/advisory/2588513",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2588513"
},
{
"name": "openSUSE-SU-2012:0063",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13155432"
},
{
"name": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx"
},
{
"name": "RHSA-2011:1384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1151/"
},
{
"name": "openSUSE-SU-2012:0030",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/13154861"
},
{
"name": "http://eprint.iacr.org/2006/136",
"refsource": "MISC",
"url": "http://eprint.iacr.org/2006/136"
},
{
"name": "48915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48915"
},
{
"name": "GLSA-201203-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-02.xml"
},
{
"name": "SSRT100740",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html",
"refsource": "MISC",
"url": "http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html"
},
{
"name": "48256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48256"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "1026103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026103"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html",
"refsource": "CONFIRM",
"url": "http://www.imperialviolet.org/2011/09/23/chromeandbeast.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "http://www.insecure.cl/Beast-SSL.rar",
"refsource": "MISC",
"url": "http://www.insecure.cl/Beast-SSL.rar"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name": "http://support.apple.com/kb/HT5001",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5001"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1160/"
},
{
"name": "http://curl.haxx.se/docs/adv_20120124B.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20120124B.html"
},
{
"name": "http://www.opera.com/support/kb/view/1004/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/1004/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "1026704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026704"
},
{
"name": "APPLE-SA-2012-07-25-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
},
{
"name": "HPSBMU02742",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=132872385320240\u0026w=2"
},
{
"name": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue",
"refsource": "CONFIRM",
"url": "http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue"
},
{
"name": "RHSA-2012:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "45791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45791"
},
{
"name": "1029190",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029190"
},
{
"name": "MDVSA-2012:058",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:058"
},
{
"name": "47998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47998"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "49198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49198"
},
{
"name": "RHSA-2012:0006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2012-0006.html"
},
{
"name": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/",
"refsource": "CONFIRM",
"url": "http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1160/"
},
{
"name": "SUSE-SU-2012:0122",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html"
},
{
"name": "HPSBUX02777",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1151/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1151/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1151/"
},
{
"name": "MS12-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006"
},
{
"name": "HPSBUX02760",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1160/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1160/"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "SSRT100854",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2"
},
{
"name": "APPLE-SA-2011-10-12-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=719047",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=719047"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://vnhacker.blogspot.com/2011/09/beast.html",
"refsource": "MISC",
"url": "http://vnhacker.blogspot.com/2011/09/beast.html"
},
{
"name": "USN-1263-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1263-1"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "55350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55350"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"
},
{
"name": "openSUSE-SU-2020:0086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3389",
"datePublished": "2011-09-06T19:00:00.000Z",
"dateReserved": "2011-09-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:29:56.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2876 (GCVE-0-2023-2876)
Vulnerability from cvelistv5 – Published: 2023-06-13 03:52 – Updated: 2025-01-03 02:00
VLAI?
EPSS
Title
Session cookie exposure for client side script
Summary
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.
Severity ?
CWE
- CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ABB | REX640 PCL1 |
Affected:
1.0;0 , < 1.0.8
(firmware update)
|
||||||||||||
|
||||||||||||||
Date Public ?
2023-06-12 06:30
Credits
ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG's OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:06.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T01:58:48.969845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T02:00:22.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"firmware"
],
"product": "REX640 PCL1",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "1.0;0",
"versionType": "firmware update"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Firmware"
],
"product": "REX640 PCL2",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "1.0;0",
"versionType": "firwmare update"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"firmware"
],
"product": "REX640 PCL3",
"vendor": "ABB",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "1.0;0",
"versionType": "firwmare update"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "ABB thanks Paul Mader and Gianluca Raberger of VERBUND AG\u0027s OT Cyber Security Lab for helping to identify the vulnerabilities and protecting our customers."
}
],
"datePublic": "2023-06-12T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.\u003c/p\u003e"
}
],
"value": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1004",
"description": "CWE-1004 Sensitive Cookie Without \u0027HttpOnly\u0027 Flag",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T03:52:12.002Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2NGA001423\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Session cookie exposure for client side script",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2023-2876",
"datePublished": "2023-06-13T03:52:12.002Z",
"dateReserved": "2023-05-24T17:41:29.260Z",
"dateUpdated": "2025-01-03T02:00:22.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…