CVE-2013-0169 : Detail

CVE-2013-0169

A02-Cryptographic Failures
1.29%V4
Network
2013-02-08
18h00 +00:00
2019-07-09
10h06 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-310 Category : Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Metrics

Metrics Score Severity CVSS Vector Source
V2 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Products Mentioned

Configuraton 0

Openssl>>Openssl >> Version From (including) 0.9.8 To (including) 0.9.8x

Openssl>>Openssl >> Version From (including) 1.0.0 To (including) 1.0.0j

Openssl>>Openssl >> Version From (including) 1.0.1 To (including) 1.0.1d

Configuraton 0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.6.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Oracle>>Openjdk >> Version 1.7.0

Configuraton 0

Polarssl>>Polarssl >> Version 0.10.0

Polarssl>>Polarssl >> Version 0.10.1

Polarssl>>Polarssl >> Version 0.11.0

Polarssl>>Polarssl >> Version 0.11.1

Polarssl>>Polarssl >> Version 0.12.0

Polarssl>>Polarssl >> Version 0.12.1

Polarssl>>Polarssl >> Version 0.13.1

Polarssl>>Polarssl >> Version 0.14.0

Polarssl>>Polarssl >> Version 0.14.2

Polarssl>>Polarssl >> Version 0.14.3

Polarssl>>Polarssl >> Version 0.99

Polarssl>>Polarssl >> Version 0.99

Polarssl>>Polarssl >> Version 0.99

Polarssl>>Polarssl >> Version 0.99

Polarssl>>Polarssl >> Version 1.0.0

Polarssl>>Polarssl >> Version 1.1.0

Polarssl>>Polarssl >> Version 1.1.0

Polarssl>>Polarssl >> Version 1.1.0

Polarssl>>Polarssl >> Version 1.1.1

Polarssl>>Polarssl >> Version 1.1.2

Polarssl>>Polarssl >> Version 1.1.3

Polarssl>>Polarssl >> Version 1.1.4

References

http://www.matrixssl.org/news.html
Tags : x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0587.html
Tags : vendor-advisory, x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-201406-32.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://www.us-cert.gov/cas/techalerts/TA13-051A.html
Tags : third-party-advisory, x_refsource_CERT
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Tags : vendor-advisory, x_refsource_MANDRIVA
http://secunia.com/advisories/55139
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/55322
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2013/dsa-2622
Tags : vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/57778
Tags : vdb-entry, x_refsource_BID
http://openwall.com/lists/oss-security/2013/02/05/24
Tags : mailing-list, x_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Tags : vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/55351
Tags : third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=136396549913849&w=2
Tags : vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=137545771702053&w=2
Tags : vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=136432043316835&w=2
Tags : vendor-advisory, x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2013-0833.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1735-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=136439120408139&w=2
Tags : vendor-advisory, x_refsource_HP
http://secunia.com/advisories/53623
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/737740
Tags : third-party-advisory, x_refsource_CERT-VN
http://marc.info/?l=bugtraq&m=137545771702053&w=2
Tags : vendor-advisory, x_refsource_HP
http://www.debian.org/security/2013/dsa-2621
Tags : vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2013-0783.html
Tags : vendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136733161405818&w=2
Tags : vendor-advisory, x_refsource_HP
http://secunia.com/advisories/55108
Tags : third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0782.html
Tags : vendor-advisory, x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=136432043316835&w=2
Tags : vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=136439120408139&w=2
Tags : vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=136396549913849&w=2
Tags : vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id/1029190
Tags : vdb-entry, x_refsource_SECTRACK
http://www.splunk.com/view/SP-CAAAHXG
Tags : x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-1456.html
Tags : vendor-advisory, x_refsource_REDHAT
http://support.apple.com/kb/HT5880
Tags : x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=136733161405818&w=2
Tags : vendor-advisory, x_refsource_HP
http://secunia.com/advisories/55350
Tags : third-party-advisory, x_refsource_SECUNIA