Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Observable Discrepancy The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Products Mentioned
Configuraton 0
Mozilla>>Network_security_services >> Version To (excluding) 3.14.3
- Mozilla>>Network_security_services >> Version - (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.1.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.2.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.3 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.3.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.3.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.4 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.4.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.4.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.4.3 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.5 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.6 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.6.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.7 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.7.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.7.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.7.3 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.7.5 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.7.7 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.8 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.9 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.9.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.9.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.9.3 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.9.4 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.9.5 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.10 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.10.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.10.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.3 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.4 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.5 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.6 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.7 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.8 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.9 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.11.10 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.3 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.3.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.3.2 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.4 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.5 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.6 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.7 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.8 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.9 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.10 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.12.11 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.14 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.14.1 (Open CPE detail)
- Mozilla>>Network_security_services >> Version 3.14.2 (Open CPE detail)
Configuraton 0
Canonical>>Ubuntu_linux >> Version 10.04
- Canonical>>Ubuntu_linux >> Version 10.04 (Open CPE detail)
Canonical>>Ubuntu_linux >> Version 11.10
- Canonical>>Ubuntu_linux >> Version 11.10 (Open CPE detail)
Canonical>>Ubuntu_linux >> Version 12.04
- Canonical>>Ubuntu_linux >> Version 12.04 (Open CPE detail)
Canonical>>Ubuntu_linux >> Version 12.10
- Canonical>>Ubuntu_linux >> Version 12.10 (Open CPE detail)
Configuraton 0
Oracle>>Enterprise_manager_ops_center >> Version 11.1
- Oracle>>Enterprise_manager_ops_center >> Version 11.1 (Open CPE detail)
Oracle>>Enterprise_manager_ops_center >> Version 12.1
- Oracle>>Enterprise_manager_ops_center >> Version 12.1 (Open CPE detail)
Oracle>>Enterprise_manager_ops_center >> Version 12.2
- Oracle>>Enterprise_manager_ops_center >> Version 12.2 (Open CPE detail)
Oracle>>Glassfish_communications_server >> Version 2.0
- Oracle>>Glassfish_communications_server >> Version 2.0 (Open CPE detail)
Oracle>>Glassfish_server >> Version 2.1.1
- Oracle>>Glassfish_server >> Version 2.1.1 (Open CPE detail)
Oracle>>Iplanet_web_proxy_server >> Version 4.0
- Oracle>>Iplanet_web_proxy_server >> Version 4.0 (Open CPE detail)
Oracle>>Iplanet_web_server >> Version 6.1
- Oracle>>Iplanet_web_server >> Version 6.1 (Open CPE detail)
Oracle>>Iplanet_web_server >> Version 7.0
- Oracle>>Iplanet_web_server >> Version 7.0 (Open CPE detail)
Oracle>>Opensso >> Version 3.0-03
- Oracle>>Opensso >> Version 3.0-03 (Open CPE detail)
Oracle>>Traffic_director >> Version 11.1.1.6.0
- Oracle>>Traffic_director >> Version 11.1.1.6.0 (Open CPE detail)
Oracle>>Traffic_director >> Version 11.1.1.7.0
- Oracle>>Traffic_director >> Version 11.1.1.7.0 (Open CPE detail)
Oracle>>Vm_server >> Version 3.2
- Oracle>>Vm_server >> Version 3.2 (Open CPE detail)
Configuraton 0
Redhat>>Enterprise_linux_desktop >> Version 5.0
- Redhat>>Enterprise_linux_desktop >> Version 5.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 6.0
- Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_eus >> Version 5.9
- Redhat>>Enterprise_linux_eus >> Version 5.9 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 5.0
- Redhat>>Enterprise_linux_server >> Version 5.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 6.0
- Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server_aus >> Version 5.9
- Redhat>>Enterprise_linux_server_aus >> Version 5.9 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 5.0
- Redhat>>Enterprise_linux_workstation >> Version 5.0 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 6.0
- Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
- Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
References
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
2025©
tesweb SA
