CVE-2013-0169 - Vulnerability Details

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openssl	Openssl
Oracle	Openjdk
Polarssl	Polarssl
Redhat	Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Web Server Network Satellite Openshift Rhel Extras Rhev Manager

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl::::::::

Configuration 2 [-]

OR	cpe:2.3:a:oracle:openjdk:1.6.0:-::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update1::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update10::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update11::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update12::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update13::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update14::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update15::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update16::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update17::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update18::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update19::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update2::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update20::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update21::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update22::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update23::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update24::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update25::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update26::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update27::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update29::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update3::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update30::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update31::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update32::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update33::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update34::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update35::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update37::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update38::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update4::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update5::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update6::::::
	cpe:2.3:a:oracle:openjdk:1.6.0:update7::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:-::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update1::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update10::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update11::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update13::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update2::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update3::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update4::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update5::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update6::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update7::::::
	cpe:2.3:a:oracle:openjdk:1.7.0:update9::::::

Configuration 3 [-]

OR	cpe:2.3:a:polarssl:polarssl:0.10.0:::::::*
	cpe:2.3:a:polarssl:polarssl:0.10.1:::::::*
	cpe:2.3:a:polarssl:polarssl:0.11.0:::::::*
	cpe:2.3:a:polarssl:polarssl:0.11.1:::::::*
	cpe:2.3:a:polarssl:polarssl:0.12.0:::::::*
	cpe:2.3:a:polarssl:polarssl:0.12.1:::::::*
	cpe:2.3:a:polarssl:polarssl:0.13.1:::::::*
	cpe:2.3:a:polarssl:polarssl:0.14.0:::::::*
	cpe:2.3:a:polarssl:polarssl:0.14.2:::::::*
	cpe:2.3:a:polarssl:polarssl:0.14.3:::::::*
	cpe:2.3:a:polarssl:polarssl:0.99:pre1::::::
	cpe:2.3:a:polarssl:polarssl:0.99:pre3::::::
	cpe:2.3:a:polarssl:polarssl:0.99:pre4::::::
	cpe:2.3:a:polarssl:polarssl:0.99:pre5::::::
	cpe:2.3:a:polarssl:polarssl:1.0.0:::::::*
	cpe:2.3:a:polarssl:polarssl:1.1.0:::::::*
	cpe:2.3:a:polarssl:polarssl:1.1.0:rc0::::::
	cpe:2.3:a:polarssl:polarssl:1.1.0:rc1::::::
	cpe:2.3:a:polarssl:polarssl:1.1.1:::::::*
	cpe:2.3:a:polarssl:polarssl:1.1.2:::::::*
	cpe:2.3:a:polarssl:polarssl:1.1.3:::::::*
	cpe:2.3:a:polarssl:polarssl:1.1.4:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
java-1.6.0-openjdk-1:1.6.0.0-1.35.1.11.8.el5_9	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0274	2013-02-20T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el5_9	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0275	2013-02-20T00:00:00Z
openssl-0:0.9.8e-26.el5_9.1	cpe:/o:redhat:enterprise_linux:5	RHSA-2013:0587	2013-03-04T00:00:00Z
Red Hat Enterprise Linux 6
java-1.6.0-openjdk-1:1.6.0.0-1.56.1.11.8.el6_3	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0273	2013-02-20T00:00:00Z
java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el6_3	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0275	2013-02-20T00:00:00Z
openssl-0:1.0.0-27.el6_4.2	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0587	2013-03-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5.2
	cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0	RHSA-2013:0783	2013-05-01T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.1
openssl	cpe:/a:redhat:jboss_enterprise_application_platform:6.1	RHSA-2013:0833	2013-05-20T00:00:00Z
Red Hat JBoss Web Platform 5.2
	cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0	RHSA-2013:0782	2013-05-01T00:00:00Z
Red Hat JBoss Web Server 2.0
openssl	cpe:/a:redhat:jboss_enterprise_web_server:2.0	RHSA-2013:1013	2013-07-03T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4	cpe:/a:redhat:network_satellite:5.4::el5	RHSA-2013:1455	2013-10-23T00:00:00Z
Red Hat Network Satellite Server v 5.5
java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4	cpe:/a:redhat:network_satellite:5.5::el5	RHSA-2013:1456	2013-10-23T00:00:00Z
Red Hat OpenShift Container Platform 4.6
openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0	cpe:/a:redhat:openshift:4.6::el8	RHSA-2020:4298	2020-10-27T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-6
rhev-hypervisor6-0:6.4-20130306.2.el6_4	cpe:/o:redhat:enterprise_linux:6::hypervisor	RHSA-2013:0636	2013-03-13T00:00:00Z
RHEV Manager version 3.3
spice-client-msi-0:3.3-12	cpe:/a:redhat:rhev_manager:3	RHSA-2014:0416	2014-04-17T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.41-1jpp.1.el5_9	cpe:/a:redhat:rhel_extras:5	RHSA-2013:0531	2013-02-20T00:00:00Z
java-1.7.0-oracle-1:1.7.0.15-1jpp.1.el5_9	cpe:/a:redhat:rhel_extras:5	RHSA-2013:0532	2013-02-20T00:00:00Z
java-1.7.0-ibm-1:1.7.0.4.2-1jpp.1.el5_9	cpe:/a:redhat:rhel_extras:5	RHSA-2013:0822	2013-05-14T00:00:00Z
java-1.6.0-ibm-1:1.6.0.13.2-1jpp.1.el5_9	cpe:/a:redhat:rhel_extras:5	RHSA-2013:0823	2013-05-14T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.2-1jpp.1.el5_9	cpe:/a:redhat:rhel_extras:5	RHSA-2013:0855	2013-05-22T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
java-1.6.0-sun-1:1.6.0.41-1jpp.1.el6_3	cpe:/a:redhat:rhel_extras:6	RHSA-2013:0531	2013-02-20T00:00:00Z
java-1.7.0-oracle-1:1.7.0.15-1jpp.1.el6_3	cpe:/a:redhat:rhel_extras:6	RHSA-2013:0532	2013-02-20T00:00:00Z
java-1.7.0-ibm-1:1.7.0.4.2-1jpp.1.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:0822	2013-05-14T00:00:00Z
java-1.6.0-ibm-1:1.6.0.13.2-1jpp.1.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:0823	2013-05-14T00:00:00Z
java-1.5.0-ibm-1:1.5.0.16.2-1jpp.1.el6_4	cpe:/a:redhat:rhel_extras:6	RHSA-2013:0855	2013-05-22T00:00:00Z

References

Link	Providers
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=136396549913849&w=2
http://marc.info/?l=bugtraq&m=136432043316835&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=137545771702053&w=2
http://openwall.com/lists/oss-security/2013/02/05/24
http://rhn.redhat.com/errata/RHSA-2013-0587.html
http://rhn.redhat.com/errata/RHSA-2013-0782.html
http://rhn.redhat.com/errata/RHSA-2013-0783.html
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://secunia.com/advisories/53623
http://secunia.com/advisories/55108
http://secunia.com/advisories/55139
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.apple.com/kb/HT5880
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
http://www.debian.org/security/2013/dsa-2621
http://www.debian.org/security/2013/dsa-2622
http://www.isg.rhul.ac.uk/tls/
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
http://www.kb.cert.org/vuls/id/737740
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
http://www.matrixssl.org/news.html
http://www.openssl.org/news/secadv_20130204.txt
http://www.openssl.org/news/secadv_20130205.txt
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html
http://www.securityfocus.com/bid/57778
http://www.securitytracker.com/id/1029190
http://www.splunk.com/view/SP-CAAAHXG
http://www.ubuntu.com/usn/USN-1735-1
http://www.us-cert.gov/cas/techalerts/TA13-051A.html
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
https://nvd.nist.gov/vuln/detail/CVE-2013-0169
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
https://puppet.com/security/cve/cve-2013-0169
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
https://www.cve.org/CVERecord?id=CVE-2013-0169

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01022}`	epss `{'score': 0.01291}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-08T19:00:00

Updated: 2024-08-06T14:18:09.503Z

Reserved: 2012-12-06T00:00:00

Link: CVE-2013-0169

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-02-08T19:55:01.030

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-0169

Redhat

Severity : Moderate

Publid Date: 2013-02-04T00:00:00Z

Links: CVE-2013-0169 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-09T12:06:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.matrixssl.org/news.html"}, {"name": "RHSA-2013:0587", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "FEDORA-2013-4403", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"name": "TA13-051A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"name": "oval:org.mitre.oval:def:19016", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"name": "MDVSA-2013:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"name": "55139", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55139"}, {"name": "55322", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55322"}, {"name": "oval:org.mitre.oval:def:19608", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}, {"tags": ["x_refsource_MISC"], "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"name": "openSUSE-SU-2013:0378", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"name": "DSA-2622", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2622"}, {"name": "57778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57778"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"name": "RHSA-2013:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"name": "55351", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55351"}, {"name": "HPSBUX02856", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"name": "SSRT101289", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "openSUSE-SU-2016:0640", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"name": "SSRT101108", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SUSE-SU-2013:0328", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"name": "RHSA-2013:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"name": "USN-1735-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"name": "SUSE-SU-2014:0320", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"name": "HPSBUX02857", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"name": "53623", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53623"}, {"name": "SUSE-SU-2013:0701", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"name": "VU#737740", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/737740"}, {"name": "oval:org.mitre.oval:def:19424", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"name": "HPSBUX02909", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "DSA-2621", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2621"}, {"name": "RHSA-2013:0783", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"name": "HPSBMU02874", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "APPLE-SA-2013-09-12-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"name": "55108", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55108"}, {"name": "RHSA-2013:0782", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"name": "HPSBOV02852", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SSRT101103", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "SSRT101104", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"name": "SUSE-SU-2015:0578", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "openSUSE-SU-2013:0375", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"name": "oval:org.mitre.oval:def:19540", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"name": "1029190", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029190"}, {"name": "oval:org.mitre.oval:def:18841", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"name": "RHSA-2013:1456", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT5880"}, {"name": "SSRT101184", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "55350", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55350"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0169", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"name": "http://www.matrixssl.org/news.html", "refsource": "CONFIRM", "url": "http://www.matrixssl.org/news.html"}, {"name": "RHSA-2013:0587", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"name": "GLSA-201406-32", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "FEDORA-2013-4403", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"name": "TA13-051A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"name": "oval:org.mitre.oval:def:19016", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"name": "MDVSA-2013:095", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"name": "55139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55139"}, {"name": "55322", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55322"}, {"name": "oval:org.mitre.oval:def:19608", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"name": "http://www.openssl.org/news/secadv_20130204.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", "refsource": "MISC", "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", "refsource": "CONFIRM", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}, {"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "refsource": "MISC", "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"name": "openSUSE-SU-2013:0378", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"name": "DSA-2622", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2622"}, {"name": "57778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/57778"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"name": "RHSA-2013:1455", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"name": "55351", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55351"}, {"name": "HPSBUX02856", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"name": "https://puppet.com/security/cve/cve-2013-0169", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"name": "SSRT101289", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"name": "SSRT101108", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SUSE-SU-2013:0328", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"name": "RHSA-2013:0833", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"name": "USN-1735-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"name": "SUSE-SU-2014:0320", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"name": "HPSBUX02857", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"name": "53623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53623"}, {"name": "SUSE-SU-2013:0701", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"name": "VU#737740", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/737740"}, {"name": "oval:org.mitre.oval:def:19424", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"name": "HPSBUX02909", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "DSA-2621", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2621"}, {"name": "RHSA-2013:0783", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"name": "HPSBMU02874", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "APPLE-SA-2013-09-12-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"name": "55108", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55108"}, {"name": "RHSA-2013:0782", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"name": "HPSBOV02852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SSRT101103", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "SSRT101104", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"name": "SUSE-SU-2015:0578", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "openSUSE-SU-2013:0375", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "refsource": "CONFIRM", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"name": "oval:org.mitre.oval:def:19540", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"name": "1029190", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029190"}, {"name": "oval:org.mitre.oval:def:18841", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"name": "http://www.splunk.com/view/SP-CAAAHXG", "refsource": "CONFIRM", "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"name": "RHSA-2013:1456", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"name": "http://support.apple.com/kb/HT5880", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5880"}, {"name": "SSRT101184", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "55350", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55350"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.503Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.matrixssl.org/news.html"}, {"name": "RHSA-2013:0587", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "FEDORA-2013-4403", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"name": "TA13-051A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"name": "oval:org.mitre.oval:def:19016", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"name": "MDVSA-2013:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"name": "55139", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55139"}, {"name": "55322", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55322"}, {"name": "oval:org.mitre.oval:def:19608", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"name": "openSUSE-SU-2013:0378", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"name": "DSA-2622", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2622"}, {"name": "57778", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57778"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"name": "RHSA-2013:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"name": "55351", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55351"}, {"name": "HPSBUX02856", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"name": "SSRT101289", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "openSUSE-SU-2016:0640", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"name": "SSRT101108", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SUSE-SU-2013:0328", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"name": "RHSA-2013:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"name": "USN-1735-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"name": "SUSE-SU-2014:0320", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"name": "HPSBUX02857", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"name": "53623", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/53623"}, {"name": "SUSE-SU-2013:0701", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"name": "VU#737740", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/737740"}, {"name": "oval:org.mitre.oval:def:19424", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"name": "HPSBUX02909", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "DSA-2621", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2621"}, {"name": "RHSA-2013:0783", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"name": "HPSBMU02874", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "APPLE-SA-2013-09-12-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"name": "55108", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55108"}, {"name": "RHSA-2013:0782", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"name": "HPSBOV02852", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SSRT101103", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "SSRT101104", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"name": "SUSE-SU-2015:0578", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "openSUSE-SU-2013:0375", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"name": "oval:org.mitre.oval:def:19540", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"name": "1029190", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029190"}, {"name": "oval:org.mitre.oval:def:18841", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"name": "RHSA-2013:1456", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT5880"}, {"name": "SSRT101184", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "55350", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55350"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0169", "datePublished": "2013-02-08T19:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C2F01ED-AB65-4006-AE2A-E9F73791D436", "versionEndIncluding": "0.9.8x", "versionStartIncluding": "0.9.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "581DC050-33FB-408D-AB43-D3D796BCBBDE", "versionEndIncluding": "1.0.0j", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E6874F-3469-4173-92DE-1E90F0B241FB", "versionEndIncluding": "1.0.1d", "versionStartIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "5C58642D-8504-4D3B-A411-96B83CFCD05D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*", "matchCriteriaId": "603BED29-3B3F-49AD-A518-E68B40AE8484", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*", "matchCriteriaId": "0F03670F-559C-433D-8AE8-A3C16F05E1D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*", "matchCriteriaId": "3A294535-7190-4C33-910D-0520F575D800", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*", "matchCriteriaId": "52A6300A-98F2-4E5A-909E-895A6C5B1D04", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*", "matchCriteriaId": "2280FB93-81A0-4BF4-AD7E-C9EAD277B379", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*", "matchCriteriaId": "1E42E405-91ED-4F41-A2EE-CECB27EB4951", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*", "matchCriteriaId": "11BCE518-1A35-44DE-9B40-B89E7637F830", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*", "matchCriteriaId": "46D0BB1F-FA76-4185-ACD4-587DFB24CFF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*", "matchCriteriaId": "D27FDDD5-083F-4A83-836F-BDCEB94894FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*", "matchCriteriaId": "30BF0C2F-BF35-41B8-BC6A-F2DACE6A9A32", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*", "matchCriteriaId": "EE05CDF7-1C43-46BF-9A7E-56B31BC1C837", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*", "matchCriteriaId": "A520D505-7BDC-4E82-8A43-7C50AEE2B222", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*", "matchCriteriaId": "5ADF3C32-6663-4003-B7D6-CE3D02AFF45E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*", "matchCriteriaId": "F15C4440-6283-433E-998E-856DA7ED4DB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*", "matchCriteriaId": "C729FF50-6E41-4CEB-888A-E0FBD69B7897", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*", "matchCriteriaId": "EB0AB341-46CE-4851-899A-B09C81A9792E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*", "matchCriteriaId": "68EF7AC1-0179-4E10-89DD-5DA33682B3F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*", "matchCriteriaId": "243726CF-F79A-4487-8807-FFA0AC86760B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*", "matchCriteriaId": "5DECF6EC-B787-4CBA-936C-527864B504DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*", "matchCriteriaId": "3C70C7D7-4E28-49D9-A007-EB186E85E5B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*", "matchCriteriaId": "99B2B1A1-C3E5-4A32-8F5A-4BA8664E7537", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*", "matchCriteriaId": "3F57C81C-446F-462C-BB64-65F87D1AA28F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*", "matchCriteriaId": "7CFFA025-08DC-4AEF-AAE3-B20ECCB0946E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*", "matchCriteriaId": "ACBA03CE-2EF2-4C51-B796-54C65C3CFBCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*", "matchCriteriaId": "085241E5-F958-43DD-AB0A-35EAF6954CB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*", "matchCriteriaId": "20CD7414-1D66-4311-90FB-5D53C0C22D82", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*", "matchCriteriaId": "6DCB646B-3F17-427D-AE89-039FCA1F6D7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*", "matchCriteriaId": "FA2AB84A-05D5-4091-B225-7762A73D45BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*", "matchCriteriaId": "5A5A15F9-5047-4BB9-9B3E-A00998B6E7C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*", "matchCriteriaId": "11A0378E-0D41-4FE0-8DAF-A01B66D814DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*", "matchCriteriaId": "942C51A3-87AC-4DB5-BAB9-3771A19C472A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*", "matchCriteriaId": "C34819D3-615F-4CEE-BEAA-CE48BC2E53BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*", "matchCriteriaId": "D97A141E-5FC0-4B79-ABAA-82F6DE857625", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*", "matchCriteriaId": "D32EAE02-B313-47AC-A1A3-BBF58A692E02", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*", "matchCriteriaId": "81EA5E3B-7EA9-45A4-9B69-2DD96471A731", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "27DED59D-C293-4D36-B194-B1645CD798C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*", "matchCriteriaId": "DC3ADCB9-C4B7-4D30-932B-415C317870F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*", "matchCriteriaId": "06FB52F8-8702-4795-BA47-28A1D007952F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*", "matchCriteriaId": "3FDD48A5-9956-4AE6-9899-40D0830719FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "875DAD00-C396-4F45-8C39-843686D5C3DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "F45FA1E6-D848-482B-BB3F-5B02E837EE60", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "94A59C56-6A9B-4630-ACBD-45359451120D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "795C1133-BF5E-4B07-A448-13EFAFEED9B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "DF20B7CE-1CD3-4D1E-9C5F-E9594A5135D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*", "matchCriteriaId": "3206CF31-0EF2-4351-A077-1F8935965492", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*", "matchCriteriaId": "D2E1A163-7376-41C9-A0FF-C8C3B192B73A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "131EF818-747C-47F0-A69B-7F55CCA93F9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "B86C938F-CE5E-4955-8702-ABE9B635E337", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "B8DC2818-EBB5-4A14-9468-57737B04F5A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*", "matchCriteriaId": "F0D9D498-444E-4E92-B2A1-C8D72FA59F50", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*", "matchCriteriaId": "4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*", "matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*", "matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."}, {"lang": "es", "value": "El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se utiliza en OpenSSL, OpenJDK, PolarSSL, y otros productos, no considera adecuadamente ataques a un requisito de verificaci\u00f3n MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperaci\u00f3n de texto plano trav\u00e9s del an\u00e1lisis estad\u00edstico de los datos de tiempo de los paquetes hechos a mano, tambi\u00e9n conocido como el \"Lucky Thirteen\" de emisi\u00f3n."}], "evaluatorComment": "Per http://www.openssl.org/news/vulnerabilities.html:\nFixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) \nFixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) \nFixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)\n\nAffected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y\n(The fix in 1.0.1d wasn't complete, so please use 1.0.1e or later)", "id": "CVE-2013-0169", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-08T19:55:01.030", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/53623"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55108"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55139"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55322"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55350"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55351"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT5880"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2621"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2622"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/737740"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.matrixssl.org/news.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/57778"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1029190"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/53623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55322"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT5880"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/737740"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.matrixssl.org/news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/57778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1029190"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0274", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.6.0-openjdk-1:1.6.0.0-1.35.1.11.8.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0275", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0587", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "openssl-0:0.9.8e-26.el5_9.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0273", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.6.0-openjdk-1:1.6.0.0-1.56.1.11.8.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0275", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0587", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssl-0:1.0.0-27.el6_4.2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0783", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2013-05-01T00:00:00Z"}, {"advisory": "RHSA-2013:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.1", "package": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6.1", "release_date": "2013-05-20T00:00:00Z"}, {"advisory": "RHSA-2013:0782", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2013-05-01T00:00:00Z"}, {"advisory": "RHSA-2013:1013", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.0", "package": "openssl", "product_name": "Red Hat JBoss Web Server 2.0", "release_date": "2013-07-03T00:00:00Z"}, {"advisory": "RHSA-2013:1455", "cpe": "cpe:/a:redhat:network_satellite:5.4::el5", "package": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4", "product_name": "Red Hat Network Satellite Server v 5.4", "release_date": "2013-10-23T00:00:00Z"}, {"advisory": "RHSA-2013:1456", "cpe": "cpe:/a:redhat:network_satellite:5.5::el5", "package": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4", "product_name": "Red Hat Network Satellite Server v 5.5", "release_date": "2013-10-23T00:00:00Z"}, {"advisory": "RHSA-2020:4298", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}, {"advisory": "RHSA-2013:0636", "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package": "rhev-hypervisor6-0:6.4-20130306.2.el6_4", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2013-03-13T00:00:00Z"}, {"advisory": "RHSA-2014:0416", "cpe": "cpe:/a:redhat:rhev_manager:3", "package": "spice-client-msi-0:3.3-12", "product_name": "RHEV Manager version 3.3", "release_date": "2014-04-17T00:00:00Z"}, {"advisory": "RHSA-2013:0531", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-sun-1:1.6.0.41-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0532", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-oracle-1:1.7.0.15-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0822", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.4.2-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-05-14T00:00:00Z"}, {"advisory": "RHSA-2013:0823", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.13.2-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-05-14T00:00:00Z"}, {"advisory": "RHSA-2013:0855", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-ibm-1:1.5.0.16.2-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-05-22T00:00:00Z"}, {"advisory": "RHSA-2013:0531", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-sun-1:1.6.0.41-1jpp.1.el6_3", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0532", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-oracle-1:1.7.0.15-1jpp.1.el6_3", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0822", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-ibm-1:1.7.0.4.2-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-05-14T00:00:00Z"}, {"advisory": "RHSA-2013:0823", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.13.2-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-05-14T00:00:00Z"}, {"advisory": "RHSA-2013:0855", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.5.0-ibm-1:1.5.0.16.2-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-05-22T00:00:00Z"}], "bugzilla": {"description": "SSL/TLS: CBC padding timing attack (lucky-13)", "id": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."], "mitigation": {"lang": "en:us", "value": "On OpenShift Container Platform 3.11 it's possible to edit the list of cipher suites offered by the router when performing 'edge', or 're-encrypt' TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In 'passthrough' mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS"}, "name": "CVE-2013-0169", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "eap-5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2013-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0169\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0169\nhttp://www.isg.rhul.ac.uk/tls/\nhttp://www.openssl.org/news/secadv_20130205.txt\nhttps://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object