{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-09T12:06:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.matrixssl.org/news.html"}, {"name": "RHSA-2013:0587", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "FEDORA-2013-4403", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"name": "TA13-051A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"name": "oval:org.mitre.oval:def:19016", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"name": "MDVSA-2013:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"name": "55139", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55139"}, {"name": "55322", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55322"}, {"name": "oval:org.mitre.oval:def:19608", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}, {"tags": ["x_refsource_MISC"], "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"name": "openSUSE-SU-2013:0378", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"name": "DSA-2622", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2622"}, {"name": "57778", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57778"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"name": "RHSA-2013:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"name": "55351", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55351"}, {"name": "HPSBUX02856", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"name": "SSRT101289", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "openSUSE-SU-2016:0640", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"name": "SSRT101108", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SUSE-SU-2013:0328", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"name": "RHSA-2013:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"name": "USN-1735-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"name": "SUSE-SU-2014:0320", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"name": "HPSBUX02857", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"name": "53623", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53623"}, {"name": "SUSE-SU-2013:0701", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"name": "VU#737740", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/737740"}, {"name": "oval:org.mitre.oval:def:19424", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"name": "HPSBUX02909", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "DSA-2621", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2621"}, {"name": "RHSA-2013:0783", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"name": "HPSBMU02874", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "APPLE-SA-2013-09-12-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"name": "55108", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55108"}, {"name": "RHSA-2013:0782", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"name": "HPSBOV02852", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SSRT101103", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "SSRT101104", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"name": "SUSE-SU-2015:0578", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "openSUSE-SU-2013:0375", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"name": "oval:org.mitre.oval:def:19540", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"name": "1029190", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029190"}, {"name": "oval:org.mitre.oval:def:18841", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"name": "RHSA-2013:1456", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT5880"}, {"name": "SSRT101184", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "55350", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55350"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0169", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"name": "http://www.matrixssl.org/news.html", "refsource": "CONFIRM", "url": "http://www.matrixssl.org/news.html"}, {"name": "RHSA-2013:0587", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"name": "GLSA-201406-32", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "FEDORA-2013-4403", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"name": "TA13-051A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"name": "oval:org.mitre.oval:def:19016", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"name": "MDVSA-2013:095", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"name": "55139", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55139"}, {"name": "55322", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55322"}, {"name": "oval:org.mitre.oval:def:19608", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"name": "http://www.openssl.org/news/secadv_20130204.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"name": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", "refsource": "MISC", "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", "refsource": "CONFIRM", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}, {"name": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "refsource": "MISC", "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"name": "openSUSE-SU-2013:0378", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"name": "DSA-2622", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2622"}, {"name": "57778", "refsource": "BID", "url": "http://www.securityfocus.com/bid/57778"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"name": "RHSA-2013:1455", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"name": "55351", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55351"}, {"name": "HPSBUX02856", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"name": "https://puppet.com/security/cve/cve-2013-0169", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"name": "SSRT101289", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"name": "SSRT101108", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SUSE-SU-2013:0328", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"name": "RHSA-2013:0833", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"name": "USN-1735-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"name": "SUSE-SU-2014:0320", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"name": "HPSBUX02857", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"name": "53623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/53623"}, {"name": "SUSE-SU-2013:0701", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"name": "VU#737740", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/737740"}, {"name": "oval:org.mitre.oval:def:19424", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"name": "HPSBUX02909", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "DSA-2621", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2621"}, {"name": "RHSA-2013:0783", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"name": "HPSBMU02874", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "APPLE-SA-2013-09-12-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"name": "55108", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55108"}, {"name": "RHSA-2013:0782", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"name": "HPSBOV02852", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SSRT101103", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "SSRT101104", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"name": "SUSE-SU-2015:0578", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "openSUSE-SU-2013:0375", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"name": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "refsource": "CONFIRM", "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"name": "oval:org.mitre.oval:def:19540", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"name": "1029190", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029190"}, {"name": "oval:org.mitre.oval:def:18841", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"name": "http://www.splunk.com/view/SP-CAAAHXG", "refsource": "CONFIRM", "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"name": "RHSA-2013:1456", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"name": "http://support.apple.com/kb/HT5880", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT5880"}, {"name": "SSRT101184", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "55350", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55350"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:18:09.503Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.matrixssl.org/news.html"}, {"name": "RHSA-2013:0587", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"name": "GLSA-201406-32", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"name": "FEDORA-2013-4403", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"name": "TA13-051A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"name": "oval:org.mitre.oval:def:19016", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"name": "MDVSA-2013:095", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"name": "55139", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55139"}, {"name": "55322", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55322"}, {"name": "oval:org.mitre.oval:def:19608", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"name": "openSUSE-SU-2013:0378", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"name": "DSA-2622", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2622"}, {"name": "57778", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57778"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"name": "[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"name": "RHSA-2013:1455", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"name": "55351", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55351"}, {"name": "HPSBUX02856", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"name": "SSRT101289", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "openSUSE-SU-2016:0640", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"name": "SSRT101108", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SUSE-SU-2013:0328", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"name": "RHSA-2013:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"name": "USN-1735-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"name": "SUSE-SU-2014:0320", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"name": "HPSBUX02857", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"name": "53623", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/53623"}, {"name": "SUSE-SU-2013:0701", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"name": "VU#737740", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/737740"}, {"name": "oval:org.mitre.oval:def:19424", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"name": "HPSBUX02909", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"name": "DSA-2621", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2621"}, {"name": "RHSA-2013:0783", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"name": "HPSBMU02874", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "APPLE-SA-2013-09-12-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"name": "55108", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55108"}, {"name": "RHSA-2013:0782", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"name": "HPSBOV02852", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"name": "SSRT101103", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"name": "SSRT101104", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"name": "SUSE-SU-2015:0578", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"name": "openSUSE-SU-2013:0375", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"name": "oval:org.mitre.oval:def:19540", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"name": "1029190", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1029190"}, {"name": "oval:org.mitre.oval:def:18841", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"name": "RHSA-2013:1456", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT5880"}, {"name": "SSRT101184", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"name": "55350", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55350"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0169", "datePublished": "2013-02-08T19:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:18:09.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C2F01ED-AB65-4006-AE2A-E9F73791D436", "versionEndIncluding": "0.9.8x", "versionStartIncluding": "0.9.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "581DC050-33FB-408D-AB43-D3D796BCBBDE", "versionEndIncluding": "1.0.0j", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E6874F-3469-4173-92DE-1E90F0B241FB", "versionEndIncluding": "1.0.1d", "versionStartIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "5C58642D-8504-4D3B-A411-96B83CFCD05D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*", "matchCriteriaId": "603BED29-3B3F-49AD-A518-E68B40AE8484", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*", "matchCriteriaId": "0F03670F-559C-433D-8AE8-A3C16F05E1D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*", "matchCriteriaId": "3A294535-7190-4C33-910D-0520F575D800", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*", "matchCriteriaId": "52A6300A-98F2-4E5A-909E-895A6C5B1D04", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*", "matchCriteriaId": "2280FB93-81A0-4BF4-AD7E-C9EAD277B379", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*", "matchCriteriaId": "1E42E405-91ED-4F41-A2EE-CECB27EB4951", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*", "matchCriteriaId": "11BCE518-1A35-44DE-9B40-B89E7637F830", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*", "matchCriteriaId": "46D0BB1F-FA76-4185-ACD4-587DFB24CFF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*", "matchCriteriaId": "D27FDDD5-083F-4A83-836F-BDCEB94894FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*", "matchCriteriaId": "30BF0C2F-BF35-41B8-BC6A-F2DACE6A9A32", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*", "matchCriteriaId": "EE05CDF7-1C43-46BF-9A7E-56B31BC1C837", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*", "matchCriteriaId": "A520D505-7BDC-4E82-8A43-7C50AEE2B222", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*", "matchCriteriaId": "5ADF3C32-6663-4003-B7D6-CE3D02AFF45E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*", "matchCriteriaId": "F15C4440-6283-433E-998E-856DA7ED4DB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*", "matchCriteriaId": "C729FF50-6E41-4CEB-888A-E0FBD69B7897", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*", "matchCriteriaId": "EB0AB341-46CE-4851-899A-B09C81A9792E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*", "matchCriteriaId": "68EF7AC1-0179-4E10-89DD-5DA33682B3F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*", "matchCriteriaId": "243726CF-F79A-4487-8807-FFA0AC86760B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*", "matchCriteriaId": "5DECF6EC-B787-4CBA-936C-527864B504DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*", "matchCriteriaId": "3C70C7D7-4E28-49D9-A007-EB186E85E5B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*", "matchCriteriaId": "99B2B1A1-C3E5-4A32-8F5A-4BA8664E7537", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*", "matchCriteriaId": "3F57C81C-446F-462C-BB64-65F87D1AA28F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*", "matchCriteriaId": "7CFFA025-08DC-4AEF-AAE3-B20ECCB0946E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*", "matchCriteriaId": "ACBA03CE-2EF2-4C51-B796-54C65C3CFBCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*", "matchCriteriaId": "085241E5-F958-43DD-AB0A-35EAF6954CB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*", "matchCriteriaId": "20CD7414-1D66-4311-90FB-5D53C0C22D82", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*", "matchCriteriaId": "6DCB646B-3F17-427D-AE89-039FCA1F6D7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*", "matchCriteriaId": "FA2AB84A-05D5-4091-B225-7762A73D45BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*", "matchCriteriaId": "5A5A15F9-5047-4BB9-9B3E-A00998B6E7C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*", "matchCriteriaId": "11A0378E-0D41-4FE0-8DAF-A01B66D814DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*", "matchCriteriaId": "942C51A3-87AC-4DB5-BAB9-3771A19C472A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*", "matchCriteriaId": "C34819D3-615F-4CEE-BEAA-CE48BC2E53BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*", "matchCriteriaId": "D97A141E-5FC0-4B79-ABAA-82F6DE857625", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*", "matchCriteriaId": "D32EAE02-B313-47AC-A1A3-BBF58A692E02", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*", "matchCriteriaId": "81EA5E3B-7EA9-45A4-9B69-2DD96471A731", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*", "matchCriteriaId": "27DED59D-C293-4D36-B194-B1645CD798C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*", "matchCriteriaId": "DC3ADCB9-C4B7-4D30-932B-415C317870F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*", "matchCriteriaId": "06FB52F8-8702-4795-BA47-28A1D007952F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*", "matchCriteriaId": "3FDD48A5-9956-4AE6-9899-40D0830719FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*", "matchCriteriaId": "875DAD00-C396-4F45-8C39-843686D5C3DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*", "matchCriteriaId": "F45FA1E6-D848-482B-BB3F-5B02E837EE60", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*", "matchCriteriaId": "94A59C56-6A9B-4630-ACBD-45359451120D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*", "matchCriteriaId": "795C1133-BF5E-4B07-A448-13EFAFEED9B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*", "matchCriteriaId": "DF20B7CE-1CD3-4D1E-9C5F-E9594A5135D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*", "matchCriteriaId": "3206CF31-0EF2-4351-A077-1F8935965492", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*", "matchCriteriaId": "D2E1A163-7376-41C9-A0FF-C8C3B192B73A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "131EF818-747C-47F0-A69B-7F55CCA93F9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "B86C938F-CE5E-4955-8702-ABE9B635E337", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*", "matchCriteriaId": "B8DC2818-EBB5-4A14-9468-57737B04F5A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*", "matchCriteriaId": "F0D9D498-444E-4E92-B2A1-C8D72FA59F50", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*", "matchCriteriaId": "4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*", "matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*", "matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."}, {"lang": "es", "value": "El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se utiliza en OpenSSL, OpenJDK, PolarSSL, y otros productos, no considera adecuadamente ataques a un requisito de verificaci\u00f3n MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperaci\u00f3n de texto plano trav\u00e9s del an\u00e1lisis estad\u00edstico de los datos de tiempo de los paquetes hechos a mano, tambi\u00e9n conocido como el \"Lucky Thirteen\" de emisi\u00f3n."}], "evaluatorComment": "Per http://www.openssl.org/news/vulnerabilities.html:\nFixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) \nFixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) \nFixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)\n\nAffected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y\n(The fix in 1.0.1d wasn't complete, so please use 1.0.1e or later)", "id": "CVE-2013-0169", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-08T19:55:01.030", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/53623"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55108"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55139"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55322"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55350"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55351"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT5880"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2621"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2622"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/737740"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.matrixssl.org/news.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/57778"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1029190"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://openwall.com/lists/oss-security/2013/02/05/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/53623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55322"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/55351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT5880"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2013/dsa-2622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/737740"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.matrixssl.org/news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.openssl.org/news/secadv_20130204.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/57778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1029190"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.splunk.com/view/SP-CAAAHXG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1735-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://puppet.com/security/cve/cve-2013-0169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0274", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.6.0-openjdk-1:1.6.0.0-1.35.1.11.8.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0275", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el5_9", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0587", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "openssl-0:0.9.8e-26.el5_9.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0273", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.6.0-openjdk-1:1.6.0.0-1.56.1.11.8.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0275", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "java-1.7.0-openjdk-1:1.7.0.9-2.3.7.1.el6_3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0587", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "openssl-0:1.0.0-27.el6_4.2", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-03-04T00:00:00Z"}, {"advisory": "RHSA-2013:0783", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2013-05-01T00:00:00Z"}, {"advisory": "RHSA-2013:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.1", "package": "openssl", "product_name": "Red Hat JBoss Enterprise Application Platform 6.1", "release_date": "2013-05-20T00:00:00Z"}, {"advisory": "RHSA-2013:0782", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2013-05-01T00:00:00Z"}, {"advisory": "RHSA-2013:1013", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.0", "package": "openssl", "product_name": "Red Hat JBoss Web Server 2.0", "release_date": "2013-07-03T00:00:00Z"}, {"advisory": "RHSA-2013:1455", "cpe": "cpe:/a:redhat:network_satellite:5.4::el5", "package": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4", "product_name": "Red Hat Network Satellite Server v 5.4", "release_date": "2013-10-23T00:00:00Z"}, {"advisory": "RHSA-2013:1456", "cpe": "cpe:/a:redhat:network_satellite:5.5::el5", "package": "java-1.6.0-ibm-1:1.6.0.14.0-1jpp.1.el6_4", "product_name": "Red Hat Network Satellite Server v 5.5", "release_date": "2013-10-23T00:00:00Z"}, {"advisory": "RHSA-2020:4298", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-kube-rbac-proxy:v4.6.0-202010061132.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}, {"advisory": "RHSA-2013:0636", "cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package": "rhev-hypervisor6-0:6.4-20130306.2.el6_4", "product_name": "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date": "2013-03-13T00:00:00Z"}, {"advisory": "RHSA-2014:0416", "cpe": "cpe:/a:redhat:rhev_manager:3", "package": "spice-client-msi-0:3.3-12", "product_name": "RHEV Manager version 3.3", "release_date": "2014-04-17T00:00:00Z"}, {"advisory": "RHSA-2013:0531", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-sun-1:1.6.0.41-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0532", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-oracle-1:1.7.0.15-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0822", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.4.2-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-05-14T00:00:00Z"}, {"advisory": "RHSA-2013:0823", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.13.2-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-05-14T00:00:00Z"}, {"advisory": "RHSA-2013:0855", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-ibm-1:1.5.0.16.2-1jpp.1.el5_9", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2013-05-22T00:00:00Z"}, {"advisory": "RHSA-2013:0531", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-sun-1:1.6.0.41-1jpp.1.el6_3", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0532", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-oracle-1:1.7.0.15-1jpp.1.el6_3", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}, {"advisory": "RHSA-2013:0822", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.0-ibm-1:1.7.0.4.2-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-05-14T00:00:00Z"}, {"advisory": "RHSA-2013:0823", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.13.2-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-05-14T00:00:00Z"}, {"advisory": "RHSA-2013:0855", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.5.0-ibm-1:1.5.0.16.2-1jpp.1.el6_4", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2013-05-22T00:00:00Z"}], "bugzilla": {"description": "SSL/TLS: CBC padding timing attack (lucky-13)", "id": "907589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=907589"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."], "mitigation": {"lang": "en:us", "value": "On OpenShift Container Platform 3.11 it's possible to edit the list of cipher suites offered by the router when performing 'edge', or 're-encrypt' TLS modes. Please follow the documentation [1], and [2] to remove the vulnerable CBC ciphers use the modern, or intermediate cipher suites outlined by Mozilla instead [3]. In 'passthrough' mode TLS termination occurs in the application so that is another way to mitigate the vulnerability.\n[1] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#obtaining-router-configuration-template\n[2] https://docs.openshift.com/container-platform/3.11/install_config/router/customized_haproxy_router.html#using-configmap-replace-template\n[3] https://wiki.mozilla.org/Security/Server_Side_TLS"}, "name": "CVE-2013-0169", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "openssl097a", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "openssl098e", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "eap-5", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "haproxy", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2013-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0169\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0169\nhttp://www.isg.rhul.ac.uk/tls/\nhttp://www.openssl.org/news/secadv_20130205.txt\nhttps://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"], "threat_severity": "Moderate"}

{}