CVE-2013-1620

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Published: Feb 8, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1620
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

Affected Software
References

Software	From	Fixed in
mozilla / network_security_services	-	3.14.3
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	10.04	10.04.x
canonical / ubuntu_linux	12.04	12.04.x
oracle / glassfish_server	2.1.1	2.1.1.x
oracle / iplanet_web_proxy_server	4.0	4.0.x
oracle / traffic_director	11.1.1.7.0	11.1.1.7.0.x
oracle / iplanet_web_server	7.0	7.0.x
oracle / vm_server	3.2	3.2.x
oracle / glassfish_communications_server	2.0	2.0.x
oracle / enterprise_manager_ops_center	12.1	12.1.x
oracle / enterprise_manager_ops_center	12.2	12.2.x
oracle / iplanet_web_server	6.1	6.1.x
oracle / enterprise_manager_ops_center	11.1	11.1.x
oracle / opensso	3.0-03	3.0-03.x
oracle / traffic_director	11.1.1.6.0	11.1.1.6.0.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_server_aus	5.9	5.9.x
redhat / enterprise_linux_eus	5.9	5.9.x

Vulnerability Database

289,784

CVE-2013-1620