Description

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Remediation

References

CVE-2013-1620

Related Vulnerabilities

MySQL CVE-2015-0391 Vulnerability (CVE-2015-0391)

WordPress Plugin AccessPress Social Login Lite-Social Login WordPress includes Backdoor [Only if downloaded via the vendor website] (3.4.7)

WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)

WordPress Plugin Check & Log Email Cross-Site Scripting (0.5.1)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0122)

Severity

Medium

Classification

CVE-2013-1620 CWE-203

Tags

Missing Update Known Vulnerabilities