Description
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Remediation
References
Related Vulnerabilities
Squid Improper Privilege Management Vulnerability (CVE-2019-12522)
WordPress Plugin Tera Charts Cross-Site Scripting (1.0)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1606)
SharePoint CVE-2022-37961 Vulnerability (CVE-2022-37961)
Apache HTTP Server CVE-2014-0098 Vulnerability (CVE-2014-0098)