Description

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

Remediation

References

CVE-2013-0169

Related Vulnerabilities

WordPress Plugin WP Email Template PHP Object Injection (2.4.0)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14475)

Osclass Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-0973)

Microsoft SQL Server Other Vulnerability (CVE-2000-1088)

Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)

Severity

Low

Classification

CVE-2013-0169

Tags

Missing Update Known Vulnerabilities