CVE-2013-1620 - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing

CVE-2013-1620

Summary

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.9.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.10.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.12.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.14.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*
cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*
cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:*
cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 21-12-2022 - 17:30)
Impact:
Exploitability:

CWE

CWE-203

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

redhat via4

advisories

bugzilla

id	986969
title	nssutil_ReadSecmodDB() leaks memory

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment nspr is earlier than 0:4.9.5-1.el5_9
oval oval:com.redhat.rhsa:tst:20131135001
comment nspr is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925002
AND
comment nspr-devel is earlier than 0:4.9.5-1.el5_9
oval oval:com.redhat.rhsa:tst:20131135003
comment nspr-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925004
AND
comment nss is earlier than 0:3.14.3-6.el5_9
oval oval:com.redhat.rhsa:tst:20131135005
comment nss is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925006
AND
comment nss-devel is earlier than 0:3.14.3-6.el5_9
oval oval:com.redhat.rhsa:tst:20131135007
comment nss-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925008

AND

comment nss-pkcs11-devel is earlier than 0:3.14.3-6.el5_9
oval oval:com.redhat.rhsa:tst:20131135009
comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925010

AND
comment nss-tools is earlier than 0:3.14.3-6.el5_9
oval oval:com.redhat.rhsa:tst:20131135011
comment nss-tools is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925012

rhsa

id	RHSA-2013:1135
released	2013-08-05
severity	Moderate
title	RHSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate)

bugzilla

id	985955
title	nss-softokn: missing partial RELRO [6.4.z]

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment nspr is earlier than 0:4.9.5-2.el6_4
oval oval:com.redhat.rhsa:tst:20131144001
comment nspr is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364002
AND
comment nspr-devel is earlier than 0:4.9.5-2.el6_4
oval oval:com.redhat.rhsa:tst:20131144003
comment nspr-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364004
AND
comment nss-softokn is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144005
comment nss-softokn is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364020

AND

comment nss-softokn-devel is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144007
comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364022

AND

comment nss-softokn-freebl is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144009
comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364024

AND

comment nss-softokn-freebl-devel is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144011
comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364026

AND
comment nss is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144013
comment nss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364006
AND
comment nss-devel is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144015
comment nss-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364008

AND

comment nss-pkcs11-devel is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144017
comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364010

AND
comment nss-sysinit is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144019
comment nss-sysinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364012
AND
comment nss-tools is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144021
comment nss-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364014
AND
comment nss-util is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144023
comment nss-util is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364016

AND

comment nss-util-devel is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144025
comment nss-util-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364018

rhsa

id	RHSA-2013:1144
released	2013-08-07
severity	Moderate
title	RHSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate)

rpms

nspr-0:4.9.5-1.el5_9
nspr-debuginfo-0:4.9.5-1.el5_9
nspr-devel-0:4.9.5-1.el5_9
nss-0:3.14.3-6.el5_9
nss-debuginfo-0:3.14.3-6.el5_9
nss-devel-0:3.14.3-6.el5_9
nss-pkcs11-devel-0:3.14.3-6.el5_9
nss-tools-0:3.14.3-6.el5_9
nspr-0:4.9.5-2.el6_4
nspr-debuginfo-0:4.9.5-2.el6_4
nspr-devel-0:4.9.5-2.el6_4
nss-0:3.14.3-4.el6_4
nss-debuginfo-0:3.14.3-4.el6_4
nss-devel-0:3.14.3-4.el6_4
nss-pkcs11-devel-0:3.14.3-4.el6_4
nss-softokn-0:3.14.3-3.el6_4
nss-softokn-debuginfo-0:3.14.3-3.el6_4
nss-softokn-devel-0:3.14.3-3.el6_4
nss-softokn-freebl-0:3.14.3-3.el6_4
nss-softokn-freebl-devel-0:3.14.3-3.el6_4
nss-sysinit-0:3.14.3-4.el6_4
nss-tools-0:3.14.3-4.el6_4
nss-util-0:3.14.3-3.el6_4
nss-util-debuginfo-0:3.14.3-3.el6_4
nss-util-devel-0:3.14.3-3.el6_4
rhev-hypervisor6-0:6.4-20130815.0.el6_4

refmap via4

bid	57777 64758
bugtraq	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.vmware.com/security/advisories/VMSA-2014-0012.html
fulldisc	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo	GLSA-201406-19
misc	http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
mlist	[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
suse	openSUSE-SU-2013:0630 openSUSE-SU-2013:0631
ubuntu	USN-1763-1

Last major update

21-12-2022 - 17:30

Published

08-02-2013 - 19:55

Last modified

21-12-2022 - 17:30