CVE-2013-0169

LOW

Description

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

ID	Name	Product	Family	Severity
117711	Debian DLA-1518-1 : polarssl security update	Nessus	Debian Local Security Checks	medium
94986	F5 Networks BIG-IP : OpenSSL vulnerability (K93600123)	Nessus	F5 Networks Local Security Checks	low
89666	VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0009) (remote check)	Nessus	Misc.	medium
89651	openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)	Nessus	SuSE Local Security Checks	critical
80719	Oracle Solaris Third-Party Patch Update : openssl (lucky_thirteen_vulnerability_in_solaris)	Nessus	Solaris Local Security Checks	medium
80481	IBM Tivoli Directory Server < 6.0.0.72 / 6.1.0.55 / 6.2.0.30 / 6.3.0.22 with GSKit < 7.0.4.45 / 8.0.14.27 TLS Side-Channel Timing Information Disclosure	Nessus	Windows	medium
80197	Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)	Nessus	Junos Local Security Checks	high
79738	SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)	Nessus	SuSE Local Security Checks	medium
79532	OracleVM 3.2 : onpenssl (OVMSA-2014-0008)	Nessus	OracleVM Local Security Checks	critical
79531	OracleVM 2.2 : openssl (OVMSA-2014-0007)	Nessus	OracleVM Local Security Checks	critical
79013	RHEL 6 : rhevm-spice-client (RHSA-2014:0416)	Nessus	Red Hat Local Security Checks	high
78976	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1456) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78975	RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2013:1455) (BEAST) (ROBOT)	Nessus	Red Hat Local Security Checks	critical
78952	RHEL 6 : rhev-hypervisor6 (RHSA-2013:0636)	Nessus	Red Hat Local Security Checks	high
78199	F5 Networks BIG-IP : GnuTLS vulnerability (SOL15637)	Nessus	F5 Networks Local Security Checks	medium
78198	F5 Networks BIG-IP : TLS in Mozilla NSS vulnerability (K15630)	Nessus	F5 Networks Local Security Checks	medium
78142	F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190)	Nessus	F5 Networks Local Security Checks	low
77326	Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)	Nessus	Misc.	critical
77120	IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure	Nessus	General	low
77118	IBM Tivoli Storage Manager Server 6.2.x < 6.2.6.0 Multiple Vulnerabilities	Nessus	General	medium
77117	IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities	Nessus	General	medium
77116	IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities	Nessus	General	medium
76489	Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure	Nessus	Misc.	low
76303	GLSA-201406-32 : IcedTea JDK: Multiple vulnerabilities (BEAST) (ROBOT)	Nessus	Gentoo Local Security Checks	critical
76110	IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities	Nessus	Databases	high
74906	openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0375-1)	Nessus	SuSE Local Security Checks	critical
74902	openSUSE Security Update : openssl (openSUSE-SU-2013:0337-1)	Nessus	SuSE Local Security Checks	medium
74901	openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)	Nessus	SuSE Local Security Checks	high
73563	AIX OpenSSL Advisory : openssl_advisory5.asc	Nessus	AIX Local Security Checks	medium
72139	GLSA-201401-30 : Oracle JRE/JDK: Multiple vulnerabilities (ROBOT)	Nessus	Gentoo Local Security Checks	critical
72037	ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)	Nessus	Misc.	high
71169	GLSA-201312-03 : OpenSSL: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
70879	ESXi 5.0 < Build 1311175 Multiple Vulnerabilities (remote check)	Nessus	Misc.	high
70486	GLSA-201310-10 : PolarSSL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
70460	Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST)	Nessus	Databases	medium
70022	IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities	Nessus	Web Servers	medium
69987	Junos Pulse Secure IVE / UAC OS Multiple SSL Vulnerabilities	Nessus	Misc.	high
8008	Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)	Nessus Network Monitor	Web Clients	critical
69878	Mac OS X Multiple Vulnerabilities (Security Update 2013-004)	Nessus	MacOS X Local Security Checks	critical
69877	Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
69730	Amazon Linux AMI : openssl (ALAS-2013-171)	Nessus	Amazon Linux Local Security Checks	medium
69722	Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-163)	Nessus	Amazon Linux Local Security Checks	critical
69721	Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-162)	Nessus	Amazon Linux Local Security Checks	critical
69449	IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities	Nessus	Web Servers	medium
69193	VMSA-2013-0009 : VMware vSphere, ESX and ESXi updates to third-party libraries	Nessus	VMware ESX Local Security Checks	medium
69021	IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities	Nessus	Web Servers	critical
68982	IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities	Nessus	Web Servers	critical
68908	Juniper Junos OpenSSL Multiple Vulnerabilities (JSA10575)	Nessus	Junos Local Security Checks	medium
68768	Oracle Linux 5 / 6 : openssl (ELSA-2013-0587)	Nessus	Oracle Linux Local Security Checks	medium
68736	Oracle Linux 5 / 6 : java-1.7.0-openjdk (ELSA-2013-0275)	Nessus	Oracle Linux Local Security Checks	critical
68735	Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0274)	Nessus	Oracle Linux Local Security Checks	critical
68734	Oracle Linux 6 : java-1.6.0-openjdk (ELSA-2013-0273)	Nessus	Oracle Linux Local Security Checks	critical
67231	IBM GSKit 7.x < 7.0.4.45 / 8.0.14.x < 8.0.14.27 TLS Side-Channel Timing Information Disclosure	Nessus	General	low
66971	JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833)	Nessus	Red Hat Local Security Checks	high
6868	OpenSSL < 0.9.8y / 1.0.1d / 1.0.0k Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium
66835	Splunk 5.0.x < 5.0.3 Multiple Vulnerabilities	Nessus	CGI abuses	medium
66550	RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2013:0855)	Nessus	Red Hat Local Security Checks	critical
66440	RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:0823)	Nessus	Red Hat Local Security Checks	critical
66439	RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:0822)	Nessus	Red Hat Local Security Checks	critical
66375	IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities	Nessus	Web Servers	medium
66374	IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities	Nessus	Web Servers	medium
66270	IBM Tivoli Endpoint Manager Server < 8.2.1372 Multiple Vulnerabilities	Nessus	CGI abuses	medium
66198	SuSE 10 Security Update : java-1_6_0-ibm (ZYPP Patch Number 8544)	Nessus	SuSE Local Security Checks	critical
66194	SuSE 11.2 Security Update : IBM Java (SAT Patch Number 7627)	Nessus	SuSE Local Security Checks	critical
66107	Mandriva Linux Security Advisory : java-1.7.0-openjdk (MDVSA-2013:095)	Nessus	Mandriva Local Security Checks	critical
66066	Mandriva Linux Security Advisory : openssl (MDVSA-2013:052)	Nessus	Mandriva Local Security Checks	medium
66031	SuSE 11.2 Security Update : java-1_7_0-ibm (SAT Patch Number 7623)	Nessus	SuSE Local Security Checks	critical
65842	FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (69bfc852-9bd0-11e2-a7be-8c705af55518)	Nessus	FreeBSD Local Security Checks	medium
65776	Fedora 18 : mingw-openssl-1.0.1e-1.fc18 (2013-4403)	Nessus	Fedora Local Security Checks	low
65719	SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 8517)	Nessus	SuSE Local Security Checks	medium
65718	SuSE 11.2 Security Update : OpenSSL (SAT Patch Number 7548)	Nessus	SuSE Local Security Checks	medium
65690	stunnel 4.21 - 4.54 Multiple Vulnerabilities	Nessus	Windows	high
65684	Ubuntu 12.04 LTS / 12.10 : openssl vulnerability (USN-1732-3)	Nessus	Ubuntu Local Security Checks	medium
65081	Fedora 17 : openssl-1.0.0k-1.fc17 (2013-2793)	Nessus	Fedora Local Security Checks	medium
65061	CentOS 5 / 6 : openssl (CESA-2013:0587)	Nessus	CentOS Local Security Checks	medium
65022	Scientific Linux Security Update : openssl on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
65004	RHEL 5 / 6 : openssl (RHSA-2013:0587)	Nessus	Red Hat Local Security Checks	medium
64982	Fedora 18 : openssl-1.0.1e-3.fc18 (2013-2834)	Nessus	Fedora Local Security Checks	medium
64968	Ubuntu 12.04 LTS / 12.10 : openssl regression (USN-1732-2)	Nessus	Ubuntu Local Security Checks	medium
64896	CentOS 5 : java-1.6.0-openjdk (CESA-2013:0274)	Nessus	CentOS Local Security Checks	critical
64863	SuSE 11.2 Security Update : Java (SAT Patch Number 7385)	Nessus	SuSE Local Security Checks	critical
64861	Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2013:014)	Nessus	Mandriva Local Security Checks	critical
64851	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1) (Unix)	Nessus	Misc.	critical
64801	Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openjdk-6, openjdk-7 vulnerabilities (USN-1735-1)	Nessus	Ubuntu Local Security Checks	critical
64798	Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : openssl vulnerabilities (USN-1732-1)	Nessus	Ubuntu Local Security Checks	medium
64790	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1)	Nessus	Windows	critical
64775	RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0532)	Nessus	Red Hat Local Security Checks	critical
64774	RHEL 5 / 6 : java-1.6.0-sun (RHSA-2013:0531)	Nessus	Red Hat Local Security Checks	critical
64748	RHEL 5 / 6 : java-1.7.0-openjdk (RHSA-2013:0275)	Nessus	Red Hat Local Security Checks	critical
64747	RHEL 5 : java-1.6.0-openjdk (RHSA-2013:0274)	Nessus	Red Hat Local Security Checks	critical
64746	RHEL 6 : java-1.6.0-openjdk (RHSA-2013:0273)	Nessus	Red Hat Local Security Checks	critical
64731	CentOS 5 / 6 : java-1.7.0-openjdk (CESA-2013:0275)	Nessus	CentOS Local Security Checks	critical
64730	CentOS 6 : java-1.6.0-openjdk (CESA-2013:0273)	Nessus	CentOS Local Security Checks	critical
64624	Debian DSA-2622-1 : polarssl - several vulnerabilities	Nessus	Debian Local Security Checks	medium
64623	Debian DSA-2621-1 : openssl - several vulnerabilities	Nessus	Debian Local Security Checks	medium
64620	OpenSSL 1.0.1 < 1.0.1e Information Disclosure	Nessus	Web Servers	low
64535	Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : openssl (SSA:2013-040-01)	Nessus	Slackware Local Security Checks	medium
64534	OpenSSL 1.0.1 < 1.0.1d Multiple Vulnerabilities	Nessus	Web Servers	medium
64533	OpenSSL 1.0.0 < 1.0.0k Multiple Vulnerabilities	Nessus	Web Servers	medium
64532	OpenSSL < 0.9.8y Multiple Vulnerabilities	Nessus	Web Servers	medium
64488	FreeBSD : OpenSSL -- TLS 1.1, 1.2 denial of service (00b0d8cd-7097-11e2-98d9-003067c2616f)	Nessus	FreeBSD Local Security Checks	medium
6699	Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1)	Nessus Network Monitor	Web Clients	critical

CVE-2013-0169

Description

References

Details

Risk Information

CVSS v2.0