Attacker Value
Unknown
CVE-2013-1620
Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown
General Information
Vendors
Products
- enterprise linux desktop 5.0,
- enterprise linux desktop 6.0,
- enterprise linux eus 5.9,
- enterprise linux server 5.0,
- enterprise linux server 6.0,
- enterprise linux server aus 5.9,
- enterprise linux workstation 5.0,
- enterprise linux workstation 6.0,
- enterprise manager ops center 11.1,
- enterprise manager ops center 12.1,
- enterprise manager ops center 12.2,
- glassfish communications server 2.0,
- glassfish server 2.1.1,
- iplanet web proxy server 4.0,
- iplanet web server 6.1,
- iplanet web server 7.0,
- network security services,
- opensso 3.0-03,
- traffic director 11.1.1.6.0,
- traffic director 11.1.1.7.0,
- ubuntu linux 10.04,
- ubuntu linux 11.10,
- ubuntu linux 12.04,
- ubuntu linux 12.10,
- vm server 3.2
References
Advisory
Miscellaneous
