Unrated severityNVD Advisory· Published Feb 8, 2013· Updated Apr 29, 2026

CVE-2013-1620

Description

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected products

Mozilla Corporation/Network Security Services
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
Range: <3.14.3
Canonical (company)/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Oracle Corporation/Enterprise Manager Ops Center3 versions
cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:oracle:enterprise_manager_ops_center:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2:*:*:*:*:*:*:*
Oracle Corporation/Glassfish Communications Server
cpe:2.3:a:oracle:glassfish_communications_server:2.0:*:*:*:*:*:*:*
Oracle Corporation/Glassfish Server
cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*
Oracle Corporation/Iplanet Web Proxy Server
cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*
Oracle Corporation/Iplanet Web Server2 versions
cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:iplanet_web_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*
Oracle Corporation/Opensso
cpe:2.3:a:oracle:opensso:3.0-03:*:*:*:*:*:*:*
Oracle Corporation/Traffic Director2 versions
cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:traffic_director:11.1.1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*
Oracle Corporation/Vm Server
cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server2 versions
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation2 versions
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kb.juniper.net/InfoCenter/indexnvdThird Party Advisory
openwall.com/lists/oss-security/2013/02/05/24nvdMailing ListThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1135.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2013-1144.htmlnvdThird Party Advisory
seclists.org/fulldisclosure/2014/Dec/23nvdMailing ListThird Party Advisory
security.gentoo.org/glsa/glsa-201406-19.xmlnvdThird Party Advisory
www.isg.rhul.ac.uk/tls/TLStiming.pdfnvdTechnical DescriptionThird Party Advisory
www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/cpujan2014-1972949.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvdThird Party Advisory
www.securityfocus.com/archive/1/534161/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/57777nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/64758nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-1763-1nvdThird Party Advisory
www.vmware.com/security/advisories/VMSA-2014-0012.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.htmlnvdBroken Link
lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.htmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000