Executive Summary

Informations
Name CVE-2013-0169 First vendor Publication 2013-02-08
Vendor Cve Last vendor Modification 2019-10-09

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18302
 
Oval ID: oval:org.mitre.oval:def:18302
Title: USN-1732-1 -- openssl vulnerabilities
Description: Several security issues were fixed in OpenSSL.
Family: unix Class: patch
Reference(s): USN-1732-1
CVE-2012-2686
CVE-2013-0166
CVE-2013-0169
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18565
 
Oval ID: oval:org.mitre.oval:def:18565
Title: DSA-2621-1 openssl - several vulnerabilities
Description: Multiple vulnerabilities have been found in OpenSSL.
Family: unix Class: patch
Reference(s): DSA-2621-1
CVE-2013-0166
CVE-2013-0169
Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18841
 
Oval ID: oval:org.mitre.oval:def:18841
Title: HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19016
 
Oval ID: oval:org.mitre.oval:def:19016
Title: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d in VisualSVN Server (CVE-2013-0169)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19424
 
Oval ID: oval:org.mitre.oval:def:19424
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19428
 
Oval ID: oval:org.mitre.oval:def:19428
Title: HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19540
 
Oval ID: oval:org.mitre.oval:def:19540
Title: HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19608
 
Oval ID: oval:org.mitre.oval:def:19608
Title: Multiple OpenSSL vulnerabilities
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 5
Platform(s): IBM AIX 5.3
IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20786
 
Oval ID: oval:org.mitre.oval:def:20786
Title: VMware vSphere, ESX and ESXi updates to third party libraries
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: vulnerability
Reference(s): CVE-2013-0169
Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21079
 
Oval ID: oval:org.mitre.oval:def:21079
Title: RHSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): RHSA-2013:0587-01
CESA-2013:0587
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 45
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23489
 
Oval ID: oval:org.mitre.oval:def:23489
Title: DEPRECATED: ELSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0587-01
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 18
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23909
 
Oval ID: oval:org.mitre.oval:def:23909
Title: ELSA-2013:0587: openssl security update (Moderate)
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: unix Class: patch
Reference(s): ELSA-2013:0587-01
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
Version: 17
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24405
 
Oval ID: oval:org.mitre.oval:def:24405
Title: Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): Java Runtime Environment
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24938
 
Oval ID: oval:org.mitre.oval:def:24938
Title: OpenSSL vulnerability before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks
Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0169
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25236
 
Oval ID: oval:org.mitre.oval:def:25236
Title: SUSE-SU-2013:0701-2 -- Security update for java-1_6_0-ibm
Description: IBM Java 6 was updated to SR13 FP1, fixing bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0701-2
CVE-2013-0485
CVE-2013-0809
CVE-2013-1493
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 10
Product(s): java-1_6_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25811
 
Oval ID: oval:org.mitre.oval:def:25811
Title: SUSE-SU-2013:0701-1 -- Security update for java-1_7_0-ibm
Description: IBM Java 7 was updated to SR4-FP1, fixing bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0701-1
CVE-2013-0485
CVE-2013-0809
CVE-2013-1493
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): java-1_7_0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26214
 
Oval ID: oval:org.mitre.oval:def:26214
Title: SUSE-SU-2013:0328-1 -- Security update for Java
Description: java-1_6_0-openjdk has been updated to IcedTea 1.12.3 (bnc#804654) which contains security and bugfixes: * Security fixes o S8006446: Restrict MBeanServer access (CVE-2013-1486) o S8006777: Improve TLS handling of invalid messages Lucky 13 (CVE-2013-0169) o S8007688: Blacklist known bad certificate (issued by DigiCert) * Backports o S8007393: Possible race condition after JDK-6664509 o S8007611: logging behavior in applet changed * Bug fixes o PR1319: Support GIF lib v5.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0328-1
CVE-2013-1486
CVE-2013-0169
Version: 3
Platform(s): SUSE Linux Enterprise Desktop 11
Product(s): Java
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27551
 
Oval ID: oval:org.mitre.oval:def:27551
Title: DEPRECATED: ELSA-2013-0275 -- java-1.7.0-openjdk security update (important)
Description: [1.7.0.9-2.3.7.1.0.2.el6_3] - Increase release number and rebuild. [1.7.0.9-2.3.7.1.0.1.el6_3] - Update DISTRO_NAME in specfile [1.7.0.9-2.3.7.1.el6_3] - Updated main source tarball - Resolves: rhbz#911529 [1.7.0.9-2.3.7.0.el6_3] - Removed patch1000 sec-2013-02-01-8005615.patch - Removed patch1001 sec-2013-02-01-8005615-sync_with_jdk7u.patch - Removed patch1010 sec-2013-02-01-7201064.patch - Removed testing - mauve was outdated and - jtreg was icedtea relict - Updated to icedtea 2.3.7 - Added java -Xshare:dump to post (see 513605) fo jitarchs - Resolves: rhbz#911529
Family: unix Class: patch
Reference(s): ELSA-2013-0275
CVE-2013-1485
CVE-2013-1484
CVE-2013-1486
CVE-2013-0169
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): java-1.7.0-openjdk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27605
 
Oval ID: oval:org.mitre.oval:def:27605
Title: DEPRECATED: ELSA-2013-0587 -- openssl security update (moderate)
Description: [1.0.0-27.2] - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv() everywhere instead of getenv() (#839735)
Family: unix Class: patch
Reference(s): ELSA-2013-0587
CVE-2013-0166
CVE-2012-4929
CVE-2013-0169
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 317
Application 4
Application 22

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-10-17 IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0040786
2013-09-19 IAVM : 2013-A-0181 - Multiple Vulnerabilities in Junos Pulse Secure Access Service (IVE)
Severity : Category I - VMSKEY : V0040371
2013-09-19 IAVM : 2013-A-0180 - Multiple Vulnerabilities in Juniper Networks Junos Pulse Access Service Acces...
Severity : Category I - VMSKEY : V0040372
2013-09-19 IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373
2013-04-11 IAVM : 2013-A-0077 - Multiple Vulnerabilities in OpenSSL
Severity : Category I - VMSKEY : V0037605

Snort® IPS/IDS

Date Description
2014-01-10 SSLv3 plaintext recovery attempt
RuleID : 25828 - Revision : 4 - Type : SERVER-OTHER
2014-01-10 TLSv1.2 plaintext recovery attempt
RuleID : 25827 - Revision : 4 - Type : SERVER-OTHER
2014-01-10 TLSv1.1 plaintext recovery attempt
RuleID : 25826 - Revision : 4 - Type : SERVER-OTHER
2014-01-10 TLSv1.0 plaintext recovery attempt
RuleID : 25825 - Revision : 4 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2018-09-27 Name : The remote Debian host is missing a security update.
File : debian_DLA-1518.nasl - Type : ACT_GATHER_INFO
2016-11-21 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL93600123.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_esx_VMSA-2013-0009_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_gnutls_20130924.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_nss_20140809.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20130716.nasl - Type : ACT_GATHER_INFO
2015-01-13 Name : The remote host has a library installed that is affected by an information di...
File : tivoli_directory_svr_swg21638270.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0009.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0636.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0416.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL14190.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15630.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15637.nasl - Type : ACT_GATHER_INFO
2014-08-22 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO
2014-08-11 Name : The remote backup service is affected by multiple vulnerabilities.
File : ibm_tsm_server_5_5_x.nasl - Type : ACT_GATHER_INFO
2014-08-11 Name : The remote backup service is affected by multiple vulnerabilities.
File : ibm_tsm_server_6_1_x.nasl - Type : ACT_GATHER_INFO
2014-08-11 Name : The remote backup service is affected by multiple vulnerabilities.
File : ibm_tsm_server_6_2_6_0.nasl - Type : ACT_GATHER_INFO
2014-08-11 Name : The remote backup service is affected by an information disclosure vulnerabil...
File : ibm_tsm_server_6_3_4_200.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote mail server is affected by an information disclosure vulnerability.
File : ipswitch_imail_12_3.nasl - Type : ACT_GATHER_INFO
2014-06-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_101fp3a.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-153.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-154.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-164.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory3.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory5.nasl - Type : ACT_GATHER_INFO
2014-02-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201402-08.nasl - Type : ACT_GATHER_INFO
2014-01-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO
2014-01-20 Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_1483097_remote.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote database server is affected by multiple vulnerabilities.
File : db2_97fp9.nasl - Type : ACT_GATHER_INFO
2013-12-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201312-03.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_1311177_remote.nasl - Type : ACT_GATHER_INFO
2013-10-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-10.nasl - Type : ACT_GATHER_INFO
2013-10-16 Name : The remote database server is affected by multiple vulnerabilities.
File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO
2013-09-20 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO
2013-09-19 Name : The remote device is missing a vendor-supplied security patch.
File : junos_pulse_jsa10591.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-162.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-163.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-171.nasl - Type : ACT_GATHER_INFO
2013-08-23 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO
2013-08-02 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2013-0009.nasl - Type : ACT_GATHER_INFO
2013-07-23 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_5.nasl - Type : ACT_GATHER_INFO
2013-07-19 Name : The remote application server is potentially affected by multiple vulnerabili...
File : websphere_7_0_0_29.nasl - Type : ACT_GATHER_INFO
2013-07-16 Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10575.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-07-10 Name : The remote host has a library installed that is affected by an information di...
File : ibm_gskit_swg21638270.nasl - Type : ACT_GATHER_INFO
2013-06-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-0833.nasl - Type : ACT_GATHER_INFO
2013-06-06 Name : The remote web server contains an application that is affected by multiple vu...
File : splunk_503.nasl - Type : ACT_GATHER_INFO
2013-05-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0855.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0822.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0823.nasl - Type : ACT_GATHER_INFO
2013-05-10 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO
2013-05-10 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO
2013-04-30 Name : The remote host is affected by multiple vulnerabilities.
File : ibm_tem_8_2_1372.nasl - Type : ACT_GATHER_INFO
2013-04-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-130416.nasl - Type : ACT_GATHER_INFO
2013-04-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_6_0-ibm-8544.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-050.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-052.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO
2013-04-19 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_7_0-ibm-130415.nasl - Type : ACT_GATHER_INFO
2013-04-08 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_69bfc8529bd011e2a7be8c705af55518.nasl - Type : ACT_GATHER_INFO
2013-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2013-4403.nasl - Type : ACT_GATHER_INFO
2013-03-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-130325.nasl - Type : ACT_GATHER_INFO
2013-03-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-8517.nasl - Type : ACT_GATHER_INFO
2013-03-26 Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_4_55.nasl - Type : ACT_GATHER_INFO
2013-03-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1732-3.nasl - Type : ACT_GATHER_INFO
2013-03-08 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2793.nasl - Type : ACT_GATHER_INFO
2013-03-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0587.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130304_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2834.nasl - Type : ACT_GATHER_INFO
2013-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1732-2.nasl - Type : ACT_GATHER_INFO
2013-02-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-014.nasl - Type : ACT_GATHER_INFO
2013-02-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-openjdk-130221.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a programming platform that is potentially affe...
File : oracle_java_cpu_feb_2013_1_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1732-1.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1735-1.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Windows host contains a programming platform that is potentially a...
File : oracle_java_cpu_feb_2013_1.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0273.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0274.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0275.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0531.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0532.nasl - Type : ACT_GATHER_INFO
2013-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2621.nasl - Type : ACT_GATHER_INFO
2013-02-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2622.nasl - Type : ACT_GATHER_INFO
2013-02-13 Name : The remote service may be affected by an information disclosure vulnerability.
File : openssl_1_0_1e.nasl - Type : ACT_GATHER_INFO
2013-02-11 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-040-01.nasl - Type : ACT_GATHER_INFO
2013-02-09 Name : The remote host may be affected by multiple vulnerabilities.
File : openssl_0_9_8y.nasl - Type : ACT_GATHER_INFO
2013-02-09 Name : The remote host may be affected by multiple vulnerabilities.
File : openssl_1_0_0k.nasl - Type : ACT_GATHER_INFO
2013-02-09 Name : The remote host may be affected by multiple vulnerabilities.
File : openssl_1_0_1d.nasl - Type : ACT_GATHER_INFO
2013-02-07 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_00b0d8cd709711e298d9003067c2616f.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
BID http://www.securityfocus.com/bid/57778
CERT http://www.us-cert.gov/cas/techalerts/TA13-051A.html
CERT-VN http://www.kb.cert.org/vuls/id/737740
CONFIRM http://support.apple.com/kb/HT5880
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
http://www.matrixssl.org/news.html
http://www.openssl.org/news/secadv_20130204.txt
http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-190589...
http://www.splunk.com/view/SP-CAAAHXG
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
https://puppet.com/security/cve/cve-2013-0169
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr...
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
DEBIAN http://www.debian.org/security/2013/dsa-2621
http://www.debian.org/security/2013/dsa-2622
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
GENTOO http://security.gentoo.org/glsa/glsa-201406-32.xml
HP http://marc.info/?l=bugtraq&m=136396549913849&w=2
http://marc.info/?l=bugtraq&m=136432043316835&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=137545771702053&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
MISC http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-...
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
MLIST http://openwall.com/lists/oss-security/2013/02/05/24
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://rhn.redhat.com/errata/RHSA-2013-0587.html
http://rhn.redhat.com/errata/RHSA-2013-0782.html
http://rhn.redhat.com/errata/RHSA-2013-0783.html
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://rhn.redhat.com/errata/RHSA-2013-1456.html
SECTRACK http://www.securitytracker.com/id/1029190
SECUNIA http://secunia.com/advisories/53623
http://secunia.com/advisories/55108
http://secunia.com/advisories/55139
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SUSE http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
UBUNTU http://www.ubuntu.com/usn/USN-1735-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Date Informations
2020-05-24 01:10:07
  • Multiple Updates
2020-05-23 00:35:40
  • Multiple Updates
2019-10-10 05:19:28
  • Multiple Updates
2019-09-24 00:19:25
  • Multiple Updates
2019-07-11 12:05:05
  • Multiple Updates
2019-03-19 12:05:25
  • Multiple Updates
2018-09-26 17:19:28
  • Multiple Updates
2018-08-09 09:19:22
  • Multiple Updates
2017-12-09 09:22:19
  • Multiple Updates
2017-09-19 09:25:39
  • Multiple Updates
2016-12-03 09:23:53
  • Multiple Updates
2016-11-29 00:24:48
  • Multiple Updates
2016-11-22 13:25:14
  • Multiple Updates
2016-08-23 09:24:47
  • Multiple Updates
2016-04-26 22:38:51
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2015-12-17 13:26:25
  • Multiple Updates
2015-03-27 09:26:24
  • Multiple Updates
2015-01-21 13:25:59
  • Multiple Updates
2015-01-14 13:23:27
  • Multiple Updates
2014-12-23 13:26:15
  • Multiple Updates
2014-12-06 13:26:58
  • Multiple Updates
2014-11-27 13:28:11
  • Multiple Updates
2014-11-08 13:30:27
  • Multiple Updates
2014-10-11 13:26:16
  • Multiple Updates
2014-10-04 09:25:59
  • Multiple Updates
2014-08-23 13:27:37
  • Multiple Updates
2014-08-12 13:23:59
  • Multiple Updates
2014-07-15 13:25:42
  • Multiple Updates
2014-07-01 13:25:06
  • Multiple Updates
2014-06-14 13:34:10
  • Multiple Updates
2014-04-17 13:25:38
  • Multiple Updates
2014-03-18 13:22:22
  • Multiple Updates
2014-02-21 13:22:36
  • Multiple Updates
2014-02-17 11:15:19
  • Multiple Updates
2014-02-12 13:22:29
  • Multiple Updates
2014-01-28 13:19:15
  • Multiple Updates
2014-01-24 13:19:08
  • Multiple Updates
2014-01-19 21:29:06
  • Multiple Updates
2014-01-17 13:19:25
  • Multiple Updates
2013-12-05 17:19:24
  • Multiple Updates
2013-11-11 12:40:09
  • Multiple Updates
2013-11-04 21:24:44
  • Multiple Updates
2013-10-31 13:19:39
  • Multiple Updates
2013-10-24 13:22:08
  • Multiple Updates
2013-10-11 13:25:08
  • Multiple Updates
2013-09-18 13:19:38
  • Multiple Updates
2013-09-12 13:20:00
  • Multiple Updates
2013-08-23 13:19:08
  • Multiple Updates
2013-06-05 13:19:50
  • Multiple Updates
2013-05-10 22:27:56
  • Multiple Updates
2013-04-03 13:19:24
  • Multiple Updates
2013-03-08 13:19:25
  • Multiple Updates
2013-02-22 13:22:23
  • Multiple Updates
2013-02-11 21:20:33
  • Multiple Updates
2013-02-09 00:23:37
  • First insertion