CVE-2013-0169

{"id": "CVE-2013-0169", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-08T19:55:01.030", "references": [{"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2013/02/05/24", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/53623", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/55108", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/55139", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/55322", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/55350", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/55351", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://support.apple.com/kb/HT5880", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2013/dsa-2621", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2013/dsa-2622", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.kb.cert.org/vuls/id/737740", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.matrixssl.org/news.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openssl.org/news/secadv_20130204.txt", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/57778", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1029190", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.splunk.com/view/SP-CAAAHXG", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1735-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert@redhat.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841", "tags": ["Tool Signature"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016", "tags": ["Tool Signature"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424", "tags": ["Tool Signature"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540", "tags": ["Tool Signature"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://puppet.com/security/cve/cve-2013-0169", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=136396549913849&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=136432043316835&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=137545771702053&w=2", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://openwall.com/lists/oss-security/2013/02/05/24", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0782.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0783.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/53623", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55108", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55139", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55322", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55350", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55351", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT5880", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2013/dsa-2621", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2013/dsa-2622", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/737740", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.matrixssl.org/news.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openssl.org/news/secadv_20130204.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/57778", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1029190", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.splunk.com/view/SP-CAAAHXG", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-1735-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA13-051A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841", "tags": ["Tool Signature"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016", "tags": ["Tool Signature"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424", "tags": ["Tool Signature"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540", "tags": ["Tool Signature"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://puppet.com/security/cve/cve-2013-0169", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue."}, {"lang": "es", "value": "El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se utiliza en OpenSSL, OpenJDK, PolarSSL, y otros productos, no considera adecuadamente ataques a un requisito de verificaci\u00f3n MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperaci\u00f3n de texto plano trav\u00e9s del an\u00e1lisis estad\u00edstico de los datos de tiempo de los paquetes hechos a mano, tambi\u00e9n conocido como el \"Lucky Thirteen\" de emisi\u00f3n."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C2F01ED-AB65-4006-AE2A-E9F73791D436", "versionEndIncluding": "0.9.8x", "versionStartIncluding": "0.9.8"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "581DC050-33FB-408D-AB43-D3D796BCBBDE", "versionEndIncluding": "1.0.0j", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02E6874F-3469-4173-92DE-1E90F0B241FB", "versionEndIncluding": "1.0.1d", "versionStartIncluding": "1.0.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C58642D-8504-4D3B-A411-96B83CFCD05D"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "603BED29-3B3F-49AD-A518-E68B40AE8484"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F03670F-559C-433D-8AE8-A3C16F05E1D8"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A294535-7190-4C33-910D-0520F575D800"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52A6300A-98F2-4E5A-909E-895A6C5B1D04"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2280FB93-81A0-4BF4-AD7E-C9EAD277B379"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E42E405-91ED-4F41-A2EE-CECB27EB4951"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11BCE518-1A35-44DE-9B40-B89E7637F830"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D0BB1F-FA76-4185-ACD4-587DFB24CFF7"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D27FDDD5-083F-4A83-836F-BDCEB94894FA"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30BF0C2F-BF35-41B8-BC6A-F2DACE6A9A32"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE05CDF7-1C43-46BF-9A7E-56B31BC1C837"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A520D505-7BDC-4E82-8A43-7C50AEE2B222"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ADF3C32-6663-4003-B7D6-CE3D02AFF45E"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F15C4440-6283-433E-998E-856DA7ED4DB5"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C729FF50-6E41-4CEB-888A-E0FBD69B7897"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB0AB341-46CE-4851-899A-B09C81A9792E"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68EF7AC1-0179-4E10-89DD-5DA33682B3F8"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "243726CF-F79A-4487-8807-FFA0AC86760B"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DECF6EC-B787-4CBA-936C-527864B504DB"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C70C7D7-4E28-49D9-A007-EB186E85E5B6"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99B2B1A1-C3E5-4A32-8F5A-4BA8664E7537"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F57C81C-446F-462C-BB64-65F87D1AA28F"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CFFA025-08DC-4AEF-AAE3-B20ECCB0946E"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACBA03CE-2EF2-4C51-B796-54C65C3CFBCD"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "085241E5-F958-43DD-AB0A-35EAF6954CB7"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20CD7414-1D66-4311-90FB-5D53C0C22D82"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DCB646B-3F17-427D-AE89-039FCA1F6D7D"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA2AB84A-05D5-4091-B225-7762A73D45BD"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A5A15F9-5047-4BB9-9B3E-A00998B6E7C3"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11A0378E-0D41-4FE0-8DAF-A01B66D814DE"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "942C51A3-87AC-4DB5-BAB9-3771A19C472A"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C34819D3-615F-4CEE-BEAA-CE48BC2E53BC"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D97A141E-5FC0-4B79-ABAA-82F6DE857625"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D32EAE02-B313-47AC-A1A3-BBF58A692E02"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81EA5E3B-7EA9-45A4-9B69-2DD96471A731"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27DED59D-C293-4D36-B194-B1645CD798C0"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC3ADCB9-C4B7-4D30-932B-415C317870F2"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06FB52F8-8702-4795-BA47-28A1D007952F"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FDD48A5-9956-4AE6-9899-40D0830719FF"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "875DAD00-C396-4F45-8C39-843686D5C3DA"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F45FA1E6-D848-482B-BB3F-5B02E837EE60"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94A59C56-6A9B-4630-ACBD-45359451120D"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "795C1133-BF5E-4B07-A448-13EFAFEED9B8"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF20B7CE-1CD3-4D1E-9C5F-E9594A5135D9"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3206CF31-0EF2-4351-A077-1F8935965492"}, {"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2E1A163-7376-41C9-A0FF-C8C3B192B73A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "131EF818-747C-47F0-A69B-7F55CCA93F9B"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B86C938F-CE5E-4955-8702-ABE9B635E337"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8DC2818-EBB5-4A14-9468-57737B04F5A7"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0D9D498-444E-4E92-B2A1-C8D72FA59F50"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8"}, {"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5"}], "operator": "OR"}]}], "evaluatorComment": "Per http://www.openssl.org/news/vulnerabilities.html:\nFixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) \nFixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) \nFixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)\n\nAffected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y\n(The fix in 1.0.1d wasn't complete, so please use 1.0.1e or later)", "sourceIdentifier": "secalert@redhat.com"}