CVE-2013-1620 – nss: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1620
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal lateral ataques a una operación de comprobación de incumplimiento MAC durante el procesamiento de malformaciones relleno CBC, que permite a atacantes remotos para realizar ataques distintivos y los ataques de recuperación de texto plano-a través de análisis estadístico de datos de tiempo de los paquetes hechos a mano, una cuestión relacionada con CVE-2013-0169. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://openwall.com/lists/oss-security/2013/02/05/24 http://rhn.redhat.com/errata/RHSA-2013-1135.html http://rhn.redhat.com/errata/RHSA-2013-1144.html http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201406-19.xml http://www. • CWE-203: Observable Discrepancy •
CVE-2011-3559
https://notcve.org/view.php?id=CVE-2011-3559
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container. Vulnerabilidad no especificada en Oracle Communications Server v2.0, GlassFish Enterprise Server v2.1.1, v3.0.1, y v3.1.1, y Sun Java System App Server v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con Web Container. • http://osvdb.org/76476 http://secunia.com/advisories/46523 http://secunia.com/advisories/46524 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50204 http://www.securitytracker.com/id?1026222 https://exchange.xforce.ibmcloud.com/vulnerabilities/70816 •