- Home
- CVEs with nessus.description==The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :
- The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0
and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and
other products, do not properly consider timing side-
channel attacks on a MAC check requirement during the
processing of malformed CBC padding, which allows
remote attackers to conduct distinguishing attacks and
plaintext-recovery attacks via statistical analysis of
timing data for crafted packets, aka the 'Lucky
Thirteen' issue. (CVE-2013-0169)
- OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1
before 1.0.1d does not properly perform signature
verification for OCSP responses, which allows remote
attackers to cause a denial of service (NULL pointer
dereference and application crash) via an invalid key.
(CVE-2013-0166)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top