Oval Definition:oval:org.mitre.oval:def:24405
Revision Date:2015-03-23Version:6
Title:Vulnerability in the TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products
Description:The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2013-0169
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Java Runtime Environment
Definition Synopsis
  • Determine if the version of Java Runtime Environment is less than 1.4.2:update_42 and is greater than or equal to 1.4.0
  • Determine if the version of Java Runtime Environment is less than 1.4.2:update_42
  • AND Java SE Runtime Environment 4 is installed
  • OR Determine if the version of Java Runtime Environment is less than or equal to 1.5.0:update_41 and is greater than or equal to 1.5.0
  • Determine if the version of Java Runtime Environment is less than 1.5.0:update_40
  • AND Java SE Runtime Environment 5 is installed
  • OR Determine if the version of Java Runtime Environment is less than or equal to 1.6.0:update_39 and is greater than or equal to 1.6.0
  • Determine if the version of Java Runtime Environment is less than 1.6.0:update_39
  • AND Java SE Runtime Environment 6 is installed
  • OR Determine if the version of Java Runtime Environment is less than or equal to 1.7.0:update_13 and is greater than or equal to 1.7.0
  • Determine if the version of Java Runtime Environment is less than 1.7.0:update_14
  • AND Java SE Runtime Environment 7 is installed
  • BACK